Synchronize ssvnc 1.0.26. Improvements to perl scripts desktop.cgi, connect_switch and inet6to4.

13 files changed, 3033 insertions, 1121 deletions

diff --git a/x11vnc/misc/connect_switch b/x11vnc/misc/connect_switch
index 212157f..a25610d 100755
--- a/x11vnc/misc/connect_switch
+++ b/x11vnc/misc/connect_switch
@@ -211,6 +211,7 @@ if (exists $ENV{CONNECT_SWITCH_PIDFILE}) {
 #	CONNECT_SWITCH_BUFSIZE
 #	CONNECT_SWITCH_LOGFILE
 #	CONNECT_SWITCH_PIDFILE
+#	CONNECT_SWITCH_MAX_CONNECTIONS
 #
 # You can also set these on the cmdline:
 #      connect_switch CONNECT_SWITCH_LISTEN=X CONNECT_SWITCH_ALLOW_FILE=Y ...
@@ -335,6 +336,13 @@ if (exists $ENV{CONNECT_SWITCH_VERBOSE}) {
 	$verbose = $ENV{CONNECT_SWITCH_VERBOSE};
 }
 
+# zero means loop forever, positive value means exit after handling that
+# many connections.
+#
+my $cmax = 0;
+if (exists $ENV{CONNECT_SWITCH_MAX_CONNECTIONS}) {
+	$cmax = $ENV{CONNECT_SWITCH_MAX_CONNECTIONS};
+}
 
 
 #===========================================================================
@@ -384,6 +392,10 @@ my $conn = 0;
 
 while (1) {
 	$conn++;
+	if ($cmax > 0 && $conn > $cmax) {
+		print STDERR "last connection ($cmax)\n" if $verbose; 
+		last;
+	}
 	print STDERR "listening for connection: $conn\n" if $verbose; 
 	my ($client, $ip) = $listen_sock->accept();
 	if (! $client) {
diff --git a/x11vnc/misc/desktop.cgi b/x11vnc/misc/desktop.cgi
index c2f9cc9..f656146 100755
--- a/x11vnc/misc/desktop.cgi
+++ b/x11vnc/misc/desktop.cgi
@@ -1,37 +1,188 @@
 #!/usr/bin/perl
 #
-# desktop.cgi
+##########################################################################
+# desktop.cgi:
+#
+# This is an example CGI script to provide multi-user web access to
+# x11vnc desktops.  The user desktop sessions run in 'Xvfb' displays
+# that are created automatically.
+#
+# This script should/must be served by an HTTPS (i.e. SSL) webserver,
+# otherwise the unix and vnc passwords would be sent over the network
+# unencrypted (see below to disable if you really want to.)
+#
+# The Java VNC Viewer applet connections are encrypted by SSL as well.
+#
+# You can use this script to provide unix users desktops available on
+# demand via any Java enabled web browser.  One could also use this for
+# a special-purpose 'single application' service running in a minimal
+# window manager.
+#
+# One example of a special-purpose application would be a scientific
+# data visualization tool running on a server where the data is housed.
+# To do this set $x11vnc_extra_opts = '-env FD_PROG=/path/to/app/launcher'
+# where the program launches your special purpose application.  A very
+# simple example:  '-env FD_PROG=/usr/bin/xclock'
+# 
+#
+# Depending on where you place this script, the user accesses the service
+# with the URL:
+#
+#     https://your.webserver.net/cgi-bin/desktop.cgi
+#
+# Then they login with their unix username and password to get their
+# own desktop session.
+#
+# If the user has an existing desktop it is connected to directly,
+# otherwise a new session is created inside an Xvfb display and then
+# connected to by VNC.
+#
+# It is possible to do port redirection to other machines running SSL
+# enabled VNC servers (see below.)  This script does not start the VNC
+# servers on the other machines, although with some extra rigging you
+# should be able to do that as well.
+#
+# You can customize the login procedure to whatever you want by modifying
+# this script, or by using ideas in this script write your own PHP,
+# (for example), script.
+#
+##########################################################################
+# Overriding default settings:
+#
+# If you want to override any settings in this script and do not
+# want to edit this script create the assignments in a file named
+# 'desktop.cgi.conf' in the same directory as desktop.cgi.  It will be
+# sourced after the defaults are set.  The format of desktop.cgi.conf
+# is simply perl statements that make the assignments.
+#
+# For example, if you put something like this in desktop.cgi.conf:
+#
+#	$x11vnc = '/usr/local/bin/x11vnc';
+#
+# that will set the path to the x11vnc binary to that location.  Look at
+# the settings below for the other variables that you can modify, for
+# example one could set $allowed_users_file.
+#
+##########################################################################
+# x11vnc:
 #
-# An example cgi script to provide multi-user web access to x11vnc
-# desktops.  This script should/must be served by an HTTPS webserver,
-# otherwise the unix and vnc passwords are sent over the network
-# unencrypted (see below to disable)
+# You need to install x11vnc or otherwise have it available.  It is
+# REQUIRED that you use x11vnc 0.9.10 or later.  It won't work with
+# earlier versions.  See below the $x11vnc parameter that you can set
+# to the full path to x11vnc.
+#
+##########################################################################
+# Xvfb:
 #
 # Note that the x11vnc -create virtual desktop service used below requires
-# that you install the 'Xvfb' program.
+# that you install the 'Xvfb' program.  On debian this is currently done
+# via 'apt-get install xvfb'.
+#
+# If you are having trouble getting 'x11vnc -create' to work with this
+# script (it can be tricky), try it manually and/or see the x11vnc FAQ
+# links below.
+#
+##########################################################################
+# Apache httpd:
+#
+# You should put this script in, say, a cgi-bin directory.  Enable cgi
+# scripts in your apache (or other httpd) config.  For example, we have
+# these lines (not commented):
+#
+# In httpd.conf:
 #
-# You should put this script in, say, a cgi-bin directory.
+#	ScriptAlias /cgi-bin/ "/dist/apache/2.0/cgi-bin/"
+#
+#	<Directory "/dist/apache/2.0/cgi-bin">
+#	    AllowOverride None
+#	    Options None     
+#	    Order allow,deny
+#	    Allow from all 
+#	</Directory>
+#
+# and in ssl.conf:
+#
+#	<Directory "/dist/apache/2.0/cgi-bin">
+#	    SSLOptions +StdEnvVars
+#	</Directory>
+#
+# Do not be confused by the non-standard /dist/apache/2.0 apache
+# installation location that we happen to use.  Yours will be different.
+#
+# You can test that you have CGI scripts working properly with the 
+# 'test-cgi' and 'printenv' scripts apache provides.
+#
+# Copy this file (desktop.cgi) to /dist/apache/2.0/cgi-bin and then run
+# 'chmod 755 ...' on it to make it executable.
+#
+##########################################################################
+# Applet Jar files served by apache:
 #
 # You will *also* need to copy the x11vnc classes/ssl/UltraViewerSSL.jar
-# file to the document root: /UltraViewerSSL.jar (or change the html
-# at bottom.)
+# file to the httpd DocumentRoot to be accessible by: /UltraViewerSSL.jar
+# in a URL (or change $applet_jar below or the html in $applet_html if
+# you want to use a different location.)
+#
+# This location is relative to the apache DocumentRoot 'htdocs' directory.
+# For our (non-standard location installation) that meant we copied the
+# file to:
+#
+#    /dist/apache/2.0/htdocs/UltraViewerSSL.jar
+#
+# (your DocumentRoot directory will be different.) 
+#
+# The VncViewer.jar (tightvnc) will also work, but you need to change
+# the $applet_jar below.  You can get these jar files from the x11vnc
+# tarball from:
+#
+#    http://www.karlrunge.com/x11vnc/#downloading
+#
+# This script requires x11vnc 0.9.10 or later.
 #
-# Each x11vnc server created for a login will listen on its own port (see
-# below for port selection schemes.)  Your firewall must let in these ports.
-# It is difficult and not as reliable to do all of this through a single port;
-# however, see the fixed port scheme find_free_port = 'fixed:5900' below.
+# Note that the usage mode for this script is a different from regular
+# 'x11vnc -http ...' usage where x11vnc acts as a mini web server and
+# serves its own applet jars.  We don't use that mode for this script.
+# Apache (httpd) serves the jars.
 #
-# Note there are two SSL certificates involved that the user may be
+#
+##########################################################################
+# Notes and Information:
+#
+# Each x11vnc server created for a user login will listen on its own port
+# (see below for port selection schemes.)  Your firewall must let in *ALL*
+# of these ports (e.g. a port range, see below for the syntax.)
+#
+# It is also possible, although not as reliable, to do all of this through
+# a single port, see the fixed port scheme $find_free_port = 'fixed:5910'
+# below.  This single port mode must be different from apache's port
+# (usually 443 for https) and must also be allowed in by your firewall.
+#
+# Note: The fixed port scheme is DISABLED by default.
+#
+# It is also possible to have this script act as a vnc redirector to SSL
+# enabled VNC servers running on *other* machines inside your firewall
+# (presumably the users' desktops) See the $enable_port_redirection
+# setting below.  The user provides 'username@host:port' instead of just
+# 'username' when she logs in.  This script doesn't start VNC servers
+# on those other machines, the servers must be running there already.
+# (If you want this script to start them you will need to add it
+# yourself.)  It is possible to provide a host:port allow list to limit
+# which internal machines and ports can be redirected to.  This is the
+# $port_redirection_allowed_hosts parameter.
+#
+# Note: The vnc redirector scheme is DISABLED by default.
+#
+# Note there are *two* SSL certificates involved that the user may be
 # asked to inspect: apache's SSL cert and x11vnc's SSL cert.  This may
-# confuse the user.
+# confuse naive users.  You may want to use the same cert for both.
 #
 # This script provides one example on how to provide the service.  You can
-# customize to meet your needs, e.g. switch to php, newer modules,
-# different authentication, SQL database, etc.  If you plan to use it
-# in production, please examine all security aspects of it carefully;
-# read the comments in the script for more info.
+# customize it to meet your needs, e.g. switch to php, newer cgi modules,
+# different authentication, SQL database for user authentication, etc,
+# etc.  If you plan to use it in production, please examine all security
+# aspects of it carefully; read the comments in the script for more info.
 #
-# More information and background:
+# More information and background and troubleshooting:
 #
 #      http://www.karlrunge.com/x11vnc/faq.html#faq-xvfb
 #      http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-tunnel-viewers
@@ -39,6 +190,10 @@
 #      http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-portal
 #      http://www.karlrunge.com/x11vnc/faq.html#faq-unix-passwords
 #      http://www.karlrunge.com/x11vnc/faq.html#faq-userlogin
+#
+#
+# Please also read the comments below for changing specific settings.
+# You can modify them in this script or by override file 'desktop.cgi.conf'
 
 
 #-------------------------------------------------------------------------
@@ -64,31 +219,58 @@ use strict;
 use IO::Socket::INET;
 
 
+##########################################################################
+# Path to the x11vnc program:
+#
+my $x11vnc = '/usr/bin/x11vnc';
+
+
+##########################################################################
+# You can set some extra x11vnc cmdline options here:
+#
+my $x11vnc_extra_opts = '';
+
+
+##########################################################################
+# Override the default x11vnc viewer connection timeout of 75 seconds:
+#
+my $x11vnc_timeout = '';
+
+
+##########################################################################
 # TCP Ports:
 #
 # Set find_free_port to 1 (or the other modes described below) to
-# autoselect a free port to use.  The default is to use a fixed port
-# based on the userid.
+# autoselect a free port to use.  The default is to use a port based on
+# the userid number (7000 + uid).
 #
 my $find_free_port = 0;
-#
+
 # Or specify a port range:
 #
 #$find_free_port = '7000-8000';
 #
 # Or indicate to use a kludge to try to do everything through a SINGLE
 # port.  To try to avoid contention on the port, simultaneous instances
-# of this script attempt to 'take turns' using it.
+# of this script attempt to 'take turns' using it the single port.
+#
+#$find_free_port = 'fixed:5910';
+
+# This is the starting port for 7000 + uid and also $find_free_port = 1
+# autoselection:
 #
-#$find_free_port = 'fixed:5900';
+my $starting_port = 7000;
 
 
+##########################################################################
 # Port redirection mode:
 #
-# This is to allow port redirection mode: username@host:port If username
-# is valid, there will be a port redirection to internal machine
+# This is to enable port redirection mode: username@host:port. If
+# username is valid, there will be a port redirection to internal machine
 # host:port.  Presumably there is already an SSL enabled and password
-# protected VNC server running there.  We don't start that server.
+# protected VNC server running there.  We don't start that VNC server.
+# (You might be able to figure out a way to do this yourself.)
+#
 # See the next setting for an allowed hosts file.  The default for port
 # redirection is off.
 #
@@ -108,23 +290,60 @@ my $enable_port_redirection = 0;
 my $port_redirection_allowed_hosts = '';
 
 
+##########################################################################
+# Allowed users:
+#
+# To limit which users can use this service, set the following to a file
+# that contains the allowed user names one per line.  Lines starting with
+# the '#' character are skipped.
+#
+my $allowed_users_file = '';
+
+
+##########################################################################
+# Denied users:
+#
+# As with $allowed_users_file, but to deny certain users.  Applied after
+# any $allowed_users_file check and overrides the result.
+#
+my $denied_users_file = '';
+
+
+##########################################################################
+# trustUrlVncCert applet parameter:
+#
 # Set to 0 to have the java applet html set the parameter
-# trustUrlVncCert=no, i.e. the applet will not automatically accept an
-# SSL cert already accepted by an HTTPS URL.  See print_applet_html()
-# below for more info.
+# trustUrlVncCert=no, i.e. the applet will not automatically accept
+# an SSL cert already accepted by an HTTPS URL.  See $applet_html and
+# print_applet_html() below for more info.
 #
 my $trustUrlVncCert = 1;
 
 
+##########################################################################
+# One-time VNC password fifo:
+#
+# For extra security against local untrusted users a fifo is used
+# to copy the one-time VNC password to the user's VNC password file
+# ~user/x11vnc.pw.  If that fifo transfer technique causes problems,
+# you can set this value to 1 to disable the security feature:
+#
+my $disable_vnc_passwd_fifo_safety = 0;
+
+
+##########################################################################
 # Comment this out if you don't want PATH modified:
 #
-$ENV{PATH} = "/usr/bin:bin:$ENV{PATH}";
+$ENV{PATH} = "/usr/bin:/bin:$ENV{PATH}";
 
 
+##########################################################################
 # For the next two settings, note that most users will be confused that
 # geometry and session are ignored when they are returning to their
 # existing desktop session (x11vnc FINDDISPLAY action.)
 
+
+##########################################################################
 # Used below if user did not specify preferred geometry and color depth:
 #
 my $default_geometry = '1024x768x24';
@@ -139,6 +358,7 @@ my $session_types = '';
 #$session_types = 'gnome kde xfce lxde wmaker enlightenment mwm twm failsafe'; 
 
 
+##########################################################################
 # Set this to 1 to enable user setting a unique tag for each one
 # of his desktops and so can have multiple ones simultaneously and
 # select which one he wants.  For now we just hack this onto geometry
@@ -148,37 +368,125 @@ my $session_types = '';
 my $enable_unique_tags = 0;
 my $unique_tag = '';
 
-# You can set some extra x11vnc cmdline options here:
+
+##########################################################################
+# String of HTML for the login form:
 #
-my $x11vnc_extra_opts = '';
+# Feel free to customize to your taste, _USERNAME_ and _GEOMETRY_ are
+# expanded to that of the request.
+#
+my $login_str = <<"END";
+<title>x11vnc web access</title>
+<h3>x11vnc web access</h3>
+<form action="$ENV{REQUEST_URI}" method="post">
+ <table border="0">
+  <tr><td colspan=2><h2>Login</h2></td></tr>
+  <tr><td>Username:</td><td>
+  <input type="text" name="username" maxlength="40" value="_USERNAME_">
+  </td></tr>
+  <tr><td>Password:</td><td>
+  <input type="password" name="password" maxlength="50">
+  </td></tr>
+  <tr><td>Geometry:</td><td>
+  <input type="text" name="geometry" maxlength="40" value="_GEOMETRY_">
+  </td></tr>
+  <!-- session -->
+  <tr><td colspan="2" align="right">
+  <input type="submit" name="submit" value="Login">
+  </td></tr>
+ </table>
+</form>
+END
 
 
-# Path to x11vnc program:
+##########################################################################
+# String of HTML returned to web browser to launch applet:
 #
-my $x11vnc = '/usr/bin/x11vnc';
+# Feel free to customize to your taste, _UID_, _VNC_PORT_, _WIDTH_,
+# _HEIGHT_, _PASS_, _TRUST_UVC_, _APPLET_JAR_, and _APPLET_CLASS_ are
+# expanded to the appropriate values before sending out to the browser.
+#
+my $applet_html = <<"END";
+<html>
+<TITLE>
+x11vnc desktop (_UID_/_VNC_PORT_)
+</TITLE>
+<APPLET CODE=_APPLET_CLASS_ ARCHIVE=_APPLET_JAR_ WIDTH=_WIDTH_ HEIGHT=_HEIGHT_>
+<param name=PORT value=_VNC_PORT_>
+<param name=VNCSERVERPORT value=_VNC_PORT_>
+<param name=PASSWORD value=_PASS_>
+<param name=trustUrlVncCert value=_TRUST_UVC_>
+<param name="Open New Window" value=yes>
+<param name="Offer Relogin" value=no>
+<param name="ignoreMSLogonCheck" value=yes>
+<param name="delayAuthPanel" value=yes>
+<!-- extra -->
+</APPLET>
+<br>
+<a href="$ENV{REQUEST_URI}">Login page</a><br>
+<a href=http://www.karlrunge.com/x11vnc>x11vnc website</a>
+</html>
+END
 
-if (`uname -n` =~ /haystack/) {
-	# for my testing:
-	if (-f "/home/runge/dtcgi.test") {
-		eval `cat /home/runge/dtcgi.test`;
-	}
+
+##########################################################################
+# These java applet strings are expanded into the above $applet_html.
+# Note that $applet_jar is relative to your apache DocumentRoot (htdocs)
+# not the filesystem root. 
+#
+my $applet_jar = '/UltraViewerSSL.jar';
+my $applet_class = 'VncViewer.class';
+
+# These make the applet panel smaller because we use 'Open New Window'
+# anyway (set to 'W' or 'H' to use actual session geometry values):
+#
+my $applet_width  = '400';
+my $applet_height = '300';
+
+# To customize ALL of the HTML printed out you may need to redefine
+# the bye() subtroutine in your desktop.cgi.conf file. 
+
+
+##########################################################################
+# Override any of the above settings by setting them in a file named
+# 'desktop.cgi.conf'.  It is sourced here.
+#
+# You can override any variable set above by supplying perl code
+# in $0.conf that sets it to the desired value.
+#
+# Some examples you could put in $0.conf:
+#
+#   $x11vnc = '/usr/local/bin/x11vnc';
+#   $x11vnc_extra_opts = '-env FD_PROG=/usr/bin/xclock';
+#   $x11vnc_extra_opts = '-ssl /usr/local/etc/dtcgi.pem';
+#   $find_free_port = 'fixed:5999';
+#   $enable_port_redirection = 1;
+#   $allowed_users_file = '/usr/local/etc/dtcgi.allowed';
+#
+if (-f "$0.conf") {
+	eval `cat "$0.conf"`;
 }
 
 
-# http header:
+##########################################################################
+# END OF MAIN USER SETTINGS.
+# Only power users should change anything below.
+##########################################################################
+
+# Print http header reply:
 #
 print STDOUT "Content-Type: text/html\r\n\r\n";
 
 
 # Require HTTPS so that unix and vnc passwords are not sent in clear text
-# (perhaps it is too late...)  Disable HTTPS at your own risk.
+# (perhaps it is too late...)  Disable HTTPS here at your own risk.
 #
 if ($ENV{HTTPS} !~ /^on$/i) {
 	bye("HTTPS must be used (to encrypt passwords)");
 }
 
 
-# Read request:
+# Read URL request:
 #
 my $request;
 if ($ENV{'REQUEST_METHOD'} eq "POST") {
@@ -192,7 +500,8 @@ if ($ENV{'REQUEST_METHOD'} eq "POST") {
 my %request = url_decode(split(/[&=]/, $request));
 
 
-# Experiment for FD_TAG x11vnc feature for multiple desktops:
+# Experiment for FD_TAG x11vnc feature for multiple desktops for a
+# single user:
 #
 # we hide it in geometry:tag for now:
 #
@@ -212,30 +521,28 @@ if (!exists $request{session} || $request{session} =~ /^\s*$/) {
 }
 
 
-# String for the login form:
+# Expand _USERNAME_ and _GEOMETRY_ in the login string HTML:
 #
-my $login_str = <<"END";
-<title>x11vnc web access</title>
-<h3>x11vnc web access</h3>
-<form action="$ENV{REQUEST_URI}" method="post">
- <table border="0">
-  <tr><td colspan=2><h2>Login</h2></td></tr>
-  <tr><td>Username:</td><td>
-  <input type="text" name="username" maxlength="40" value="$request{username}">
-  </td></tr>
-  <tr><td>Password:</td><td>
-  <input type="password" name="password" maxlength="50">
-  </td></tr>
-  <tr><td>Geometry:</td><td>
-  <input type="text" name="geometry" maxlength="40" value="$request{geometry}">
-  </td></tr>
-  <!-- session -->
-  <tr><td colspan="2" align="right">
-  <input type="submit" name="submit" value="Login">
-  </td></tr>
- </table>
-</form>
-END
+$login_str =~ s/_USERNAME_/$request{username}/g;
+$login_str =~ s/_GEOMETRY_/$request{geometry}/g;
+
+
+# Check x11vnc version for installers of this script who do not know
+# how to read and follow instructions:
+#
+my $version = (split(' ', `$x11vnc -version`))[1];
+$version =~ s/\D*$//;
+
+my ($major, $minor, $micro) = split(/\./, $version);
+if ($major !~ /^\d+$/ || $minor !~ /^\d+$/) {
+	bye("The x11vnc program is not installed correctly.");
+}
+$micro = 0 unless $micro;
+my $level  = $major * 100 * 100 + $minor * 100 + $micro;
+my $needed =      0 * 100 * 100 +      9 * 100 +     10;
+if ($level < $needed) {
+	bye("x11vnc version 0.9.10 or later is required. (Found version $version)");
+}
 
 
 # Set up user selected desktop session list, if enabled:
@@ -301,6 +608,49 @@ if ($enable_port_redirection) {
 	}
 }
 
+# If there is an $allowed_users_file, check username against it:
+#
+if ($allowed_users_file ne '') {
+	if (! open(USERS, "<$allowed_users_file")) {
+		bye("Internal Error #0");
+	}
+	my $ok = 0;
+	while (<USERS>) {
+		chomp;
+		$_ =~ s/^\s*//;
+		$_ =~ s/\s*$//;
+		next if /^#/;
+		if ($username eq $_) {
+			$ok = 1;
+		}
+	}
+	close USERS;
+	if (! $ok) {
+		bye("Denied Username.<p>$login_str");
+	}
+}
+
+# If there is a $denied_users_file, check username against it:
+#
+if ($denied_users_file ne '') {
+	if (! open(USERS, "<$denied_users_file")) {
+		bye("Internal Error #0");
+	}
+	my $ok = 1;
+	while (<USERS>) {
+		chomp;
+		$_ =~ s/^\s*//;
+		$_ =~ s/\s*$//;
+		next if /^#/;
+		if ($username eq $_) {
+			$ok = 0;
+		}
+	}
+	close USERS;
+	if (! $ok) {
+		bye("Denied Username.<p>$login_str");
+	}
+}
 
 # Require username to be alphanumeric + '-' + '_':
 # (one may want to add '.' as well)
@@ -321,6 +671,7 @@ if ($? != 0 || $uid !~ /^\d+$/) {
 
 
 # Use x11vnc trick to check if the unix password is valid:
+# (requires x11vnc 0.9.10 or later.)
 #
 if (!open(X11VNC, "| $x11vnc -unixpw \%stdin > /dev/null")) {
 	bye("Internal Error #1");
@@ -346,7 +697,7 @@ my $fixed_port = 0;
 if (! $find_free_port) {
 	# Fixed port based on userid (we assume it is free):
 	#
-	$vnc_port = 7000 + $uid;
+	$vnc_port = $starting_port + $uid;
 
 } elsif ($find_free_port =~ /^fixed:(\d+)$/) {
 	#
@@ -391,7 +742,7 @@ for (my $i = 0; $i < 8; $i++) {
 # Use x11vnc trick to switch to user and store vnc pass in the passwdfile.
 # Result is $pass is placed in user's $HOME/x11vnc.pw
 #
-# (This is actually difficult to do without untrusted local users being
+# (This is actually difficult to do without untrusted LOCAL users being
 # able to see the pass as well, see copy_password_to_user() for details
 # on how we try to avoid this.)
 #
@@ -430,6 +781,7 @@ if (!open(TMP, ">$tmpfile")) {
 # and -sslonly disables VeNCrypt SSL connections.
 
 # Some settings:
+# (change these if you encounter timing problems, etc.)
 #
 my $timeout = 75;
 my $extra = '';
@@ -438,6 +790,8 @@ if ($fixed_port) {
 	$timeout = 45;
 	$extra .= " -loopbg100,1";
 }
+$timeout = $x11vnc_timeout if $x11vnc_timeout ne '';
+
 if ($session_types ne '') {
 	# settings for session selection case:
 	if (exists $sessions{$session}) {
@@ -474,7 +828,7 @@ if ($? == 0) {
 	unlink $md5;
 }
 
-# write x11vnc command to the tmp file:
+# Write x11vnc command to the tmp file:
 #
 print TMP <<"END";
 #!/bin/sh
@@ -497,6 +851,7 @@ close TMP;
 $ENV{UNIXPW_CMD} = "/bin/sh $tmpfile";
 
 # For the fixed port scheme we try to cooperate via lock file:
+# (disabled by default.)
 #
 my $rmlock = '';
 #
@@ -593,8 +948,8 @@ sub initialize_random {
 # the end.
 #
 sub auto_select_port {
-	my $pmin = 7000;	# default range.
-	my $pmax = 8000;
+	my $pmin = $starting_port;	# default range 7000-8000.
+	my $pmax = $starting_port + 1000;
 
 	if ($find_free_port =~ /^(\d+)-(\d+)$/) {
 		# user supplied a range:
@@ -647,7 +1002,7 @@ sub auto_select_port {
 # the user command is run in its own tty.
 #
 # The best way would be a sudo action or a special setuid program for
-# copying.  So consider using that and thereby simplify this function.
+# copying.  So consider doing that and thereby simplify this function.
 #
 # Short of a special program doing this, we use a fifo so ONLY ONE
 # process can read the password.  If the untrusted local user reads it,
@@ -685,6 +1040,12 @@ sub copy_password_to_user {
 		bye("Internal Error #7");
 	}
 
+	# disable fifo safety if requested:
+	#
+	if ($disable_vnc_passwd_fifo_safety) {
+		$use_fifo = '';
+	}
+
 	# Make the fifo:
 	#
 	if ($use_fifo) {
@@ -756,7 +1117,6 @@ sub copy_password_to_user {
 	}
 	close X11VNC;	# note we ignore return value.
 	fsleep(0.5);
-	#print STDERR `ls -l $fifo ~$username/x11vnc.pw`;
 	unlink $fifo;
 
 	# Done!
@@ -854,33 +1214,32 @@ sub lock_fixed_port {
 #
 sub print_applet_html {
 	my ($W, $H, $D) = split(/x/, $geometry);
-	$W = 640;	# make it smaller since we 'Open New Window' below anyway.
-	$H = 480;
+
+	# make it smaller since we 'Open New Window' below anyway.
+	if ($applet_width ne 'W') {
+		$W = $applet_width;
+	}
+	if ($applet_height ne 'H') {
+		$H = $applet_height;
+	}
+
 	my $tUVC = ($trustUrlVncCert ? 'yes' : 'no');
-	my $str = <<"END";
-<html>
-<TITLE>
-x11vnc desktop ($uid/$vnc_port)
-</TITLE>
-<APPLET CODE=VncViewer.class ARCHIVE=/UltraViewerSSL.jar WIDTH=$W HEIGHT=$H>
-<param name=PORT value=$vnc_port>
-<param name=VNCSERVERPORT value=$vnc_port>
-<param name=PASSWORD value=$pass>
-<param name=trustUrlVncCert value=$tUVC>
-<param name="Open New Window" value=yes>
-<param name="Offer Relogin" value=no>
-<param name="ignoreMSLogonCheck" value=yes>
-<param name="delayAuthPanel" value=yes>
-<!-- extra -->
-</APPLET>
-<br>
-<a href="$ENV{REQUEST_URI}">Login page</a><br>
-<a href=http://www.karlrunge.com/x11vnc>x11vnc website</a>
-</html>
-END
+
+	# see $applet_html set in defaults section for more info:
+	#
+	my $str = $applet_html;
+
+	$str =~ s/_UID_/$uid/g;
+	$str =~ s/_VNC_PORT_/$vnc_port/g;
+	$str =~ s/_WIDTH_/$W/g;
+	$str =~ s/_HEIGHT_/$H/g;
+	$str =~ s/_PASS_/$pass/g;
+	$str =~ s/_APPLET_JAR_/$applet_jar/g;
+	$str =~ s/_APPLET_CLASS_/$applet_class/g;
+	$str =~ s/_TRUST_UVC_/$tUVC/g;
 
 	if ($enable_port_redirection && $redirect_host ne '') {
-		$str =~ s/name=PASSWORD value=.*>/name=NOT_USED value=yes>/;
+		$str =~ s/name=PASSWORD value=.*>/name=NOT_USED value=yes>/i;
 		#$str =~ s/<!-- extra -->/<!-- extra -->\n<param name="ignoreProxy" value=yes>/;
 	}
 
@@ -1025,6 +1384,9 @@ sub check_redirect_host {
 
 # Much of this code is borrowed from 'connect_switch':
 #
+# (it only applies to the vnc redirector $enable_port_redirection mode
+# which is off by default.)
+#
 sub handle_conn {
 	close STDIN;
 	close STDOUT;
diff --git a/x11vnc/misc/enhanced_tightvnc_viewer/README b/x11vnc/misc/enhanced_tightvnc_viewer/README
index 8992aea..7b14dba 100644
--- a/x11vnc/misc/enhanced_tightvnc_viewer/README
+++ b/x11vnc/misc/enhanced_tightvnc_viewer/README
@@ -16,8 +16,8 @@ See these sites and related ones for more information:
 
         http://www.tightvnc.com
         http://www.realvnc.com
-        http://www.stunnel.org
         http://stunnel.mirt.net
+        http://www.stunnel.org
         http://www.openssl.org
         http://www.chiark.greenend.org.uk/~sgtatham/putty/
 	http://sourceforge.net/projects/cotvnc/
@@ -255,7 +255,7 @@ Unix and Mac OS X:
 
     Unpack the archive:
 
-        % gzip -dc ssvnc-1.0.25.tar.gz | tar xvf -
+        % gzip -dc ssvnc-1.0.27.tar.gz | tar xvf -
 
     Run the GUI:
 
@@ -263,7 +263,7 @@ Unix and Mac OS X:
 
         % ./ssvnc/MacOSX/ssvnc             (for Mac OS X)
 
-    The smaller file "ssvnc_no_windows-1.0.25.tar.gz"
+    The smaller file "ssvnc_no_windows-1.0.27.tar.gz"
     could have been used as well.
 
     On MacOSX you could also click on the SSVNC app icon in the Finder.
@@ -309,8 +309,8 @@ Unix/MacOSX Install:
 
     For the conventional source tarball it will compile and install, e.g.:
 
-       gzip -dc ssvnc-1.0.25.src.tar.gz | tar xvf -
-       cd ssvnc-1.0.25
+       gzip -dc ssvnc-1.0.27.src.tar.gz | tar xvf -
+       cd ssvnc-1.0.27
        make config
        make all
        make PREFIX=/my/install/dir install
@@ -322,7 +322,7 @@ Windows:
 
     Unzip, using WinZip or a similar utility, the zip file:
 
-        ssvnc-1.0.25.zip
+        ssvnc-1.0.27.zip
 
     Run the GUI, e.g.:
 
@@ -334,7 +334,7 @@ Windows:
 
     select Open, and then OK to launch it.
 
-    The smaller file "ssvnc_windows_only-1.0.25.zip"
+    The smaller file "ssvnc_windows_only-1.0.27.zip"
     could have been used as well.
 
     You can make a Windows shortcut to this program if you want to.
@@ -664,7 +664,7 @@ Untrusted Local Users:
     By 'do not trust' we mean they might try to gain access to remote
     machines you connect to via SSVNC.  Note that an untrusted local
     user can often obtain root access in a short amount of time; if a
-    user has acheived that, then all bets are off for ANYTHING that you
+    user has achieved that, then all bets are off for ANYTHING that you
     do on the workstation.  It is best to get rid of Untrusted Local
     Users as soon as possible.
 
@@ -680,7 +680,7 @@ Untrusted Local Users:
     If the untrusted local user tries to connect to these ports, he may
     succeed in varying degrees to gain access to the remote machine.
     We now list some safeguards one can put in place to try to make this
-    more difficult to acheive.
+    more difficult to achieve.
 
     It probably pays to have the VNC server require a password, even
     though there has already been SSL or SSH authentication (via
@@ -747,8 +747,8 @@ See also:
 	http://www.karlrunge.com/x11vnc/faq.html
 	x11vnc -h | more
 
-	http://www.stunnel.org
 	http://stunnel.mirt.net
+	http://www.stunnel.org
 	http://www.openssl.org
 	http://www.tightvnc.com
         http://www.realvnc.com
diff --git a/x11vnc/misc/enhanced_tightvnc_viewer/Windows/util/connect_br.tcl b/x11vnc/misc/enhanced_tightvnc_viewer/Windows/util/connect_br.tcl
index c363764..53d5e27 100755
--- a/x11vnc/misc/enhanced_tightvnc_viewer/Windows/util/connect_br.tcl
+++ b/x11vnc/misc/enhanced_tightvnc_viewer/Windows/util/connect_br.tcl
@@ -123,6 +123,12 @@ proc bmesg {msg} {
 	label $w.l -width 70 -text "$msg"
 	pack $w.l
 	update
+	if {$env(BMESG) > 1} {
+		for {set i 0} {$i < $env(BMESG)} {incr i} {
+			after 1000
+			update
+		}
+	}
 }
 
 proc do_connect_http {sock hostport which} {
@@ -165,9 +171,15 @@ proc do_connect_http {sock hostport which} {
 proc do_connect_socks4 {sock hostport which} {
 	global debug cur_proxy
 
-	set s [split $hostport ":"]
-	set host [lindex $s 0]
-	set port [lindex $s 1]
+	set host ""
+	set port ""
+	if [regexp {^(.*):([0-9][0-9]*)$} $hostport mvar host port] {
+		;
+	} else {
+		puts stderr "could not parse host:port $hostport"
+		destroy .
+		exit 1
+	}
 
 	set i1 ""
 	set i2 ""
@@ -249,9 +261,15 @@ proc do_connect_socks4 {sock hostport which} {
 proc do_connect_socks5 {sock hostport which} {
 	global debug cur_proxy
 
-	set s [split $hostport ":"]
-	set host [lindex $s 0]
-	set port [lindex $s 1]
+	set host ""
+	set port ""
+	if [regexp {^(.*):([0-9][0-9]*)$} $hostport mvar host port] {
+		;
+	} else {
+		puts stderr "could not parse host:port $hostport"
+		destroy .
+		exit 1
+	}
 
 	set p1 [binary format ccc 5 1 0]
 	puts -nonewline $sock $p1
@@ -1058,7 +1076,7 @@ proc proxy_type {proxy} {
 }
 
 proc proxy_hostport {proxy} {
-	regsub -nocase {^[a-z][a-z]*://} $proxy "" hp
+	regsub -nocase {^[a-z][a-z0-9]*://} $proxy "" hp
 	regsub {\+.*$} $hp "" hp
 	if {! [regexp {:[0-9]} $hp] && [regexp {^repeater:} $proxy]} {
 		set hp "$hp:5900"
@@ -1140,9 +1158,15 @@ if {$do_bridge} {
 	set proxy1_type [proxy_type     $proxy1]
 	set proxy1_hp   [proxy_hostport $proxy1]
 
-	set s [split $proxy1_hp ":"]
-	set proxy1_host [lindex $s 0]
-	set proxy1_port [lindex $s 1]
+	set proxy1_host ""
+	set proxy1_port ""
+	if [regexp {^(.*):([0-9][0-9]*)$} $proxy1_hp mvar proxy1_host proxy1_port] {
+		;
+	} else {
+		puts stderr "could not parse hp1 host:port $proxy1_hp"
+		destroy .
+		exit 1
+	}
 
 	set proxy2_type ""
 	set proxy2_host ""
@@ -1151,9 +1175,16 @@ if {$do_bridge} {
 	if {$proxy2 != ""} {
 		set proxy2_type [proxy_type     $proxy2]
 		set proxy2_hp   [proxy_hostport $proxy2]
-		set s [split $proxy2_hp ":"]
-		set proxy2_host [lindex $s 0]
-		set proxy2_port [lindex $s 1]
+
+		set proxy2_host ""
+		set proxy2_port ""
+		if [regexp {^(.*):([0-9][0-9]*)$} $proxy2_hp mvar proxy2_host proxy2_port] {
+			;
+		} else {
+			puts stderr "could not parse hp2 host:port $proxy2_hp"
+			destroy .
+			exit 1
+		}
 	}
 
 	set proxy3_type ""
@@ -1163,9 +1194,16 @@ if {$do_bridge} {
 	if {$proxy3 != ""} {
 		set proxy3_type [proxy_type     $proxy3]
 		set proxy3_hp   [proxy_hostport $proxy3]
-		set s [split $proxy3_hp ":"]
-		set proxy3_host [lindex $s 0]
-		set proxy3_port [lindex $s 1]
+
+		set proxy3_host ""
+		set proxy3_port ""
+		if [regexp {^(.*):([0-9][0-9]*)$} $proxy3_hp mvar proxy3_host proxy3_port] {
+			;
+		} else {
+			puts stderr "could not parse hp3 host:port $proxy3_hp"
+			destroy .
+			exit 1
+		}
 	}
 
 	bmesg "1: '$proxy1_host' '$proxy1_port' '$proxy1_type'";
@@ -1173,9 +1211,15 @@ if {$do_bridge} {
 	bmesg "3: '$proxy3_host' '$proxy3_port' '$proxy3_type'";
 
 	if [info exists env(SSVNC_REVERSE)] {
-		set s [split $env(SSVNC_REVERSE) ":"]
-		set rhost [lindex $s 0]
-		set rport [lindex $s 1]
+		set rhost ""
+		set rport ""
+		if [regexp {^(.*):([0-9][0-9]*)$} $env(SSVNC_REVERSE) mvar rhost rport] {
+			;
+		} else {
+			puts stderr "could not parse SSVNC_REVERSE host:port $env(SSVNC_REVERSE)"
+			destroy .
+			exit 1
+		}
 		set rc [catch {set lsock [socket $rhost $rport]}]
 		if {$rc != 0} {
 			puts stderr "error reversing"	
diff --git a/x11vnc/misc/enhanced_tightvnc_viewer/bin/util/ss_vncviewer b/x11vnc/misc/enhanced_tightvnc_viewer/bin/util/ss_vncviewer
index 7ad1811..63ddac5 100755
--- a/x11vnc/misc/enhanced_tightvnc_viewer/bin/util/ss_vncviewer
+++ b/x11vnc/misc/enhanced_tightvnc_viewer/bin/util/ss_vncviewer
@@ -382,7 +382,9 @@ if [ "X$reverse" != "X" ]; then
 			echo "*Warning*: -listen and a single proxy/gateway does not make sense."
 			sleep 2
 		fi
-		SSVNC_LISTEN_ONCE=1; export SSVNC_LISTEN_ONCE
+
+		# we now try to PPROXY_LOOP_THYSELF, set this var to disable that.
+		#SSVNC_LISTEN_ONCE=1; export SSVNC_LISTEN_ONCE
 	fi
 fi
 if [ "X$ssh_cmd" = "X" ]; then
@@ -520,12 +522,6 @@ if [ "X$SSVNC_ULTRA_DSM" != "X" ]; then
 	fi
 fi
 
-# (possibly) tell the vncviewer to only listen on lo: 
-if [ "X$reverse" != "X" -a "X$direct_connect" = "X" ]; then
-	VNCVIEWER_LISTEN_LOCALHOST=1
-	export VNCVIEWER_LISTEN_LOCALHOST
-fi
-
 # rsh mode is an internal/secret thing only I use.
 rsh=""
 if echo "$orig" | grep '^rsh://' > /dev/null; then
@@ -551,11 +547,98 @@ else
 fi
 
 # extract host and disp number:
-host=`echo "$orig" | awk -F: '{print $1}'`
-disp=`echo "$orig" | awk -F: '{print $2}'`
+
+# try to see if it is ipv6 address:
+ipv6=0
+if echo "$orig" | grep '\[' > /dev/null; then
+	# ipv6 [fe80::219:dbff:fee5:3f92%eth1]:5900
+	host=`echo "$orig" | sed -e 's/\].*$//' -e 's/\[//'`
+	disp=`echo "$orig" | sed -e 's/^.*\]://'`
+	ipv6=1
+elif echo "$orig" | grep ':..*:' > /dev/null; then
+	# ipv6 fe80::219:dbff:fee5:3f92%eth1:5900
+	host=`echo "$orig" | sed -e 's/:[^:]*$//'`
+	disp=`echo "$orig" | sed -e 's/^.*://'`
+	ipv6=1
+else
+	# regular host:port
+	host=`echo "$orig" | awk -F: '{print $1}'`
+	disp=`echo "$orig" | awk -F: '{print $2}'`
+fi
+
+if [ "X$reverse" != "X" -a "X$STUNNEL_LISTEN" = "X" -a "X$host" != "X" ]; then
+	STUNNEL_LISTEN=$host
+	echo "set STUNNEL_LISTEN=$STUNNEL_LISTEN"
+fi
+
 if [ "X$host" = "X" ]; then
 	host=$localhost
 fi
+
+if [ "X$SSVNC_IPV6" = "X0" ]; then
+	# disable checking for it.
+	ipv6=0
+#elif [ "X$reverse" != "X" -a "X$ipv6" = "X1" ]; then
+#	ipv6=0
+elif [ "X$ipv6" = "X1" ]; then
+	:
+elif echo "$host" | grep '^[0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*$' > /dev/null; then
+	:
+else
+	# regular hostname, can't be sure...
+	host "$host" >/dev/null 2>&1
+	host "$host" >/dev/null 2>&1
+	hout=`host "$host" 2>/dev/null`
+	if echo "$hout" | grep -i 'has ipv6 address' > /dev/null; then
+		if echo "$hout" | grep -i 'has address' > /dev/null; then
+			:
+		else
+			echo "ipv6: "`echo "$hout" | grep -i 'has ipv6 address' | head -n 1`
+			ipv6=1
+		fi
+	fi
+	if [ "X$ipv6" = "X0" ]; then
+		dout=`dig -t any "$host" 2>/dev/null`
+		if echo "$dout" | grep -i "^$host" | grep '[ 	]AAAA[ 	]' > /dev/null; then
+			if echo "$dout" | grep -i "^$host" | grep '[ 	]A[ 	]' > /dev/null; then
+				:
+			else
+				echo "ipv6: "`echo "$dout" | grep -i '[ 	]AAAA[ 	]' | head -n 1`
+				ipv6=1
+			fi
+		fi
+	fi
+	if [ "X$ipv6" = "X0" ]; then
+		sout=`env LOOKUP="$host" \
+		      perl -e '	eval {use Socket};  exit 0 if $@;
+				eval {use Socket6}; exit 0 if $@;
+				@res = getaddrinfo($ENV{LOOKUP}, "daytime", AF_UNSPEC, SOCK_STREAM);
+				$ipv4 = 0;
+				$ipv6 = 0;
+				$ip6 = "";
+				while (scalar(@res) >= 5) {
+					($family, $socktype, $proto, $saddr, $canon, @res) = @res;
+					$ipv4 = 1 if $family == AF_INET;
+					$ipv6 = 1 if $family == AF_INET6;
+					if ($family == AF_INET6 && $ip6 eq "") {
+						my ($host, $port) = getnameinfo($saddr, NI_NUMERICHOST | NI_NUMERICSERV);
+						$ip6 = $host;
+					}
+				}
+				if (! $ipv4 && $ipv6) {
+					print "AF_INET6_ONLY: $ENV{LOOKUP}: $ip6\n";
+				}
+				exit 0;
+			' 2>/dev/null`
+		if echo "$sout" | grep AF_INET6_ONLY > /dev/null; then
+			echo "$sout"
+			ipv6=1
+		fi
+	fi
+fi
+if [ "X$ipv6" = "X1" ]; then
+	echo "ipv6: addr=$host disp=$disp"
+fi
 if [ "X$disp" = "X" ]; then
 	port=""	# probably -listen mode.
 elif [ $disp -lt 0 ]; then
@@ -573,6 +656,21 @@ else
 	port=$disp
 fi
 
+if [ "X$ipv6" = "X1" -a "X$direct_connect" = "X1" ]; then
+	if [ "X$proxy" = "X" -a "X$reverse" = "X" ]; then
+		proxy="ipv6://$host:$port"
+		echo "direct connect: set proxy=$proxy"
+	fi
+fi
+
+# (possibly) tell the vncviewer to only listen on lo: 
+if [ "X$reverse" != "X" ]; then
+	if [ "X$direct_connect" = "X" -o "X$proxy" != "X" -o "X$STUNNEL_LISTEN" != "X" ]; then
+		VNCVIEWER_LISTEN_LOCALHOST=1
+		export VNCVIEWER_LISTEN_LOCALHOST
+	fi
+fi
+
 # try to find an open listening port via netstat(1):
 inuse=""
 if uname | grep Linux > /dev/null; then
@@ -787,6 +885,60 @@ pcode() {
 
 use IO::Socket::INET;
 
+my $have_inet6 = "";
+eval "use IO::Socket::INET6;";
+$have_inet6 = 1 if $@ eq "";
+
+#my $have_sock6 = "";
+#eval "use Socket; use Socket6;";
+#$have_sock6 = 1 if $@ eq "";
+
+if (exists $ENV{PPROXY_LOOP_THYSELF}) {
+	# used for reverse vnc, run a repeating outer loop.
+	print STDERR "PPROXY_LOOP: $ENV{PPROXY_LOOP_THYSELF}\n";
+	my $rm = $ENV{PPROXY_REMOVE};
+	my $lp = $ENV{PPROXY_LOOP_THYSELF};
+	delete $ENV{PPROXY_REMOVE};
+	delete $ENV{PPROXY_LOOP_THYSELF};
+	$ENV{PPROXY_LOOP_THYSELF_MASTER} = $$;
+	my $pid = $$;
+	my $dbg = 0;
+	my $c = 0;
+	use POSIX ":sys_wait_h";
+	while (1) {
+		$pid = fork();
+		last if ! defined $pid;
+		if ($pid eq "0") {
+			last;
+		}
+		$c++;
+		print STDERR "\nPPROXY_LOOP: pid=$$ child=$pid count=$c\n";
+		while (1) {
+			waitpid(-1, WNOHANG);
+			fsleep(0.25);
+			if (! kill 0, $pid) {
+				print STDERR "PPROXY_LOOP: child=$pid gone.\n";
+				last;
+			}
+			print STDERR "PPROXY_LOOP: child=$pid alive.\n" if $dbg;
+			if (! -f $lp) {
+				print STDERR "PPROXY_LOOP: flag file $lp gone, killing $pid\n";
+				kill TERM, $pid;
+				fsleep(0.1);
+				wait;
+				last;
+			}
+			print STDERR "PPROXY_LOOP: file exists $lp\n" if $dbg;
+		}
+		last if ! -f $lp;
+		fsleep(0.25);
+	}
+	if ($pid ne "0") {
+		unlink($0) if $rm;
+		exit 0;
+	}
+}
+
 if (exists $ENV{PPROXY_SLEEP} && $ENV{PPROXY_SLEEP} > 0) {
 	print STDERR "PPROXY_PID: $$\n";
 	sleep $ENV{PPROXY_SLEEP};
@@ -835,7 +987,7 @@ if (exists $ENV{SSVNC_PREDIGESTED_HANDSHAKE})  {
 }
 
 my $have_gettimeofday = 0;
-eval "use Time::HiRes";
+eval "use Time::HiRes;";
 if ($@ eq "") {
 	$have_gettimeofday = 1;
 }
@@ -862,7 +1014,11 @@ my ($mode_1st, $mode_2nd, $mode_3rd) = ("", "", "");
 
 ($first, $mode_1st) = url_parse($first);
 
-my ($proxy_host, $proxy_port) = split(/:/, $first);
+my ($proxy_host, $proxy_port) = ($first, "");
+if ($proxy_host =~ /^(.*):(\d+)$/) {
+	$proxy_host = $1;
+	$proxy_port = $2;
+}
 my $connect = $ENV{PPROXY_DEST};
 
 if ($second ne "") {
@@ -875,13 +1031,15 @@ if ($third ne "") {
 
 
 print STDERR "\n";
-print STDERR "PPROXY v0.3: a tool for Web, SOCKS, and UltraVNC proxies and VeNCrypt bridging.\n";
+print STDERR "PPROXY v0.4: a tool for Web, SOCKS, and UltraVNC proxies and for\n";
+print STDERR "PPROXY v0.4: IPv6 and VNC VeNCrypt bridging.\n";
 print STDERR "proxy_host:       $proxy_host\n";
 print STDERR "proxy_port:       $proxy_port\n";
 print STDERR "proxy_connect:    $connect\n";
 print STDERR "pproxy_params:    $ENV{PPROXY_PROXY}\n";
 print STDERR "pproxy_listen:    $ENV{PPROXY_LISTEN}\n";
 print STDERR "pproxy_reverse:   $ENV{PPROXY_REVERSE}\n";
+print STDERR "io_socket_inet6:  $have_inet6\n";
 print STDERR "\n";
 if (1) {
 	print STDERR "pproxy 1st: $first\t- $mode_1st\n";
@@ -897,15 +1055,29 @@ sub pdie {
 }
 
 if ($ENV{PPROXY_REVERSE} ne "") {
-	my ($rhost, $rport) = split(/:/, $ENV{PPROXY_REVERSE});
+	my ($rhost, $rport) = ($ENV{PPROXY_REVERSE}, "");
+	if ($rhost =~ /^(.*):(\d+)$/) {
+		$rhost = $1;
+		$rport = $2;
+	}
 	$rport = 5900 unless $rport;
+	my $emsg = "";
 	$listen_handle = IO::Socket::INET->new(
 		PeerAddr => $rhost,
 		PeerPort => $rport,
 		Proto => "tcp"
 	);
+	$emsg = $!;
+	if (! $listen_handle && $have_inet6) {
+		eval {$listen_handle = IO::Socket::INET6->new(
+			PeerAddr => $rhost,
+			PeerPort => $rport,
+			Proto => "tcp"
+		);};
+		$emsg .= " / $!";
+	}
 	if (! $listen_handle) {
-		pdie "pproxy: $! -- PPROXY_REVERSE\n";
+		pdie "pproxy: $emsg -- PPROXY_REVERSE\n";
 	}
 	print STDERR "PPROXY_REVERSE: connected to $rhost $rport\n";
 
@@ -914,27 +1086,75 @@ if ($ENV{PPROXY_REVERSE} ne "") {
 	my $maxtry = 12;
 	my $sleep = 5;
 	my $p2 = "";
+	my $emsg = "";
 	for (my $i=0; $i < $maxtry; $i++)  {
-		if ($ENV{PPROXY_LISTEN} =~ /^INADDR_ANY:(.*)/) {
-			my $p = $1;
-			$p2 = "*:$p";
+		my ($if, $p) = ("", $ENV{PPROXY_LISTEN});
+		if ($p =~ /^(.*):(\d+)$/) {
+			$if = $1;
+			$p = $2;
+		}
+		$p2 = "*:$p";
+		if ($if eq "") {
+			$if = "localhost";
+		}
+		print STDERR "pproxy interface: $if\n";
+
+		$emsg = "";
+		if (($if eq "INADDR_ANY6" || $if eq "::") && $have_inet6) {
+			eval {$listen_sock = IO::Socket::INET6->new(
+				Listen    => 2,
+				ReuseAddr => 1,
+				Domain    => AF_INET6,
+				LocalAddr => "::",
+				LocalPort => $p,
+				Proto     => "tcp"
+			);};
+			$p2 = ":::$p";
+		} elsif ($if =~ /^INADDR_ANY/) {
 			$listen_sock = IO::Socket::INET->new(
 				Listen    => 2,
+				ReuseAddr => 1,
 				LocalPort => $p,
 				Proto     => "tcp"
 			);
+		} elsif (($if eq "INADDR_LOOPBACK6" || $if eq "::1") && $have_inet6) {
+			$p2 = "::1:$p";
+			eval {$listen_sock = IO::Socket::INET6->new(
+				Listen    => 2,
+				ReuseAddr => 1,
+				Domain    => AF_INET6,
+				LocalAddr => "::1",
+				LocalPort => $p,
+				Proto     => "tcp"
+			);};
+			$p2 = "::1:$p";
 		} else {
-			$p2 = "localhost:$ENV{PPROXY_LISTEN}";
+			$p2 = "$if:$p";
 			$listen_sock = IO::Socket::INET->new(
 				Listen    => 2,
-				LocalAddr => "127.0.0.1",
-				LocalPort => $ENV{PPROXY_LISTEN},
+				ReuseAddr => 1,
+				LocalAddr => $if,
+				LocalPort => $p,
 				Proto     => "tcp"
 			);
+			$emsg = $!;
+			
+			if (! $listen_sock && $have_inet6) {
+				print STDERR "PPROXY_LISTEN: retry with INET6\n";
+				eval {$listen_sock = IO::Socket::INET6->new(
+					Listen    => 2,
+					ReuseAddr => 1,
+					Domain    => AF_INET6,
+					LocalAddr => $if,
+					LocalPort => $p,
+					Proto     => "tcp"
+				);};
+				$emsg .= " / $!";
+			}
 		}
 		if (! $listen_sock) {
 			if ($i < $maxtry - 1) {
-				warn "pproxy: $!\n";
+				warn "pproxy: $emsg $!\n";
 				warn "Could not listen on port $p2, retrying in $sleep seconds... (Ctrl-C to quit)\n";
 				sleep $sleep;
 			}
@@ -943,7 +1163,7 @@ if ($ENV{PPROXY_REVERSE} ne "") {
 		}
 	}
 	if (! $listen_sock) {
-		pdie "pproxy: $! -- PPROXY_LISTEN\n";
+		pdie "pproxy: $emsg -- PPROXY_LISTEN\n";
 	}
 	print STDERR "pproxy: listening on $p2\n";
 	my $ip;
@@ -953,6 +1173,24 @@ if ($ENV{PPROXY_REVERSE} ne "") {
 	if (! $listen_handle) {
 		pdie "pproxy: $err\n";
 	}
+
+	if ($ENV{PPROXY_LOOP_THYSELF_MASTER}) {
+		my $sml = $ENV{SSVNC_MULTIPLE_LISTEN}; 
+		if ($sml ne "" && $sml ne "0") {
+			setpgrp(0, 0);
+			if (fork()) {
+				close $viewer_sock;
+				wait;
+				exit 0;
+			}
+			if (fork()) {
+				close $viewer_sock;
+				exit 0;
+			}
+			setpgrp(0, 0);
+			$parent = $$;
+		}
+	}
 }
 
 $sock = IO::Socket::INET->new(
@@ -961,15 +1199,27 @@ $sock = IO::Socket::INET->new(
 	Proto => "tcp"
 );
 
+my $err = "";
+
+if (! $sock && $have_inet6) {
+	$err = $!;
+
+	eval {$sock = IO::Socket::INET6->new(
+		PeerAddr => $proxy_host,
+		PeerPort => $proxy_port,
+		Proto => "tcp"
+	);};
+	$err .= " / $!";
+}
+
 if (! $sock) {
-	my $err = $!;
 	unlink($0) if $ENV{PPROXY_REMOVE};
 	pdie "pproxy: $err\n";
 }
 
 unlink($0) if $ENV{PPROXY_REMOVE};
 
-if ($ENV{PPROXY_PROXY} =~ /^vencrypt:/ && $ENV{PPROXY_LISTEN} =~ /^INADDR_ANY:/) {
+if ($ENV{PPROXY_PROXY} =~ /^vencrypt:/ && $ENV{PPROXY_VENCRYPT_REVERSE}) {
 	print STDERR "\nPPROXY: vencrypt+reverse: swapping listen socket with connect socket.\n";
 	my $tmp_swap = $sock;
 	$sock = $listen_handle;
@@ -1116,6 +1366,10 @@ xfer_both();
 
 exit;
 
+sub fsleep {
+	select(undef, undef, undef, shift);
+}
+
 sub url_parse {
 	my $hostport = shift;
 	my $mode = "http";
@@ -1128,11 +1382,14 @@ sub url_parse {
 	} elsif ($hostport =~ m,^https?://(\S*)$,i) {
 		$mode = "http";
 		$hostport = $1;
+	} elsif ($hostport =~ m,^ipv6://(\S*)$,i) {
+		$mode = "ipv6";
+		$hostport = $1;
 	} elsif ($hostport =~ m,^repeater://(\S*)\+(\S*)$,i) {
 		# ultravnc repeater proxy.
 		$hostport = $1;
 		$mode = "repeater:$2";
-		if ($hostport !~ /:\d+/) {
+		if ($hostport !~ /:\d+$/) {
 			$hostport .= ":5900";
 		}
 	} elsif ($hostport =~ m,^vencrypt://(\S*)$,i) {
@@ -1144,7 +1401,7 @@ sub url_parse {
 			$mode = $2;
 		}
 		$mode = "vencrypt:$m";
-		if ($hostport !~ /:\d+/) {
+		if ($hostport !~ /:\d+$/) {
 			$hostport .= ":5900";
 		}
 	}
@@ -1161,6 +1418,8 @@ sub setmode {
 		} else {
 			$ENV{PPROXY_SOCKS} = 1;
 		}
+	} elsif ($mode =~ /^ipv6/i) {
+		$ENV{PPROXY_SOCKS} = 0;
 	} elsif ($mode =~ /^repeater:(.*)/) {
 		$ENV{PPROXY_REPEATER} = $1;
 		$ENV{PPROXY_SOCKS} = "";
@@ -1180,7 +1439,11 @@ sub connection {
 
 	if ($ENV{PPROXY_SOCKS} eq "5") {
 		# SOCKS5
-		my ($h, $p) = split(/:/, $CONNECT);
+		my ($h, $p) = ($CONNECT, "");
+		if ($h =~ /^(.*):(\d+)$/) {
+			$h = $1;
+			$p = $2;
+		}
 		$con .= pack("C", 0x05);
 		$con .= pack("C", 0x01);
 		$con .= pack("C", 0x00);
@@ -1242,9 +1505,13 @@ sub connection {
 			exit(1);
 		}
 
-	} elsif ($ENV{PPROXY_SOCKS} ne "") {
+	} elsif ($ENV{PPROXY_SOCKS} eq "1") {
 		# SOCKS4 SOCKS4a
-		my ($h, $p) = split(/:/, $CONNECT);
+		my ($h, $p) = ($CONNECT, "");
+		if ($h =~ /^(.*):(\d+)$/) {
+			$h = $1;
+			$p = $2;
+		}
 		$con .= pack("C", 0x04);
 		$con .= pack("C", 0x01);
 		$con .= pack("n", $p);
@@ -1296,6 +1563,9 @@ sub connection {
 			close $sock;
 			exit(1);
 		}
+	} elsif ($ENV{PPROXY_SOCKS} eq "0") {
+		# hack for ipv6 "proxy", nothing to do, assume INET6 call worked.
+		;
 	} elsif ($ENV{PPROXY_REPEATER} ne "") {
 		my $rep = $ENV{PPROXY_REPEATER};
 		print STDERR "repeater: $rep\n";
@@ -1582,6 +1852,7 @@ sub do_vencrypt_viewer_bridge {
 	for (my $i=0; $i < $maxtry; $i++)  {
 		$listen_sock = IO::Socket::INET->new(
 			Listen    => 2,
+			ReuseAddr => 1,
 			LocalAddr => "127.0.0.1",
 			LocalPort => $listen,
 			Proto     => "tcp"
@@ -1606,6 +1877,23 @@ sub do_vencrypt_viewer_bridge {
 	if (! $viewer_sock) {
 		die "pproxy: vencrypt_viewer_bridge[$$]: $err\n";
 	}
+	if ($ENV{PPROXY_LOOP_THYSELF_MASTER}) {
+		my $sml = $ENV{SSVNC_MULTIPLE_LISTEN}; 
+		if ($sml ne "" && $sml ne "0") {
+			setpgrp(0, 0);
+			if (fork()) {
+				close $viewer_sock;
+				wait;
+				exit 0;
+			}
+			if (fork()) {
+				close $viewer_sock;
+				exit 0;
+			}
+			setpgrp(0, 0);
+			$parent = $$;
+		}
+	}
 	print STDERR "vencrypt_viewer_bridge[$$]: viewer_sock $viewer_sock\n" if $db;
 
 	print STDERR "pproxy: vencrypt_viewer_bridge[$$]: connecting to 127.0.0.1:$connect\n";
@@ -2055,13 +2343,18 @@ NHAFL_warning() {
 	echo "** Warning: you to manually remove a key from ~/.ssh/known_hosts.)"
 	echo "** Warning: "
 	echo "** Warning: This decreases security: a Man-In-The-Middle attack is possible."
+	echo "** Warning: For chained ssh connections the first ssh leg is secure but the"
+	echo "** Warning: 2nd ssh leg is vulnerable.  For an ssh connection going through"
+	echo "** Warning: a HTTP or SOCKS proxy the ssh connection is vulnerable."
+	echo "** Warning: "
 	echo "** Warning: You can set the SSVNC_SSH_LOCALHOST_AUTH=1 env. var. to disable" 
-	echo "** Warning: using the NoHostAuthenticationForLocalhost ssh option." 
+	echo "** Warning: using the NoHostAuthenticationForLocalhost=yes ssh option." 
 	echo "** Warning: "
 	echo "** Warning: A better solution is to configure (in the SSVNC GUI) the setting:"
 	echo "** Warning: 'Options -> Advanced -> Private SSH KnownHosts file' (or set" 
 	echo "** Warning: SSVNC_KNOWN_HOSTS_FILE directly) to a per-connection known hosts" 
-	echo "** Warning: file.  This yields a both secure and convenient solution." 
+	echo "** Warning: file.  That file holds the 'localhost' cert for this specific" 
+	echo "** Warning: connection.  This yields a both secure and convenient solution." 
 	echo "" 
 }
 
@@ -2243,6 +2536,7 @@ if [ "X$use_ssh" = "X1" ]; then
 
 		nd=`findfree 6600`
 		PPROXY_LISTEN=$nd; export PPROXY_LISTEN
+		# XXX no reverse forever PPROXY_LOOP_THYSELF ...
 		$ptmp &
 		sleep 1
 		if [ "X$ssh_NHAFL" != "X" -a "X$did_ssh_NHAFL" != "X1" ]; then
@@ -2633,6 +2927,16 @@ if [ "X$crl" != "X" ]; then
 	fi
 fi
 
+if [ "X$showcert" = "X1" ]; then
+	if [ "X$ipv6" = "X1" -a "X$proxy" = "X" ]; then
+		proxy="ipv6://$host:$port"
+	fi
+fi
+
+if [ "X$direct_connect" != "X" -a "X$STUNNEL_LISTEN" != "X" ]; then
+	proxy=reverse_direct
+fi
+
 ptmp=""
 if [ "X$proxy" != "X" ]; then
 	ptmp="/tmp/ss_vncviewer${RANDOM}.$$.pl"
@@ -2841,9 +3145,22 @@ if [ "X$direct_connect" != "X" ]; then
 			PPROXY_LISTEN=$use
 			export PPROXY_LISTEN
 		else
-			PPROXY_REVERSE="$localhost:$use"
-			export PPROXY_REVERSE
-			pps=3
+			if [ "X$proxy" = "Xreverse_direct" ]; then
+				PPROXY_LISTEN="$STUNNEL_LISTEN:`expr 5500 + $disp`"
+				PPROXY_DEST="$localhost:$use"
+				PPROXY_PROXY="ipv6://$localhost:$use"	# not always ipv6..
+				export PPROXY_LISTEN PPROXY_DEST PPROXY_PROXY
+				pps=1
+			else
+				PPROXY_REVERSE="$localhost:$use"
+				export PPROXY_LISTEN
+				pps=3
+			fi
+			if [ "X$SSVNC_LISTEN_ONCE" != "X1" ]; then
+				PPROXY_LOOP_THYSELF=`mytmp "/tmp/pproxy_loop_thyself.${RANDOM}.$$"`
+				export PPROXY_LOOP_THYSELF
+				pps=2
+			fi
 			if [ "X$SSVNC_EXTRA_SLEEP" != "X" ]; then
 				pps=`expr $pps + $SSVNC_EXTRA_SLEEP`
 			fi
@@ -2904,10 +3221,13 @@ if [ "X$direct_connect" != "X" ]; then
 		echo ""
 		trap "final" 0 2 15
 		if [ "X$SSVNC_ULTRA_DSM" != "X" ]; then
-			echo "NOTE: The ultravnc_dsm_helper only runs once.  So after the first LISTEN"
-			echo "      ends, you may have to Press Ctrl-C and restart for another connection."
-			echo ""
-			SSVNC_LISTEN_ONCE=1; export SSVNC_LISTEN_ONCE
+			if [ "X$SSVNC_LISTEN_ONCE" = "X1" ]; then
+				echo "NOTE: The ultravnc_dsm_helper only runs once.  So after the first LISTEN"
+				echo "      ends you must restart the Listening mode.  You may also need to"
+				echo "      Press Ctrl-C to stop the viewer and restart for another connection."
+				echo ""
+			fi
+			#SSVNC_LISTEN_ONCE=1; export SSVNC_LISTEN_ONCE
 			VNCVIEWER_LISTEN_LOCALHOST=1
 			export VNCVIEWER_LISTEN_LOCALHOST
 			dport=`expr 5500 + $disp`
@@ -2917,8 +3237,13 @@ if [ "X$direct_connect" != "X" ]; then
 			echo
 			echo "$ustr &"
 			echo
-			$cmd &
-			dsm_pid=$!
+			if [ "X$SSVNC_LISTEN_ONCE" = "X1" ]; then
+				$cmd &
+				dsm_pid=$!
+			else
+				while [ 1 ]; do $cmd; sleep 1; done &
+				dsm_pid=$!
+			fi
 			sleep 2
 			disp=$use
 			if [ $disp -ge 5500 ]; then
@@ -2935,6 +3260,9 @@ if [ "X$direct_connect" != "X" ]; then
 		echo "$VNCVIEWERCMD" "$@" -listen $disp2
 		echo ""
 		$VNCVIEWERCMD "$@" -listen $disp2
+		if [ "X$PPROXY_LOOP_THYSELF" != "X" ]; then
+			rm -f $PPROXY_LOOP_THYSELF
+		fi
 	fi
 	exit $?
 fi
@@ -2998,6 +3326,8 @@ else
 	hloc=""
 	if [ "X$use_ssh" = "X1" ]; then
 		hloc="$localhost:"
+	elif [ "X$STUNNEL_LISTEN" != "X" ]; then
+		hloc="$STUNNEL_LISTEN:"
 	fi
 	if echo "$proxy" | grep -i '^vencrypt:' > /dev/null; then
 		hloc="$localhost:"
@@ -3127,7 +3457,12 @@ else
 		if echo "$proxy" | grep -i '^vencrypt:' > /dev/null; then
 			pstunnel=`echo "$proxy" | awk -F: '{print $2}'`
 			plisten=`echo "$proxy" | awk -F: '{print $3}'`
-			PPROXY_LISTEN="INADDR_ANY:$plisten"; export PPROXY_LISTEN
+			IF=INADDR_ANY
+			if [ "X$STUNNEL_LISTEN" != "X" ]; then
+				IF=$STUNNEL_LISTEN
+			fi
+			PPROXY_VENCRYPT_REVERSE=1; export PPROXY_VENCRYPT_REVERSE
+			PPROXY_LISTEN="$IF:$plisten"; export PPROXY_LISTEN
 			PPROXY_PROXY="vencrypt://$localhost:$pstunnel"; export PPROXY_PROXY
 			PPROXY_DEST="$localhost:$pstunnel"; export PPROXY_DEST
 			STUNNEL_ONCE=1; export STUNNEL_ONCE
@@ -3140,6 +3475,11 @@ else
 				if [ $N2_trim -le 200 ]; then
 					N2_trim=`expr $N2_trim + 5500`
 				fi
+				if [ "X$SSVNC_LISTEN_ONCE" != "X1" ]; then
+					PPROXY_LOOP_THYSELF=`mytmp "/tmp/pproxy_loop_thyself1.${RANDOM}.$$"`
+					export PPROXY_LOOP_THYSELF
+					PPROXY_LOOP_THYSELF0=$PPROXY_LOOP_THYSELF
+				fi
 				env PPROXY_REMOVE=0 PPROXY_SLEEP=0 PPROXY_VENCRYPT_VIEWER_BRIDGE="-$port1,$port2" $ptmp &
 				sleep 1
 			fi
@@ -3148,6 +3488,10 @@ else
 			PPROXY_SLEEP=1; export PPROXY_SLEEP;
 		fi
 		PPROXY_KILLPID=+1; export PPROXY_KILLPID;
+		if [ "X$SSVNC_LISTEN_ONCE" != "X1" ]; then
+			PPROXY_LOOP_THYSELF=`mytmp "/tmp/pproxy_loop_thyself2.${RANDOM}.$$"`
+			export PPROXY_LOOP_THYSELF
+		fi
 		$ptmp &
 		# Important to have no extra pids generated between here and VNCVIEWERCMD
 	fi
@@ -3157,6 +3501,13 @@ else
 	echo "$VNCVIEWERCMD" "$@" -listen $N2
 	echo ""
 	$VNCVIEWERCMD "$@" -listen $N2
+
+	if [ "X$PPROXY_LOOP_THYSELF" != "X" ]; then
+		rm -f $PPROXY_LOOP_THYSELF
+	fi
+	if [ "X$PPROXY_LOOP_THYSELF0" != "X" ]; then
+		rm -f $PPROXY_LOOP_THYSELF0
+	fi
 fi
 
 sleep 1
diff --git a/x11vnc/misc/enhanced_tightvnc_viewer/bin/util/ssvnc.tcl b/x11vnc/misc/enhanced_tightvnc_viewer/bin/util/ssvnc.tcl
index 3e63ba5..21f3d9f 100755
--- a/x11vnc/misc/enhanced_tightvnc_viewer/bin/util/ssvnc.tcl
+++ b/x11vnc/misc/enhanced_tightvnc_viewer/bin/util/ssvnc.tcl
@@ -3,12 +3,12 @@
 exec wish "$0" "$@"
 
 #
-# Copyright (c) 2006-2009 by Karl J. Runge <runge@karlrunge.com>
+# Copyright (c) 2006-2010 by Karl J. Runge <runge@karlrunge.com>
 #
 # ssvnc.tcl: gui wrapper to the programs in this
 # package. Also sets up service port forwarding.
 #
-set version 1.0.25
+set version 1.0.27
 
 set buck_zero $argv0
 
@@ -249,15 +249,21 @@ proc ts_help {} {
     Use username@host (e.g. joe@ts-server or jsmith@ssh.company.com)
     if the user name differs between machines.
 
-    To use a non-standard ssh port (i.e. a port other than 22) in
-    Proxy/Gateways use something like this for port 2222:
+    NOTE: On Windows you MUST always supply the username@ because putty's
+    plink requires it.
 
+
+    NON-STANDARD SSH PORT: To use a non-standard ssh port (i.e. a port other
+    than 22) you need to use the Proxy/Gateways as well.  E.g. something
+    like this for port 2222:
+    
            VNC Terminal Server:  ts-server
            Proxy/Gateway:        jsmith@ssh.company.com:2222
 
     On Unix/MacOSX the username@ is not needed if it is the same as on this
     machine.
 
+
     A Web or SOCKS proxy can also be used.  Use this if you are inside a
     firewall that prohibits direct connections to remote SSH servers.
     In Terminal Services SSH mode, the "http://" prefix is required for
@@ -413,8 +419,9 @@ proc help {} {
 
     * Automatic SSH Tunnels are described below.
 
-    * The 'No Encryption' option provides a direct connection w/o encryption.
-      (disable by the -enc option, or Options menu.)  More info in Tip 3).
+    * The 'No Encryption' / 'None' option provides a direct connection without
+      encryption (disable the button with the -enc option, or Options menu.)
+      More info in Tip 5.
 
  Port numbers:
 
@@ -428,9 +435,12 @@ proc help {} {
     If you must use a TCP port less than 200, specify a negative value,
     e.g.:  24.67.132.27:-80
  
-    For Reverse VNC connections (listening viewer, See Tip 6 and
+    For Reverse VNC connections (listening viewer, See Tip 2 and
     Options -> Help), the port mapping is similar, except "listening
     display :0" corresponds to port 5500, :1 to 5501, etc.
+    Specify a specific interface, e.g. 192.168.1.1:0 to have stunnel
+    only listen on that interface.  IPv6 also works, e.g. :::0 or ::1:0
+    This also works for UN-encrypted reverse connections as well ('None').
 
 
  Zeroconf/Bonjour:
@@ -480,7 +490,7 @@ proc help {} {
         ssvnc vnc+ssl://hostname:0  (same)
         ssvnc vnc+ssh://hostname:0  (connect to hostname VNC disp 0 via SSH)
 
-    see the Tips 3 and 9 for more about the URL-like syntax.
+    see the Tips 5 and 7 for more about the URL-like syntax.
 
 
  SSL Certificate Verification:
@@ -667,7 +677,7 @@ proc help {} {
 
     To connect to a non-standard SSH port, see SSH Proxies/Gateways section.
 
-    See Tip 13) for how to make this application be SSH-only with the -ssh
+    See Tip 8) for how to make this application be SSH-only with the -ssh
     command line option or "sshvnc".
 
 
@@ -688,7 +698,7 @@ proc help {} {
          VNC Host:Display       username@somehost.com:2
          Remote SSH Command:    x11vnc -find -rfbport 5902 -nopw
 
-    See the Tip 11) for using x11vnc PORT=NNNN feature (or vncserver(1)
+    See the Tip 18) for using x11vnc PORT=NNNN feature (or vncserver(1)
     output) to not need to specify the VNC display number or the x11vnc
     -rfbport option.
 
@@ -764,7 +774,7 @@ proc help {} {
     See also these links for more information:
 
         http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-tunnel-ext
-        http://www.stunnel.org
+        http://stunnel.mirt.net
         http://www.tightvnc.com
 }
 
@@ -803,7 +813,7 @@ proc help {} {
     By 'do not trust' we mean they might try to gain access to remote
     machines you connect to via SSVNC.  Note that an untrusted local
     user can often obtain root access in a short amount of time; if a
-    user has acheived that, then all bets are off for ANYTHING that you
+    user has achieved that, then all bets are off for ANYTHING that you
     do on the workstation.  It is best to get rid of Untrusted Local
     Users as soon as possible.
 
@@ -819,7 +829,7 @@ proc help {} {
     If the untrusted local user tries to connect to these ports, he may
     succeed by varying degrees to gain access to the remote machine.
     We now list some safeguards one can put in place to try to make this
-    more difficult to acheive.
+    more difficult to achieve.
 
     It probably pays to have the VNC server require a password, even
     though there has already been SSL or SSH authentication (via
@@ -886,7 +896,7 @@ proc help {} {
 
 	set help_prox {
  Here are a number of long sections on all sorts of proxies, Web, SOCKS,
- ssh, UltraVNC, Single Click, etc., etc.
+ SSH tunnels/gateways, UltraVNC, Single Click, etc., etc.
 
 
  Proxies/Gateways:
@@ -917,18 +927,22 @@ proc help {} {
            Proxy/Gateway:      socks://mysocks.west:1080
 
     Use socks5:// to force the SOCKS5 proxy protocol (e.g. for ssh -D).
-    You can prefix web proxies with http:// but it doesn't matter since
-    that is the default (note that in SSH or SSH+SSL mode you MUST supply
-    the http:// prefix for web proxies; see the next section.)
+
+    You can prefix web proxies with http:// in SSL mode but it doesn't matter
+    since that is the default for a proxy.  (NOTE that in SSH or SSH+SSL
+    mode you MUST supply the http:// prefix for web proxies because in those
+    modes an SSH tunnel is the default proxy type: see the next section.)
 
     Note that Web proxies are often configured to ONLY allow outgoing
     connections to ports 443 (HTTPS) and 563 (SNEWS), so you might
     have run the VNC server (or router port redirector) on those ports.
     SOCKS proxies usually have no restrictions on port number.
 
-    You can chain up to 3 proxies (any combination of http:// and
+    You can chain up to 3 proxies (any combination of web (http://) and
     socks://) by separating them with commas (i.e. first,second,third).
 
+    Proxies also work for un-encrypted connections ("None" or vnc://, Tip 5)
+
     See the ss_vncviewer description and x11vnc FAQ for info on proxies:
 
         http://www.karlrunge.com/x11vnc/faq.html#ss_vncviewer
@@ -942,8 +956,8 @@ proc help {} {
     VNC server.  However, Web and SOCKS proxies can also be used (see below).
 
     For example if a company had a central login server: "ssh.company.com"
-    (accessible from the internet) and the internal workstation name was
-    "joes-pc", one could put this in:
+    (accessible from the internet) and the internal workstation with VNC was
+    named "joes-pc", then to create an SSH tunnel one could put this in:
 
            VNC Host:Display:   joes-pc:0
            Proxy/Gateway:      ssh.company.com
@@ -951,7 +965,8 @@ proc help {} {
     It is OK if the hostname "joes-pc" only resolves inside the firewall.
 
     The 2nd leg, from ssh.company.com -> joes-pc is done by a ssh -L
-    redir and is not encrypted (but viewer -> ssh.company.com is encrypted). 
+    redir and is not encrypted (but the viewer -> ssh.company.com 1st leg is
+    an encrypted tunnel). 
 
     To SSH encrypt BOTH legs, try the "double SSH gateway" method using
     the "comma" notation:
@@ -959,24 +974,28 @@ proc help {} {
            VNC Host:Display:   localhost:0
            Proxy/Gateway:      ssh.company.com,joes-pc
 
-    this requires an SSH server running on joes-pc.  So an initial SSH
+    this requires an SSH server also running on joes-pc.  So an initial SSH
     login is done to ssh.company.com, then a 2nd SSH is performed (through
     port a redirection of the first) to login straight to joes-pc where
     the VNC server is running.
 
     Use username@host (e.g. joe@joes-pc  jsmith@ssh.company.com) if the
-    user names differ between the various machines.  On Windows you MUST
-    supply the usernames.
+    user names differ between the various machines.  
 
-    To use a non-standard ssh port (i.e. a port other than 22) you need to
-    use the Proxy/Gateways as well.  E.g. something like this for port 2222:
+    NOTE: On Windows you MUST always supply the username@ because putty's
+    plink requires it.
+
+
+    NON-STANDARD SSH PORT: To use a non-standard ssh port (i.e. a port other
+    than 22) you need to use the Proxy/Gateways as well.  E.g. something
+    like this for port 2222:
 
            VNC Host:Display:   localhost:0
            Proxy/Gateway:      joe@far-away.east:2222
 
-    The username@ is not needed if it is the same as on the client.  This
-    will also work going to a different internal machine, e.g. "joes-pc:0"
-    instead of "localhost:0", as in the first example.
+    On Unix/MacOSX the username@ is not needed if it is the same as on
+    the client.  This will also work going to a different internal machine,
+    e.g. "joes-pc:0" instead of "localhost:0", as in the first example.
 
 
     A Web or SOCKS proxy can also be used with SSH.  Use this if you are
@@ -990,12 +1009,14 @@ proc help {} {
            VNC Host:Display:   joe@far-away.east:0
            Proxy/Gateway:      socks://mysocks.west:1080
 
-    use socks5://... to force the SOCKS5 version.  Note that the http://
-    prefix is required for web proxies in SSH or SSH+SSL modes (but it is
-    the default in SSL mode.)
+    Use socks5://... to force the SOCKS5 version.  Note that the http://
+    prefix is REQUIRED for web proxies in SSH or SSH+SSL modes (but it is
+    the default proxy type in SSL mode.)
 
-    You can chain up to 3 proxies (any combination of http:// and
-    socks://) by separating them with commas (i.e. first,second,third).
+    You can chain up to 3 proxies (any combination of http://, socks://
+    and ssh) by separating them with commas (i.e. first,second,third).
+
+    Note: the Web and/or SOCKS proxies must come before any SSH gateways.
 
     For a non-standard SSH port and a Web or SOCKS proxy try:
 
@@ -1006,15 +1027,15 @@ proc help {} {
     above works with an initial Web or SOCKS proxy, e.g.:
 
            VNC Host:Display:   localhost:0
-           Proxy/Gateway:      http://mysocks.west:1080,ssh.company.com,joes-pc
+           Proxy/Gateway:      socks://mysocks.west:1080,ssh.company.com,joes-pc
 
 
 
-    SSH NoHostAuthenticationForLocalhost=yes and UserKnownHostsFile=file
-    for localhost tunnelling:
+    Some Notes on SSH localhost tunnelling with SSH options
+      NoHostAuthenticationForLocalhost=yes and UserKnownHostsFile=file:
 
-    Warning:  Note that for proxy use with ssh(1) tunnels going through
-    localhost are used.  This means ssh(1) thinks the remote hostname is
+    Warning:  Note that for proxy use with ssh(1), tunnels going through
+    'localhost' are used.  This means ssh(1) thinks the remote hostname is
     'localhost', which may cause collisions and confusion when storing
     and checking SSH keys.
 
@@ -1026,7 +1047,7 @@ proc help {} {
     the NoHostAuthenticationForLocalhost option is used.
 
     On Unix to disable the use of NoHostAuthenticationForLocalhost set the env.
-    variable SSVNC_SSH_LOCALHOST_AUTH=1.
+    variable SSVNC_SSH_LOCALHOST_AUTH=1. This may induce extra ssh(1) dialogs.
 
     On Unix a MUCH SAFER and more convenient way to proceed is to set the
     known hosts option in Options -> Advanced -> 'Private SSH KnownHosts file'
@@ -1063,10 +1084,10 @@ proc help {} {
 
     Note: it seems only SSL SSVNC connections make sense with the
     UltraVNC repeater.  SSH connections (previous section) do not seem to
-    and so are not enabled to (let us know if you find a way to use it).
+    and so are not enabled to (let us know if you find a way to use it.)
 
     Unencrypted (aka Direct) SSVNC VNC connections (Vnc:// prefix in
-    'VNC Host:Display'; see Tip 3) also work with the UltraVNC repeater.
+    'VNC Host:Display'; see Tip 5) also work with the UltraVNC repeater.
 
     For the mode I repeater the viewer initiates the connection and
     passes a string that is the VNC server's IP address (or hostname)
@@ -1084,12 +1105,12 @@ proc help {} {
     The Proxy/Gateway format is repeater://proxy:port+vncserver:display.
     The string after the "+" sign is passed to the repeater server for
     it to interpret (and so does not have to be the UltraVNC repeater;
-    you could create your own if you wanted to). For this example,
+    you could create your own if you wanted to.)  For this example,
     instead of joes-pc:1 it could be joes-pc:5901 or 192.168.1.4:1,
     192.168.1.4:5901, etc.
 
     If you do not supply a proxy port, then the default 5900 is assumed,
-    e.g.  repeater://myuvncrep.west+joes-pc:1
+    e.g. use repeater://myuvncrep.west+joes-pc:1 for port 5901.
 
 
     For the mode II repeater both the VNC viewer and VNC server initiate
@@ -1118,7 +1139,7 @@ proc help {} {
     connection in this situation.
 
     Note that for unencrypted (i.e. direct) SSVNC connections (see vnc://
-    in Tip 3) there is no need to use a reverse "Listening connection"
+    in Tip 5) there is no need to use a reverse "Listening connection"
     and so you might as well use a forward connection.
 
     For mode II when tunnelling via SSL, you probably should also disable
@@ -1128,9 +1149,9 @@ proc help {} {
     is no way to do the initial "Fetch Cert" and check if it has been
     previously accepted.
 
-    Even when you disable "Verify All Certs", you are free to set a
-    ServerCert or CertsDir under "Certs ..." to authenticate the VNC
-    Server against.
+    Even when you disable "Verify All Certs", you are of course free to
+    set a ServerCert or CertsDir under "Certs ..." to authenticate the
+    VNC Server against.
 
     Also, after the connection you MUST terminate the listening VNC Viewer
     (Ctrl-C) and connect again (the proxy only runs once.)  In Windows,
@@ -1170,7 +1191,7 @@ proc help {} {
     The SC EXE is a VNC *server* that starts up a Reverse VNC connection
     to a Listening Viewer (e.g. the viewer address/port/ID is hardwired
     into the SC EXE).  So SC is not really a proxy, but it can be used
-    with UltraVNC repeater proxies and we include it here.
+    with UltraVNC repeater proxies and so we describe it here.
 
     One important point for SC III binary creation: do NOT include 
     "-id N" in the helpdesk.txt config file.  This is because the with
@@ -1190,7 +1211,7 @@ proc help {} {
     mode and the SSL encrypted "SC III" mode.  For both cases SSVNC
     must be run in Listening mode (Options -> Reverse VNC Connection)
 
-    For SC I, enable Reverse VNC Connection and put Vnc://0 (see Tip 3
+    For SC I, enable Reverse VNC Connection and put Vnc://0 (see Tip 5
     below) in the VNC Host:Display to disable encryption (use a different
     number if you are not using the default listening port 5500).
     Then click on the "Listen" button and finally have the user run your
@@ -1242,46 +1263,211 @@ proc help {} {
     SSVNC vncviewer.  The modified viewer is needed; stock VNC viewers
     will not work.  Also, proxy chaining (bouncing off of more than one
     proxy) currently does not work.
+
+
+ VeNCrypt is treated as a proxy:
+
+    SSVNC supports the VeNCrypt VNC security type.  You will find out more
+    about this security type in the other parts of the Help documentation.
+    In short, it does a bit of plain-text VNC protocol negotiation before
+    switching to SSL/TLS encryption and authentication.
+
+    SSVNC implements its VeNCrypt support as final proxy in a chain
+    of proxies.  You don't need to know this or specify anything, but
+    it is good to know since it uses up one of the 3 proxies you are
+    allowed to chain together.  If you watch the command output you will
+    see the vencrypt:// proxy item.
+
+    You can specify that a VNC server uses VeNCrypt (Options -> Advanced)
+    or you can let SSVNC try to autodetect VeNCrypt.
+
+
+ IPv6 can be treated as a proxy for UN-ENCRYPTED connections:
+
+    Read Tip 20 about SSVNC's IPv6 (128 bit IP addresses) support.
+    In short, because stunnel and ssh support IPv6 hostnames and
+    addresses, SSVNC does too without you needing to do anything.
+
+    However, in some usages modes you will need to specify the IPv6
+    server destination in the Proxy/Gateway entry box.  The only case
+    this appears to be needed is when making an un-encrypted connection
+    to an IPv6 VNC server.  In this case neither stunnel nor ssh are
+    used and you need to specify something like this:
+
+              VNC Host:Display:       localhost:0
+              Proxy/Gateway:          ipv6://2001:4860:b009::68:5900
+
+    and then select 'None' as the encryption type.  Note that the above
+    'localhost:0' setting can be anything; it is basically ignored.
+
+    Note that on Unix, MacOSX, and Windows un-encrypted ipv6 connections
+    are AUTODETECTED and so you likely never need to supply ipv6://
+    Only try it if there are problems.  Also note that the ipv6://
+    proxy type does not work on Windows, so only the autodetection is
+    available there.
+
+    Note that if there is some other proxy, e.g. SOCKS or HTTP and that
+    proxy server is an IPv6 host (or will connect you to one) then any
+    sort of connection through that proxy will work OK: un-encrypted as
+    well as SSL or SSH connections, etc.
+
+    Unencrypted connection is the only special case where you may need
+    to specify an ipv6:// proxy.  If you find another use let us know.
+
+    See Tip 20 for more info.
 }
 
 	set help_tips {
  Tips and Tricks:
 
-     1) On Unix to get a 2nd GUI (e.g. for a 2nd connection) press Ctrl-N
-        on the GUI.  If only the xterm window is visible you can press
-        Ctrl-N or try Ctrl-LeftButton -> New SSVNC_GUI.  On Windows you
-        will have to manually Start a new one: Start -> Run ..., etc.
+     Table of Contents:
+
+      1) Connect to Non-Standard SSH port.
+      2) Reverse VNC connections (Listening)
+      3) Global options in ~/.ssvncrc
+      4) Fonts
+      5) vnc://host for un-encrypted connection
+      6) Home directory for memory stick usage, etc.
+      7) vncs:// vncssl:// vnc+ssl:// vnc+ssh:// URL-like prefixes
+      8) sshvnc / -ssh SSH only GUI
+      9) tsvnc / -ts Terminal services only GUI (SSH+x11vnc)
+     10) 2nd GUI window on Unix/MacOSX
+     11) Ctrl-L or Button3 to Load profile
+     12) SHELL command or Ctrl-S for SSH terminal w/o VNC
+     13) KNOCK command for port-knock sequence
+     14) Unix/MacOSX general SSL redirector (not just VNC)
+     15) Environment variables
+     16) Bigger "Open File" dialog window
+     17) Unix/MacOSX extra debugging output
+     18) Dynamic VNC Server Port determination with SSH
+     19) No -t ssh cmdline option for older sshd
+     20) IPv6 support.
+
+     1) To connect in SSH-Mode to a server running SSH on a non-standard
+        port (22 is the standard port) you need to use the Proxy/Gateway
+        setting.  The following is from the Proxies Help panel:
+
+        NON-STANDARD SSH PORT: To use a non-standard ssh port (i.e. a port other
+        than 22) you need to use the Proxy/Gateways as well.  E.g. something
+        like this for port 2222: 
+    
+               VNC Host:Display:   localhost:0
+               Proxy/Gateway:      joe@far-away.east:2222
+    
+        The username@ is not needed if it is the same as on the client.  This
+        will also work going to a different internal machine, e.g. "joes-pc:0"
+        instead of "localhost:0", as in the first example.
+    
+     2) Reverse VNC connections (Listening) are possible as well.
+        In this case the VNC Server initiates the connection to your
+        waiting (i.e. listening) SSVNC viewer.
 
-     2) Pressing the "Load" button or pressing Ctrl-L or Clicking the Right
-        mouse button on the main GUI will invoke the Load dialog.
+        Go to Options and select "Reverse VNC connection".  In the 'VNC
+        Host:Display' entry box put in the number (e.g. "0" or ":0", or
+        ":1", etc) that corresponds to the Listening display (0 -> port
+        5500, 1 -> port 5501, etc.) you want to use.  Then clicking on
+        'Listen' puts your SSVNC viewer in a "listening" state on that
+        port number, waiting for a connection from the VNC Server.
 
-        Pressing Ctrl-O on the main GUI will bring up the Options Panel.
-        Pressing Ctrl-A on the main GUI will bring up the Advanced Options.
+        On Windows or using a 3rd party VNC Viewer multiple, simultaneous
+        reverse connections are always enabled.  On Unix/MacOSX with the
+        provided ssvncviewer they are disabled by default.  To enable them:
+        Options -> Advanced -> Unix ssvncviewer -> Multiple LISTEN Connections
+
+        Specify a specific interface, e.g. 192.168.1.1:0 to have stunnel
+        only listen on that interface.  IPv6 works too, e.g. :::0 or ::1:0
+        This also works for UN-encrypted reverse connections as well ('None').
+
+        See the Options Help for more info.
+
+     3) You can put global options in your ~/.ssvncrc file (ssvnc_rc on
+        Windows). Currently they are:
+
+	Put "mode=tsvnc" or "mode=sshvnc" in the ~/.ssvncrc file to have
+	the application start up in the given mode.
+
+        desktop_type=wmaker    (e.g.) to switch the default Desktop Type.
+
+        desktop_size=1280x1024 (e.g.) to switch the default Desktop Size.
+
+        desktop_depth=24       (e.g.) to switch the default Desktop Color Depth
+
+        xserver_type=Xdummy    (e.g.) to switch the default X Server Type.
+
+        (The above 4 settings apply only to the Terminal Services Mode.)
+
+        noenc=1  (same as the -noenc option for a 'No Encryption' option)
+        noenc=0  (do not show the 'No Encryption' option)
+
+        killstunnel=1 (same as -killstunnel), on Windows automatically kills
+        the STUNNEL process when the viewer exits.  Disable via killstunnel=0
+        and -nokillstunnel.
+
+        ipv6=0   act as though IPv6 was not detected.
+        ipv6=1   act as though IPv6 was detected.
+
+        cotvnc=1 have the default vncviewer on Mac OS X be the Chicken of
+        the VNC.  By default the included ssvnc X11 vncviewer is used
+        (requires Mac OS X X11 server to be running.)
+
+        mycert=file (same as -mycert file option).  Set your default MyCert
+        to "file".  If file does not exist ~/.vnc/certs/file is used.
+
+        cacert=file (same as -cacert file option).  Set your default ServerCert
+        to "file".  If file does not exist ~/.vnc/certs/file is used.  If
+        file is "CA" then ~/.vnc/certs/CA/cacert.pem is used.
+
+        crl=file (same as -crl file option).  Set your default CRL File
+        to "file".  If file does not exist ~/.vnc/certs/file is used.
+
+        Prefix any of these cert/key files with "FORCE:" to make them
+        immutable, e.g.  "cacert=FORCE:CA".
+
+        You can set any environment variable in ~/.ssvncrc by using a line
+        like env=VAR=value, for example:  env=SSVNC_FINISH_SLEEP=2
+
+        To change the fonts (see Tip 4 below for examples):
+
+        font_default=tk-font-name     (sets the font for menus and buttons)
+        font_fixed=tk-font-name       (sets the font for help text)
+
+     4) Fonts: To change the tk fonts, set these environment variables
+        before starting up ssvnc: SSVNC_FONT_DEFAULT and SSVNC_FONT_FIXED.
+        For example:
+
+            % env SSVNC_FONT_DEFAULT='helvetica -20 bold' ssvnc
+            % env SSVNC_FONT_FIXED='courier -14' ssvnc
+
+        or set both of them at once.  You can also set 'font_default' and
+        'font_fixed' in your ~/.ssvncrc.  E.g.:
 
-     3) If you want to make a Direct VNC connection, WITH *NO* SSL OR
-        SSH ENCRYPTION, use the "vnc://" prefix in the VNC Host:Display
-        entry box, e.g. "vnc://far-away.east:0"  This also works for
-        reverse connections, e.g. vnc://0
+        font_default=helvetica -16 bold
+        font_fixed=courier -12
+
+     5) If you want to make a Direct VNC connection, WITH *NO* SSL OR
+        SSH ENCRYPTION or authentication, use the "vnc://" prefix in the
+        VNC Host:Display entry box, e.g. "vnc://far-away.east:0"  This
+        also works for reverse connections, e.g. vnc://0
 
         Use Vnc:// (i.e. capital 'V') to avoid being prompted if you are
         sure you want no encryption.  For example, "Vnc://far-away.east:0"
-
         Shift+Ctrl-E in the entry box is a short-cut to add or remove
         the prefix "Vnc://" from the host:disp string.
 
-        Note as of SSVNC 1.0.25 the '-noenc' mode is now the default. I.e.
-        the 'No Encryption' option ('None') is shown by default. To disable
-        the button supply the '-enc' cmdline option.  
-
-        You can also run ssvnc with the '-noenc' cmdline option (now the
-        default) to have a check option that lets you turn off Encryption
-        (and profiles will store this setting).  Pressing Ctrl-E on
-        the main panel is a short-cut to toggle between the -noenc
-        'No Encryption' mode and normal mode.  The option "Show 'No
-        Encryption' Option" under Options also toggles it.
+        You can also run ssvnc with the '-noenc' cmdline option (now
+        the default) to have a check option 'None' that lets you turn off
+        Encryption (and profiles will store this setting).  Pressing Ctrl-E
+        on the main panel is a short-cut to toggle between the -noenc 'No
+        Encryption' mode and normal mode.  The option "Show 'No Encryption'
+        Option" under Options also toggles it.
 
         The '-enc' option disables the button (and so makes it less obvious
-        how do disable encryption.)
+        to naive users how to disable encryption.)
+
+        Note as of SSVNC 1.0.25 the '-noenc' mode is now the default. I.e.
+        the 'No Encryption' option ('None') is shown by default.  When
+        you select 'None' you do not need to supply the "vnc://" prefix.
+        To disable the button supply the '-enc' cmdline option.
 
         Setting SSVNC_DISABLE_ENCRYPTION_BUTTON=1 in your environment is
         the same as -noenc.  You can also put noenc=1 in your ~/.ssvncrc file.
@@ -1294,23 +1480,23 @@ proc help {} {
         password) over the network that can be sniffed.
 
         It is also possible (although difficult) for someone to hijack an
-        unencrypted VNC session.
+        existing unencrypted VNC session.
 
         Often SSVNC is used to connect to x11vnc where the Unix username and
         password is sent over the channel.  It would be a very bad idea to
-        let that data be sent over an unencrypted connection.  In general,
+        let that data be sent over an unencrypted connection!  In general,
         it is not wise to have a plaintext VNC connection.
 
         Note that even the VNC Password challenge-response method (the password
-        is not sent in plaintext) leaves your VNC password susceptible a
+        is not sent in plaintext) leaves your VNC password susceptible to a
         dictionary attack unless encryption is used to hide it.
 
-        So (before we made the button on by default!) we forced you to
-        learn about and supply the "vnc://" or "Vnc://" prefix to the
-        host:port or use -noenc or the "Show 'No Encryption' Option"
+        So (well, before we made the button visible by default!) we forced
+        you to learn about and supply the "vnc://" or "Vnc://" prefix to
+        the host:port or use -noenc or the "Show 'No Encryption' Option"
         to disable encryption.  This is a small hurdle, but maybe someone
-        will think twice.  It is a shame that VNC has been around for over
-        10 years and still does not have built-in strong encryption.
+        will think twice.  It is a shame that VNC has been around for
+        over 10 years and still does not have built-in strong encryption.
 
         Note the Vnc:// or vnc:// prefix will be stored in any profile that
         you save so you do not have to enter it every time.
@@ -1318,65 +1504,7 @@ proc help {} {
         Set the env var SSVNC_NO_ENC_WARN=1 to skip the warning prompts the
         same as the capitalized Vnc:// does.
 
-     4) If you use "SHELL" for the "Remote SSH Command" (or in the display
-        line: "user@hostname cmd=SHELL") then you get an SSH shell only:
-        no VNC viewer will be launched.  On Windows "PUTTY" will try
-        to use putty.exe (better terminal emulation than plink.exe).
-
-        A ShortCut for this is Ctrl-S with user@hostname in the entry box.
-
-     5) If you use "KNOCK" for the "Remote SSH Command" (or in the display
-        line "user@hostname cmd=KNOCK") then only the port-knocking is done.
-
-        A ShortCut for this is Ctrl-P with hostname the entry box.
-
-        If it is KNOCKF, i.e. an extra "F", then the port-knocking
-        "FINISH" sequence is sent, if any.  A ShortCut for this
-        Shift-Ctrl-P as long as hostname is present.
-
-     6) Reverse VNC connections (Listening) are possible as well.
-        In this case the VNC Server initiates the connection to your
-        waiting (i.e. listening) SSVNC viewer.
-
-        Go to Options and select "Reverse VNC connection".  In the 'VNC
-        Host:Display' entry box put in the number (e.g. "0" or ":0", or
-        ":1", etc) that corresponds to the Listening display (0 -> port
-        5500, 1 -> port 5501, etc.) you want to use.  Then clicking on
-        'Listen' puts your SSVNC viewer in a "listening" state on that
-        port number, waiting for a connection from the VNC Server.
-
-        See the Options Help for more info.
-
-     7) On Unix to have SSVNC act as a general STUNNEL redirector (i.e. no
-        VNC), put the desired host:port in VNC Host:Display (use a
-        negative port value if it is to be less than 200), then go to
-        Options -> Advanced -> Change VNC Viewer.  Change the "viewer"
-        command to be "xmessage OK" or "xmessage <port>" (or sleep) where
-        port is the desired local listening port.  Then click Connect.
-        If you didn't set the local port look for it in the terminal output.
-
-        On Windows set 'viewer' to "NOTEPAD" or similar; you can't
-        control the port though.  It is usually 5930, 5931, ... Watch
-        the messages or look at the stunnel log.
-
-     8) On Unix if you are going to an older SSH server (e.g. Solaris 10),
-        you will probably need to set the env. var. SS_VNCVIEWER_NO_T=1
-        to disable the ssh "-t" option being used (that can prevent the
-        command from being run).
-
-     9) In the VNC Host:Display entry you can also use these "URL-like"
-        prefixes:
-
-           vncs://host:0, vncssl://host:0, vnc+ssl://host:0  for SSL
-
-        and
-
-           vncssh://host:0, vnc+ssh://host:0                 for SSH
-
-        There is no need to toggle the SSL/SSH setting.  These also work
-        from the command line, e.g.:  ssvnc vnc+ssh://mymachine:10
-
-    10) Mobile USB memory stick / flash drive usage:  You can unpack
+     6) Mobile USB memory stick / flash drive usage:  You can unpack
         ssvnc to a flash drive for impromptu usage (e.g. from a friends
         computer). 
 
@@ -1400,70 +1528,19 @@ proc help {} {
          cd \ssvnc\Windows
          start \ssvnc\Windows\ssvnc.exe 
 
-    11) Dynamic VNC Server Port determination and redirection:  If you
-        are running SSVNC on Unix and are using SSH to start the remote
-        VNC server and the VNC server prints out the line "PORT=NNNN"
-        to indicate which dynamic port it is using (x11vnc does this),
-        then if you prefix the SSH command with "PORT=" SSVNC will watch
-        for the PORT=NNNN line and uses ssh's built in SOCKS proxy
-        (ssh -D ...) to connect to the dynamic VNC server port through
-        the SSH tunnel.  For example:
-
-                VNC Host:Display     user@somehost.com
-                Remote SSH Command:  PORT= x11vnc -find -nopw
-
-        or "PORT= x11vnc -display :0 -localhost", etc.  Or use "P= ..."
-
-        There is also code to detect the display of the regular Unix
-        vncserver(1).  It extracts the display (and hence port) from
-        the lines "New 'X' desktop is hostname:4" and also 
-        "VNC server is already running as :4".  So you can use
-        something like:
-
-                PORT= vncserver; sleep 15 
-        or:     PORT= vncserver :4; sleep 15 
-
-        the latter is preferred because when you reconnect with it will
-        find the already running one.  The former one will keep creating
-        new X sessions if called repeatedly.
-
-        On Windows if PORT= is supplied SOCKS proxying is not used, but
-        rather a high, random value of the VNC port is chosen (e.g. 8453)
-        and assumed to be free, and is passed to x11vnc's -rfbport option.
-        This only works with x11vnc (not vncserver).
-
-    12) Tricks with environment variables:
-
-        You can change the X DISPLAY variable by typing DISPLAY=... into
-        VNC Host:Display and hitting Return or clicking Connect. Same
-        for HOME=.  On Mac, you can set DYLD_LIBRARY_PATH=... too.
-        It should propagate down the viewer.
+     7) In the VNC Host:Display entry you can also use these "URL-like"
+        prefixes:
 
-        Setting SLEEP=n increases the amount of time waited before
-        starting the viewer.  The env. var. SSVNC_EXTRA_SLEEP also does
-        this (and also Sleep: Option setting) Setting FINISH=n sets the
-        amount of time slept before the Terminal window exits on Unix
-        and MacOS X.  (same as SSVNC_FINISH_SLEEP env. var.)
+           vncs://host:0, vncssl://host:0, vnc+ssl://host:0  for SSL
 
-        Full list of parameters HOME/SSVNC_HOME, DISPLAY/SSVNC_DISPLAY
-        DYLD_LIBRARY_PATH/SSVNC_DYLD_LIBRARY_PATH, SLEEP/SSVNC_EXTRA_SLEEP
-        FINISH/SSVNC_FINISH_SLEEP, DEBUG_NETSTAT, REPEATER_FORCE, SSH_ONLY.
-        (the ones joined by "/" are equivalent names, and the latter can
-        be set as an env. var. as well.)
+        and
 
-        After you set the parameter, clear out the 'VNC Host:Display'
-        entry and replace it with the actual host and display number.
+           vncssh://host:0, vnc+ssh://host:0                 for SSH
 
-        To replace the xterm terminal where most of the external commands
-        are run set SSVNC_XTERM_REPLACEMENT to a command that will run
-        a command in a terminal.  I.e.:  "$SSVNC_XTERM_REPLACEMENT cmd"
-        will run cmd.  If present, %GEOMETRY is expanded to a desired
-        +X+Y geometry.  If present, %TITLE is expanded to a desired title.
-        Examples: SSVNC_XTERM_REPLACEMENT='gnome-terminal -e'
-                  SSVNC_XTERM_REPLACEMENT='gnome-terminal -t "%TITLE" -e'
-                  SSVNC_XTERM_REPLACEMENT='konsole -e'
+        There is no need to toggle the SSL/SSH setting.  These also work
+        from the command line, e.g.:  ssvnc vnc+ssh://mymachine:10
 
-    13) If you want this application to be SSH only, then supply the
+     8) If you want this application to be SSH only, then supply the
         command line option "-ssh" or set the env. var SSVNC_SSH_ONLY=1.
 
         Then no GUI elements specific to SSL will appear (the
@@ -1477,7 +1554,7 @@ proc help {} {
         Or in your ~/.ssvncrc (or ~/ssvnc_rc on Windows) put "mode=sshvnc"
         to have the tool always start up in that mode.
 
-    14) For an even simpler "Terminal Services" mode use "tsvnc" or
+     9) For an even simpler "Terminal Services" mode use "tsvnc" or
         "tsvnc.bat" (or "-ts" option).  This mode automatically launches
         x11vnc on the remote side to find or create your Desktop session
         (usually the Xvfb X server).  So x11vnc must be available on the
@@ -1490,53 +1567,82 @@ proc help {} {
         Or in your ~/.ssvncrc (or ~/ssvnc_rc on Windows) put "mode=tsvnc"
         to have the tool always start up in that mode.
 
-    15) You can put global options in your ~/.ssvncrc file (ssvnc_rc on
-        Windows). Currently they are:
+    10) On Unix to get a 2nd GUI (e.g. for a 2nd connection) press Ctrl-N
+        on the GUI.  If only the xterm window is visible you can press
+        Ctrl-N or try Ctrl-LeftButton -> New SSVNC_GUI.  On Windows you
+        will have to manually Start a new one: Start -> Run ..., etc.
 
-	Put "mode=tsvnc" or "mode=sshvnc" in the ~/.ssvncrc file to have
-	the application start up in the given mode.
+    11) Pressing the "Load" button or pressing Ctrl-L or Clicking the Right
+        mouse button on the main GUI will invoke the Load dialog.
 
-        desktop_type=wmaker    (e.g.) to switch the default Desktop Type.
+        Pressing Ctrl-O on the main GUI will bring up the Options Panel.
+        Pressing Ctrl-A on the main GUI will bring up the Advanced Options.
 
-        desktop_size=1280x1024 (e.g.) to switch the default Desktop Size.
+    12) If you use "SHELL" for the "Remote SSH Command" (or in the display
+        line: "user@hostname cmd=SHELL") then you get an SSH shell only:
+        no VNC viewer will be launched.  On Windows "PUTTY" will try
+        to use putty.exe (better terminal emulation than plink.exe).
 
-        desktop_depth=24       (e.g.) to switch the default Desktop Color Depth
+        A ShortCut for this is Ctrl-S with user@hostname in the entry box.
 
-        xserver_type=Xdummy    (e.g.) to switch the default X Server Type.
+    13) If you use "KNOCK" for the "Remote SSH Command" (or in the display
+        line "user@hostname cmd=KNOCK") then only the port-knocking is done.
 
-        (The above 4 settings apply only to the Terminal Services Mode.)
+        A ShortCut for this is Ctrl-P with hostname the entry box.
 
-        noenc=1  (same as the -noenc option for a 'No Encryption' option)
-        noenc=0  (do not show the 'No Encryption' option)
+        If it is KNOCKF, i.e. an extra "F", then the port-knocking
+        "FINISH" sequence is sent, if any.  A ShortCut for this
+        Shift-Ctrl-P as long as hostname is present.
 
-        killstunnel=1 (same as -killstunnel), on Windows automatically kills
-        the STUNNEL process when the viewer exits.  Disable via killstunnel=0
-        and -nokillstunnel.
+    14) On Unix to have SSVNC act as a general STUNNEL redirector (i.e. no
+        VNC), put the desired host:port in VNC Host:Display (use a
+        negative port value if it is to be less than 200), then go to
+        Options -> Advanced -> Change VNC Viewer.  Change the "viewer"
+        command to be "xmessage OK" or "xmessage <port>" (or sleep) where
+        port is the desired local listening port.  Then click Connect.
+        If you didn't set the local port look for it in the terminal output.
 
-        cotvnc=1 have the default vncviewer on Mac OS X be the Chicken of
-        the VNC.  By default the included ssvnc X11 vncviewer is used
-        (requires Mac OS X X11 server to be running.)
+        On Windows set 'viewer' to "NOTEPAD" or similar; you can't
+        control the port though.  It is usually 5930, 5931, ... Watch
+        the messages or look at the stunnel log.
 
-        mycert=file (same as -mycert file option).  Set your default MyCert
-        to "file".  If file does not exist ~/.vnc/certs/file is used.
+    15) Tricks with environment variables:
 
-        cacert=file (same as -cacert file option).  Set your default ServerCert
-        to "file".  If file does not exist ~/.vnc/certs/file is used.  If
-        file is "CA" then ~/.vnc/certs/CA/cacert.pem is used.
+        You can change the X DISPLAY variable by typing DISPLAY=... into
+        VNC Host:Display and hitting Return or clicking Connect. Same
+        for HOME=.  On Mac, you can set DYLD_LIBRARY_PATH=... too.
+        It should propagate down the viewer.
 
-        crl=file (same as -crl file option).  Set your default CRL File
-        to "file".  If file does not exist ~/.vnc/certs/file is used.
+        Setting SLEEP=n increases the amount of time waited before
+        starting the viewer.  The env. var. SSVNC_EXTRA_SLEEP also does
+        this (and also Sleep: Option setting) Setting FINISH=n sets the
+        amount of time slept before the Terminal window exits on Unix
+        and MacOS X.  (same as SSVNC_FINISH_SLEEP env. var.)
 
-        Prefix any of these cert/key files with "FORCE:" to make them
-        immutable, e.g.  "cacert=FORCE:CA".
+        Full list of parameters HOME/SSVNC_HOME, DISPLAY/SSVNC_DISPLAY
+        DYLD_LIBRARY_PATH/SSVNC_DYLD_LIBRARY_PATH, SLEEP/SSVNC_EXTRA_SLEEP
+        FINISH/SSVNC_FINISH_SLEEP, DEBUG_NETSTAT, REPEATER_FORCE,
+        SSH_ONLY, TS_ONLY, NO_DELETE, BAT_SLEEP, IPV6/SSVNC_IPV6=0 or 1.
+        See below for more info.  (the ones joined by "/" are equivalent
+        names, and the latter can be set as an env. var. as well.)
 
-        You can set any environment variable in ~/.ssvncrc by using a line
-        like env=VAR=value, for example:  env=SSVNC_FINISH_SLEEP=2
+        After you set the parameter, clear out the 'VNC Host:Display'
+        entry and replace it with the actual host and display number.
 
-        To change the fonts (see Tip 18 below for examples):
+        To replace the xterm terminal where most of the external commands
+        are run set SSVNC_XTERM_REPLACEMENT to a command that will run
+        a command in a terminal.  I.e.:  "$SSVNC_XTERM_REPLACEMENT cmd"
+        will run cmd.  If present, %GEOMETRY is expanded to a desired
+        +X+Y geometry.  If present, %TITLE is expanded to a desired title.
+        Examples: SSVNC_XTERM_REPLACEMENT='gnome-terminal -e'
+                  SSVNC_XTERM_REPLACEMENT='gnome-terminal -t "%TITLE" -e'
+                  SSVNC_XTERM_REPLACEMENT='konsole -e'
 
-        font_default=tk-font-name     (sets the font for menus and buttons)
-        font_fixed=tk-font-name       (sets the font for help text)
+        More info: EXTRA_SLEEP: seconds of extra sleep in scripts; 
+        FINISH_SLEEP: final extra sleep at end; DEBUG_NETSTAT put up a
+        window showing what netstat reports; NO_DELETE: do not delete tmp
+        bat files on Windows (for debugging); BAT_SLEEP: sleep this many
+        seconds at the end of each Windows bat file (for debugging.) 
 
     16) On Unix you can make the "Open File" and "Save File" dialogs
         bigger by setting the env. var. SSVNC_BIGGER_DIALOG=1 or
@@ -1547,18 +1653,115 @@ proc help {} {
         vars to 1: SSVNC_STUNNEL_DEBUG, SSVNC_VENCRYPT_DEBUG, and
         SS_DEBUG (very verbose)
 
-    18) Fonts: To change the tk fonts, set these environment variables
-        before starting up ssvnc: SSVNC_FONT_DEFAULT and SSVNC_FONT_FIXED.
-        For example:
+    18) Dynamic VNC Server Port determination and redirection:  If you
+        are running SSVNC on Unix and are using SSH to start the remote
+        VNC server and the VNC server prints out the line "PORT=NNNN"
+        to indicate which dynamic port it is using (x11vnc does this),
+        then if you prefix the SSH command with "PORT=" SSVNC will watch
+        for the PORT=NNNN line and uses ssh's built in SOCKS proxy
+        (ssh -D ...) to connect to the dynamic VNC server port through
+        the SSH tunnel.  For example:
 
-            % env SSVNC_FONT_DEFAULT='helvetica -20 bold' ssvnc
-            % env SSVNC_FONT_FIXED='courier -14' ssvnc
+                VNC Host:Display     user@somehost.com
+                Remote SSH Command:  PORT= x11vnc -find -nopw
 
-        or set both of them at once.  You can also set 'font_default' and
-        'font_fixed' in your ~/.ssvncrc.  E.g.:
+        or "PORT= x11vnc -display :0 -localhost", etc.  Or use "P= ..."
 
-        font_default=helvetica -16 bold
-        font_fixed=courier -12
+        There is also code to detect the display of the regular Unix
+        vncserver(1).  It extracts the display (and hence port) from
+        the lines "New 'X' desktop is hostname:4" and also 
+        "VNC server is already running as :4".  So you can use
+        something like:
+
+                PORT= vncserver; sleep 15 
+        or:     PORT= vncserver :4; sleep 15 
+
+        the latter is preferred because when you reconnect with it will
+        find the already running one.  The former one will keep creating
+        new X sessions if called repeatedly.
+
+        On Windows if PORT= is supplied SOCKS proxying is not used, but
+        rather a high, random value of the VNC port is chosen (e.g. 8453)
+        and assumed to be free, and is passed to x11vnc's -rfbport option.
+        This only works with x11vnc (not vncserver).
+
+    19) On Unix if you are going to an older SSH server (e.g. Solaris 10),
+        you will probably need to set the env. var. SS_VNCVIEWER_NO_T=1
+        to disable the ssh "-t" option being used (that can prevent the
+        command from being run).
+
+    20) SSVNC is basically a wrapper for the stunnel and ssh programs,
+        and because those two programs have good IPv6 support SSVNC will
+        for most usage modes support it as well.  IPv6 is 128 bit internet
+        addresses (as opposed to IPv4 with its 32 bit xxx.yyy.zzz.nnn IPs.
+
+        So for basic SSL and SSH connections if you type in an IPv6 IP
+        address, e.g. '2001:4860:b009::68', or a hostname with only an
+        IPv6 lookup, e.g. ipv6.l.google.com, the connection will work
+        because stunnel and ssh handle these properly.
+
+        Note that you often need to supply a display number or port after
+        the address so put it, e.g. ':0' at the end: 2001:4860:b009::68:0
+        You can also use the standard notation [2001:4860:b009::68]:0
+        that is more clear.  You MUST specify the display if you use
+        the IPv6 address notation (but :0 is still the default for a
+        non-numeric hostname string.)
+
+        IPv4 addresses encoded in IPv6 notation also work, e.g.
+        ::ffff:192.168.1.100 should work for the most part.
+
+        SSVNC on Unix and MacOSX also has its own Proxy helper tool
+        (pproxy)  This script has been modified to handle IPv6 hostnames
+        and addresses as long as the IO::Socket::INET6 Perl module
+        is available.  On Windows the relay6.exe tool is used.
+
+        So for the most part IPv6 should work without you having to do
+        anything special.  However, for rare usage, the proxy helper tool
+        can also treat and IPv6 address as a special sort of 'proxy'.
+        So in the entry Proxy/Gateway you can include ipv6://host:port
+        and the IPv6 host will simply be connected to and the data
+        transferred.  In this usage mode, set the VNC Host:Display
+        to anything, e.g. 'localhost:0'; it is ignored if the ipv6://
+        endpoint is specified as a proxy.  Need for ipv6:// usage proxy
+        should be rare.
+
+        Note that for link local (not global) IPv6 addresses you may
+        need to include the network interface at the end of the address,
+        e.g. fe80::a00:20ff:fefd:53d4%eth0
+
+        Note that one can use a 3rd party VNC Viewer with SSVNC (see
+        Options -> Advanced -> Change VNC Viewer.)  IPv6 will work for
+        them as well even if they do not support IPv6.
+
+        IPv6 support on Unix, MacOSX, and Windows is essentially complete
+        for all types of connections (including proxied, unencrypted and
+        reverse connections.)  Let us know if you find a scenario that
+        does not work (see the known exception for putty/plink below.)
+
+        You can set ipv6=0 in your ssvncrc, then no special relaying for
+        IPv6 will be done (do this if there are problems or slowness in
+        trying to relay ipv6 and you know you will not connect to any
+        such hosts.)  Set ipv6=1 to force the special processing even if
+        IPv6 was not autodetected.  To change this dynamically, you also
+        enter IPV6=... in the VNC Host:Display entry box and press Enter.
+        Also on Unix or MacOSX you can set the env. var. SSVNC_IPV6=0
+        to disable the wrapper script from checking if hosts have ipv6
+        addresses (this is the same as setting ipv6=0 in ssvncrc or by
+        the setting ipv6 in the Entry box.)
+
+        On Windows plink.exe (SSH client) currently doesn't work for
+        IPv6 address strings (e.g. 2001:4860:b009::68) but it does work
+        for hostname strings that resolve to IPv6 addresses.
+
+        Note that one can make a home-brew SOCKS5 ipv4-to-ipv6 gateway
+        proxy using ssh like this:
+
+          ssh -D '*:1080' localhost "printf 'Press Enter to Exit: '; read x"
+  
+        then specify a proxy like socks5://hostname:1080 where hostname
+        is the machine running the above ssh command.  Add '-v' to the
+        ssh cmdline for verbose output.  See also the x11vnc inet6to4 tool
+        (a direct ipv4/6 relay, not socks.)
 }
 
 	global version
@@ -1845,7 +2048,7 @@ proc help_certs {} {
     The former corresponds to the "CAfile" STUNNEL parameter.
     The latter corresponds to the "CApath" STUNNEL parameter.
 
-    See stunnel(8) or www.stunnel.org for more information.
+    See stunnel(8) or stunnel.mirt.net for more information.
     
     If the remote VNC Server fails to authenticate itself with respect to the
     specified certificate(s), then the VNC Viewer (your side) will drop the
@@ -1936,7 +2139,7 @@ proc help_certs {} {
 
         http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-tunnel-ext
         http://www.karlrunge.com/x11vnc/ssl.html
-        http://www.stunnel.org
+        http://stunnel.mirt.net
 
     A common way to create and use a VNC Server certificate is:
 
@@ -2055,7 +2258,7 @@ set msg {
     On MacOSX try to use the bundled X11 vncviewer instead of the
     Chicken of the VNC viewer; the Xquartz X server must be installed
     (it is by default on 10.5.x) and the DISPLAY variable must be set
-    (see Tip 12 of SSVNC Help to do this manually.)
+    (see Tip 15 of SSVNC Help to do this manually.)
 
 
  Advanced Options:
@@ -2325,6 +2528,7 @@ set msg {
   Reverse VNC Connection:
 
             Reverse (listening) VNC connections are possible as well.
+            Enable with this button "Reverse VNC Connection (-LISTEN)"
 
             In this case the VNC Server initiates the connection to your
             waiting (i.e. listening) SSVNC viewer.
@@ -2362,6 +2566,12 @@ set msg {
             The "listen.pem" will be reused in later SSL Listening
             connections unless you specify a different one with MyCert.
 
+            On Windows or using a 3rd party VNC Viewer multiple,
+            simultaneous reverse connections are always enabled.
+            On Unix/MacOSX with the provided ssvncviewer they are disabled
+            by default.  To enable them:
+            Options -> Advanced -> Unix ssvncviewer -> Multiple LISTEN Conns.
+
             For reverse connections in SSH or SSH + SSL modes it is a
             little trickier.  The SSH tunnel (with -R tunnel) must be
             established and remain up waiting for reverse connections.
@@ -2388,6 +2598,10 @@ set msg {
             viewers supplied in the SSVNC package will only listen on
             localhost so these precautions are not needed.
 
+            Specify a specific interface, e.g. 192.168.1.1:0 to have stunnel
+            only listen on that interface.  IPv6 works too, e.g. :::0 or ::1:0
+            Also works for UN-encrypted reverse connections as well ('None').
+
             Note that for SSL connections use of "Proxy/Gateway" does not
             make sense: the remote side cannot initiate its reverse connection
             via the Proxy.
@@ -2413,7 +2627,7 @@ set msg {
                            instead of the Chicken of the VNC viewer;
                            The Xquartz X server must be installed (it is by
                            default on 10.5.x) and the DISPLAY variable must
-                           be set (see Tip 12 of Help to do this manually.)
+                           be set (see Tip 15 of Help to do this manually.)
                            Put cotvnc=1 in ~/.ssvncrc to switch the default.
 
   Kill Stunnel Automatically:
@@ -2492,7 +2706,7 @@ set msg {
              a check item "None" on the main panel and also a "No
              Encryption" check item in the "Options" panel.  If you
              select this item, there will be NO encryption for the VNC
-             connection (use cautiously) See Tip 3) under Help for more
+             connection (use cautiously) See Tip 5) under Help for more
              information about disabling encryption.
 
 
@@ -3227,6 +3441,9 @@ proc do_viewer_windows {n} {
 			append cmd " /quality $use_quality"
 		}
 	}
+
+	set ipv6_pid2 ""
+	set extra  ""
 	if {$use_listen} {
 		if {$vncviewer_realvnc4} {
 			append cmd " listen=1"
@@ -3237,7 +3454,18 @@ proc do_viewer_windows {n} {
 		if {$nn < 100} {
 			set nn [expr "$nn + 5500"] 
 		}
+		global direct_connect_reverse_host_orig is_win9x
+		if {$direct_connect_reverse_host_orig != "" && !$is_win9x} {
+			set nn2 [expr $nn + 15]
+			set h0 $direct_connect_reverse_host_orig
+			global win_localhost
+			set extra "\n\n   relay6.exe $nn $win_localhost $nn2 /b:$h0"
+			set ipv6_pid2 [exec relay6.exe $nn $win_localhost $nn2 /b:$h0 &]
+			set nn $nn2
+		}
+
 		append cmd " $nn"
+
 		global did_listening_message
 		if {$did_listening_message < 3} {
 			incr did_listening_message
@@ -3268,7 +3496,7 @@ proc do_viewer_windows {n} {
 
    ONLY AFTER THAT will you return to the SSVNC GUI.
 
-   Click OK now to start the Listening VNC Viewer.
+   Click OK now to start the Listening VNC Viewer.$extra
 "
 			global use_ssh use_sshssl
 			if {$use_ssh || $use_sshssl} {
@@ -3322,6 +3550,11 @@ proc do_viewer_windows {n} {
 	mesg $cmd
 	set emess ""
 	set rc [catch {eval exec $cmd} emess]
+
+	if {$ipv6_pid2 != ""} {
+		winkill $ipv6_pid2
+	}
+
 	if {$rc != 0} {
 		raise .
 		tk_messageBox -type ok -icon error -message $emess -title "Error: $cmd"
@@ -3422,6 +3655,50 @@ proc guess_nat_ip {} {
 	return $ip
 }
 
+proc check_for_ipv6 {} {
+	global is_windows have_ipv6
+	if {$have_ipv6 != ""} {
+		return
+	}
+	if {! $is_windows} {
+		set out ""
+		catch {set out [exec netstat -an]}
+		if [regexp {tcp6} $out] {
+			set have_ipv6 1
+		} elseif [regexp {udp6} $out] {
+			set have_ipv6 1
+		} elseif [regexp {:::} $out] {
+			set have_ipv6 1
+		} elseif [regexp {::1} $out] {
+			set have_ipv6 1
+		} elseif [regexp {TCP: IPv6.*LISTEN} $out] {
+			set have_ipv6 1
+		} else {
+			set have_ipv6 0
+		}
+	} else {
+		set out [get_ipconfig]
+		set out [string trim $out]
+		if {$out == ""} {
+			catch {set out [exec ping6 -n 1 -w 2000 ::1]}
+			if [regexp {Reply from.*bytes} $out] {
+				if [regexp {Received = 1} $out] {
+					set have_ipv6 1
+					return
+				}
+			}
+			set have_ipv6 0
+			return
+		}
+		foreach line [split $out "\n\r"] {
+			if {[regexp -nocase {IP Address.*:[ \t]*[a-f0-9]*:[a-f0-9]*:} $line]} {
+				set have_ipv6 1
+				return
+			}
+		}
+		set have_ipv6 0
+	}
+}
 proc guess_ip {} {
 	global is_windows
 	if {! $is_windows} {
@@ -3458,6 +3735,31 @@ proc guess_ip {} {
 				}
 			}
 		}
+		foreach line [split $out "\n\r"] {
+			if {[regexp -nocase {IP Address.*:[ \t]*([:a-f0-9][%:a-f0-9]*)} $line mvar ip]} {
+				set ip [string trim $ip]
+				if [regexp {^[.0]*$} $ip] {
+					continue
+				}
+				if [regexp {127\.0\.0\.1} $ip] {
+					continue
+				}
+				if {$ip != ""} {
+					return $ip
+				}
+			}
+		}
+	}
+}
+
+proc bat_sleep {fh} {
+	global env
+	if [info exists env(SSVNC_BAT_SLEEP)] {
+		puts $fh "@echo ."
+		puts $fh "@echo -----"
+		puts $fh "@echo Debug: BAT SLEEP for $env(SSVNC_BAT_SLEEP) seconds ..."
+		puts $fh "@ping -n $env(SSVNC_BAT_SLEEP) -w 1000 0.0.0.1 > NUL"
+		puts $fh "@echo BAT SLEEP done."
 	}
 }
 
@@ -3470,14 +3772,23 @@ proc windows_start_sound_daemon {file} {
 	set fh2 [open $file2 "w"]
 
 	puts $fh2 $sound_daemon_local_cmd
+	bat_sleep $fh2
 	puts $fh2 "del $file2"
 	close $fh2
 
 	mesg "Starting SOUND daemon..."
 	if [info exists env(COMSPEC)] {
-		exec $env(COMSPEC) /c $file2 &
+		if [info exists env(SSVNC_BAT_SLEEP)] {
+			exec $env(COMSPEC) /c start $env(COMSPEC) /c $file2 &
+		} else {
+			exec $env(COMSPEC) /c $file2 &
+		}
 	} else {
-		exec cmd.exe /c $file2 &
+		if [info exists env(SSVNC_BAT_SLEEP)] {
+			exec cmd.exe /c start cmd.exe /c $file2 &
+		} else {
+			exec cmd.exe /c $file2 &
+		}
 	}
 	after 1500
 }
@@ -3564,10 +3875,11 @@ proc make_plink {} {
 }
 
 proc ssh_split {str} {
-	if {! [regexp {:} $str]} {
+	regsub { .*$} $str "" str
+	if {! [regexp {:[0-9][0-9]*$} $str]} {
 		append str ":22"
 	}
-	regsub {:.*$} $str "" ssh_host
+	regsub {:[0-9][0-9]*$} $str "" ssh_host
 	regsub {^.*:} $str "" ssh_port
 	if {$ssh_port == ""} {
 		set ssh_port 22
@@ -3624,10 +3936,12 @@ proc launch_windows_ssh {hp file n} {
 	set vnc_disp $hpnew
 	regsub {^.*:} $vnc_disp "" vnc_disp
 
+	regsub {\.bat} $file ".flg" flag
+
 	if {$ts_only} {
 		regsub {:0$} $hpnew "" hpnew 
 		if {$proxy == ""} {
-			if {[regexp {^([^:]*):([0-9][0-9]*)$} $hpnew mv sshhst sshpt]} {
+			if {[regexp {^(.*):([0-9][0-9]*)$} $hpnew mv sshhst sshpt]} {
 				set proxy "$sshhst:$sshpt"
 				set hpnew $win_localhost
 			}
@@ -3677,9 +3991,11 @@ proc launch_windows_ssh {hp file n} {
 		set vnc_port $vnc_disp
 	}
 
+	global ssh_ipv6_pid
+	set ssh_ipv6_pid ""
+
 	set ssh_port 22
-	set ssh_host $hpnew
-	regsub {:.*$} $ssh_host "" ssh_host
+	set ssh_host [host_part $hpnew]
 
 	set double_ssh ""
 	set p_port ""
@@ -3749,12 +4065,20 @@ proc launch_windows_ssh {hp file n} {
 				set port2 [rand_port]
 			}
 
+			global have_ipv6
+			if {$have_ipv6} {
+				set res [ipv6_proxy $pproxy "" ""]
+				set pproxy    [lindex $res 0]
+				set ssh_ipv6_pid [lindex $res 3]
+			}
+
 			set env(SSVNC_PROXY) $pproxy
 			set env(SSVNC_LISTEN) $port2
 			set env(SSVNC_DEST) "$sproxy1_host:$sproxy1_port"
 
 			mesg "Starting Proxy TCP helper on port $port2 ..."
 			after 300
+			# ssh br case:
 			set proxy_pid [exec "connect_br.exe" &]
 
 			catch { unset env(SSVNC_PROXY)  }
@@ -3779,6 +4103,8 @@ proc launch_windows_ssh {hp file n} {
 			if {$is_win9x} {
 				mesg "Double proxy does not work on Win9x"
 				bell
+				winkill $ssh_ipv6_pid
+				set ssh_ipv6_pid ""
 				return 0
 			}
 			# user1@gateway:port1,user2@workstation:port2
@@ -3806,6 +4132,13 @@ proc launch_windows_ssh {hp file n} {
 			set ssh_host2 [lindex $s 1]
 			set ssh_port2 [lindex $s 2]
 
+			if {! [regexp {^[0-9][0-9]*$} $ssh_port1]} {
+				set ssh_port1 22
+			}
+			if {! [regexp {^[0-9][0-9]*$} $ssh_port2]} {
+				set ssh_port2 22
+			}
+
 			set u1 ""
 			if {$ssh_user1 != ""} {
 				set u1 "${ssh_user1}@"
@@ -3823,16 +4156,14 @@ proc launch_windows_ssh {hp file n} {
 			set proxy_use $proxy
 		}
 
-		set ssh_host $proxy_use
-		regsub {:.*$} $ssh_host "" ssh_host
-		set ssh_port $proxy_use
-		regsub {^.*:} $ssh_port "" ssh_port
-		if {$ssh_port == ""} {
+		set ssh_host [host_part $proxy_use]
+
+		set ssh_port [port_part $proxy_use]
+		if {! [regexp {^[0-9][0-9]*$} $ssh_port]} {
 			set ssh_port 22
 		}
 
-		set vnc_host $hpnew
-		regsub {:.*$} $vnc_host "" vnc_host
+		set vnc_host [host_part $hpnew]
 		if {$vnc_host == ""} {
 			set vnc_host $win_localhost
 		}
@@ -3841,6 +4172,8 @@ proc launch_windows_ssh {hp file n} {
 	if {![regexp {^[^ 	][^ 	]*@} $ssh_host]} {
 		mesg "You must supply a username: user@host..."
 		bell
+		winkill $ssh_ipv6_pid
+		set ssh_ipv6_pid ""
 		return 0
 	}
 
@@ -3898,6 +4231,7 @@ proc launch_windows_ssh {hp file n} {
 			regsub {\.bat} $file "pre.cmd" file_pre_cmd
 			set fh [open $file_pre_cmd "w"]
 			puts $fh "$setup_cmds sleep 10; "
+			bat_sleep $fh
 			close $fh
 
 			# VF
@@ -3917,11 +4251,13 @@ proc launch_windows_ssh {hp file n} {
 			}
 			puts $fh $plink_str
 
-			if {$file_pre_cmd != ""} {
-				puts $fh "del $file_pre_cmd"
+			bat_sleep $fh
+			if {![info exists env(SSVNC_NO_DELETE)]} {
+				if {$file_pre_cmd != ""} {
+					puts $fh "del $file_pre_cmd"
+				}
+				puts $fh "del $file_pre"
 			}
-			puts $fh "del $file_pre"
-
 			close $fh
 		}
 	}
@@ -3995,6 +4331,7 @@ proc launch_windows_ssh {hp file n} {
 			append str " sleep $sleep; "
 		}
 		puts $fh_cmd $str
+		bat_sleep $fh_cmd
 		close $fh_cmd
 
 		set sshcmd $setup_cmds
@@ -4083,10 +4420,14 @@ proc launch_windows_ssh {hp file n} {
 		puts $fh "echo \" \""
 	}
 	puts $fh $plink_str
-	if {$file_cmd != ""} {
-		puts $fh "del $file_cmd"
+	bat_sleep $fh
+	puts $fh "del $flag"
+	if {![info exists env(SSVNC_NO_DELETE)]} {
+		if {$file_cmd != ""} {
+			puts $fh "del $file_cmd"
+		}
+		puts $fh "del $file"
 	}
-	puts $fh "del $file"
 	close $fh
 
 	catch {destroy .o}
@@ -4094,13 +4435,17 @@ proc launch_windows_ssh {hp file n} {
 	catch {destroy .os}
 
 	if { ![do_port_knock $ssh_host start]} {
-		catch {file delete $file}
-		if {$file_cmd != ""} {
-			catch {file delete $file_cmd}
-		}
-		if {$file_pre != ""} {
-			catch {file delete $file_pre}
+		if {![info exists env(SSVNC_NO_DELETE)]} {
+			catch {file delete $file}
+			if {$file_cmd != ""} {
+				catch {file delete $file_cmd}
+			}
+			if {$file_pre != ""} {
+				catch {file delete $file_pre}
+			}
 		}
+		winkill $ssh_ipv6_pid
+		set ssh_ipv6_pid ""
 		return 0
 	}
 
@@ -4111,7 +4456,11 @@ proc launch_windows_ssh {hp file n} {
 		regsub {\.bat} $file "dob.bat" file_double
 		set fhdouble [open $file_double "w"]
 		puts $fhdouble $plink_str_double_ssh
-		puts $fhdouble "del $file_double"
+		bat_sleep $fhdouble
+		puts $fhdouble "del $flag"
+		if {![info exists env(SSVNC_NO_DELETE)]} {
+			puts $fhdouble "del $file_double"
+		}
 		close $fhdouble
 
 		set com "cmd.exe"
@@ -4119,7 +4468,16 @@ proc launch_windows_ssh {hp file n} {
 			set com $env(COMSPEC)
 		}
 
-		exec $com /c $file_double &
+		set ff [open $flag "w"]
+		puts $ff "flag"
+		close $ff
+
+		global env
+		if [info exists env(SSVNC_BAT_SLEEP)] {
+			exec $com /c start $com /c $file_double &
+		} else {
+			exec $com /c $file_double &
+		}
 
 		set waited 0
 		set gotit 0
@@ -4139,7 +4497,11 @@ proc launch_windows_ssh {hp file n} {
 				break
 			}
 			set waited [expr "$waited + 500"]
+			if {![file exists $flag]} {
+				break
+			}
 		}
+		catch {file delete $flag}	
 		if {! $gotit} {
 			after 5000
 		}
@@ -4155,6 +4517,10 @@ proc launch_windows_ssh {hp file n} {
 		}
 	}
 
+	set ff [open $flag "w"]
+	puts $ff "flag"
+	close $ff
+
 	if {$is_win9x} {
 		if {$wdraw} {
 			wm withdraw .
@@ -4198,7 +4564,12 @@ proc launch_windows_ssh {hp file n} {
 			mesg "Click on *This* Label when done with 1st SSH 0/$sl"
 			after 600
 
-			exec $com /c $file_pre &
+			global env
+			if [info exists env(SSVNC_BAT_SLEEP)] {
+				exec $com /c start $com /c $file_pre &
+			} else {
+				exec $com /c $file_pre &
+			}
 
 			catch {lower .; update; raise .; update}
 
@@ -4227,11 +4598,17 @@ proc launch_windows_ssh {hp file n} {
 		if {$wdraw} {
 			wm withdraw .
 		}
+
 		update
 		if {$do_shell && [regexp {FINISH} $port_knocking_list]} {
 			catch {exec $com /c $file}
 		} else {
-			exec $com /c $file &
+			global env
+			if [info exists env(SSVNC_BAT_SLEEP)] {
+				exec $com /c start $com /c $file &
+			} else {
+				exec $com /c $file &
+			}
 		}
 		after 1000
 	}
@@ -4244,8 +4621,10 @@ proc launch_windows_ssh {hp file n} {
 		}
 		return 1
 	}
+	set made_plink 0
 	if {$is_win9x} {
 		make_plink
+		set made_plink 1
 	}
 	global plink_status
 	set plink_status ""
@@ -4279,8 +4658,17 @@ proc launch_windows_ssh {hp file n} {
 		if {$cnt >= 12} {
 			set cnt 0
 		}
+		if {![file exists $flag]} {
+			set plink_status flag_gone
+			break
+		}
 	}
+	catch {file delete $flag}	
 	if {$plink_status == ""} {
+		if {! $made_plink} {
+			make_plink
+			set made_plink 1
+		}
 		vwait plink_status
 	}
 
@@ -4300,6 +4688,13 @@ proc launch_windows_ssh {hp file n} {
 	}
 
 	if {$plink_status != "yes"} {
+		set m "unknown"
+		if {$plink_status == "flag_gone"} {
+			set m "plink script failed"
+		} elseif {$plink_status == ""} {
+			set m "timeout"
+		}
+		mesg "Error ($m) to $hp"
 		wm deiconify .
 	} else {
 		after 1000
@@ -4312,19 +4707,24 @@ proc launch_windows_ssh {hp file n} {
 		do_port_knock $ssh_host finish
 	}
 
-	if {$file != ""} {
-		catch {file delete $file}	
-	}
-	if {$file_pre != ""} {
-		catch {file delete $file_pre}	
-	}
-	if {$file_pre_cmd != ""} {
-		catch {file delete $file_pre_cmd}	
-	}
-	if {$file_double != ""} {
-		catch {file delete $file_double}	
+	if {![info exists env(SSVNC_NO_DELETE)]} {
+		if {$file != ""} {
+			catch {file delete $file}	
+		}
+		if {$file_pre != ""} {
+			catch {file delete $file_pre}	
+		}
+		if {$file_pre_cmd != ""} {
+			catch {file delete $file_pre_cmd}	
+		}
+		if {$file_double != ""} {
+			catch {file delete $file_double}	
+		}
 	}
 
+	winkill $ssh_ipv6_pid
+	set ssh_ipv6_pid ""
+
 	global sound_daemon_local_kill
 	if {! $is_win9x && $use_sound && $sound_daemon_local_kill && $sound_daemon_local_cmd != ""} {
 		windows_stop_sound_daemon
@@ -4684,7 +5084,7 @@ proc do_unix_pre {tag proxy hp pk_hp}  {
 
 	if {$proxy == ""} {
 		set pxy $hp
-		regsub {:.*$} $pxy "" pxy
+		regsub {:[0-9][0-9]*$} $pxy "" pxy
 		set c "$c -proxy '$pxy'"
 	} else {
 		set c "$c -proxy '$proxy'"
@@ -5031,7 +5431,7 @@ proc fetch_cert {save} {
 		if [regexp {CONNECTED} $cert_text] {
 			if {[regexp -nocase -line {cipher.*ADH} $cert_text]} {
 				# it is Anonymous Diffie Hellman
-				mesg "WARNING: Anonymous Diffie Hellman Server detected (no Cert)"
+				mesg "WARNING: Anonymous Diffie Hellman Server detected (NO CERT)"
 				after 300
 				.f4.getcert configure -state normal
 				return $cert_text
@@ -5044,7 +5444,7 @@ proc fetch_cert {save} {
 
 	global vencrypt_detected server_vencrypt
 	if {$vencrypt_detected != "" && !$server_vencrypt} {
-		mesg "VeNCrypt/ANONTLS server detected."
+		mesg "VeNCrypt or ANONTLS server detected."
 		after 600
 	}
 
@@ -5247,15 +5647,35 @@ proc fetch_dialog {cert_text hp hpnew ok n} {
 	jiggle_text .fetch.f.t
 }
 
+
+proc host_part {hp} {
+	regsub {^ *}  $hp "" hp
+	regsub { .*$} $hp "" hp
+	if [regexp {^[0-9][0-9]*$} $hp] {
+		return ""
+	}
+	set h $hp
+	regsub {:[0-9][0-9]*$} $hp "" h
+	return $h
+}
+
+proc port_part {hp} {
+	regsub { .*$} $hp "" hp
+	set p ""
+	if [regexp {:([0-9][0-9]*)$} $hp m val] {
+		set p $val
+	}
+	return $p
+}
+
 proc get_vencrypt_proxy {hpnew} {
 	if [regexp -nocase {^vnc://} $hpnew] {
 		return ""
 	}
 	set hpnew  [get_ssh_hp $hpnew]
-	regsub -nocase {^[A-z+]*://} $hpnew "" hpnew
-	set list [split $hpnew ":"] 
-	set h [lindex $list 0]
-	set p [lindex $list 1]
+	regsub -nocase {^[a-z0-9+]*://} $hpnew "" hpnew
+	set h [host_part $hpnew]
+	set p [port_part $hpnew]
 
 	if {$p == ""} {
 		# might not matter, i.e. SSH+SSL only...
@@ -5306,13 +5726,130 @@ proc fetch_cert_unix {hp {vencrypt 0} {anondh 0}} {
 		lappend cmd "2>/dev/null"
 	}
 	global env
-if [info exists env(CERTDBG)] {puts "\nFetch-cmd: $cmd"}
+	if [info exists env(CERTDBG)] {puts "\nFetch-cmd: $cmd"}
 	set env(SSVNC_SHOWCERT_EXIT_0) 1
 
 	return [eval exec $cmd]
 }
 
+proc win_nslookup {host} {
+	global win_nslookup_cache
+	if [info exists win_nslookup_cache($host)] {
+		return $win_nslookup_cache($host)
+	}
+	if [regexp -nocase {[^a-z0-9:._-]} $host]  {
+		set win_nslookup_cache($host) "invalid"
+		return $win_nslookup_cache($host)
+	}
+	if [regexp {^[0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*$} $host] {
+		set win_nslookup_cache($host) $host
+		return $win_nslookup_cache($host)
+	}
+	if [regexp -nocase {^[a-f0-9]*:[a-f0-9:]*:[a-f0-9:]*$} $host] {
+		set win_nslookup_cache($host) $host
+		return $win_nslookup_cache($host)
+	}
+	set nsout ""
+	catch {set nsout [exec nslookup $host]}
+	if {$nsout == "" || [regexp -nocase {server failed} $nsout]} {
+		after 250
+		set nsout ""
+		catch {set nsout [exec nslookup $host]}
+	}
+	if {$nsout == "" || [regexp -nocase {server failed} $nsout]} {
+		set win_nslookup_cache($host) "unknown"
+		return $win_nslookup_cache($host)
+	}
+	regsub -all {Server:[^\n]*\nAddress:[^\n]*} $nsout "" nsout
+	regsub {^.*Name:} $nsout "" nsout
+	if [regexp {Address:[ \t]*([^\n]+)} $nsout mv addr] {
+		set addr [string trim $addr]
+		if {$addr != ""} {
+			set win_nslookup_cache($host) $addr
+			return $win_nslookup_cache($host)
+		}
+	}
+	set win_nslookup_cache($host) "unknown"
+	return $win_nslookup_cache($host)
+}
+
+proc win_ipv4 {host} {
+	global win_localhost
+	set ip [win_nslookup $host];
+	if [regexp {^[0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*$} $ip] {
+		return 1
+	}
+	return 0
+}
+
+proc ipv6_proxy {proxy host port} {
+	global is_windows win_localhost have_ipv6
+
+	if {!$have_ipv6} {
+		return [list $proxy $host $port ""]
+	} elseif {!$is_windows} {
+		return [list $proxy $host $port ""]
+	} else {
+		set h0 ""
+		set p0 ""
+		set port3 ""
+		set ipv6_pid ""
+		set proxy0 $proxy
+		if {$proxy == ""} {
+			if [win_ipv4 $host] {
+				return [list $proxy $host $port ""]
+			}
+			set port3 [rand_port] 
+			set h0 $host
+			set p0 $port
+			set host $win_localhost
+			set port $port3
+		} else {
+			set parts [split $proxy ","] 
+			set n [llength $parts]
+			for {set i 0} {$i < $n} {incr i} {
+				set part [lindex $parts $i]
+				set prefix ""
+				regexp -nocase {^[a-z0-9+]*://} $part prefix
+				regsub -nocase {^[a-z0-9+]*://}	$part "" part
+				set modit 0
+				set h1 ""
+				set p1 ""
+				if [regexp {^(.*):([0-9][0-9]*)$} $part mvar h1 p1] {
+					if {$h1 == "localhost" || $h1 == $win_localhost} {
+						continue
+					} elseif [win_ipv4 $h1] {
+						break
+					}
+					set modit 1
+				} else {
+					break
+				}
+				if {$modit} {
+					set port3 [rand_port] 
+					set h0 $h1
+					set p0 $p1
+					lset parts $i "$prefix$win_localhost:$port3"
+					break
+				}
+			}
+			if {$h0 != "" && $p0 != "" && $port3 != ""} {
+				set proxy [join $parts ","]
+				#mesg "Reset proxy: $proxy"; after 3000
+			}
+		}
+		if {$h0 != "" && $p0 != "" && $port3 != ""} {
+			mesg "Starting IPV6 helper on port $port3 ..."
+			set ipv6_pid [exec relay6.exe $port3 "$h0" "$p0" /b:$win_localhost &]
+			after 400
+			#mesg "r6 $port3 $h0 $p0"; after 3000
+		}
+		return [list $proxy $host $port $ipv6_pid]
+	}
+}
+
 proc fetch_cert_windows {hp {vencrypt 0} {anondh 0}} {
+	global have_ipv6
 
 	regsub {^vnc.*://} $hp "" hp
 
@@ -5329,11 +5866,10 @@ proc fetch_cert_windows {hp {vencrypt 0} {anondh 0}} {
 		}
 	}
 
-	set list [split $hpnew ":"] 
+	set host [host_part $hpnew]
 
 	global win_localhost
 
-	set host [lindex $list 0]
 	if {$host == ""} {
 		set host $win_localhost
 	}
@@ -5343,9 +5879,7 @@ proc fetch_cert_windows {hp {vencrypt 0} {anondh 0}} {
 		regsub {^.*@} $host "" host
 	}
 
-	set disp [lindex $list 1]
-	set disp [string trim $disp]
-	regsub { .*$} $disp "" disp
+	set disp [port_part $hpnew]
 
 	if {[regexp {^-[0-9][0-9]*$} $disp]} {
 		;
@@ -5360,6 +5894,15 @@ proc fetch_cert_windows {hp {vencrypt 0} {anondh 0}} {
 		set port $disp
 	}
 
+	set ipv6_pid ""
+	if {$have_ipv6} {
+		set res [ipv6_proxy $proxy $host $port]
+		set proxy    [lindex $res 0]
+		set host     [lindex $res 1]
+		set port     [lindex $res 2]
+		set ipv6_pid [lindex $res 3]
+	}
+
 	if {$proxy != ""} {
 		global env
 
@@ -5384,8 +5927,10 @@ proc fetch_cert_windows {hp {vencrypt 0} {anondh 0}} {
 
 		set host $win_localhost
 		set port $port2
+
 		mesg "Starting Proxy TCP helper on port $port2 ..."
-		after 500
+		after 300
+		# fetch cert br case:
 		set proxy_pid [exec "connect_br.exe" &]
 
 		if {$sp == ""} {
@@ -5451,6 +5996,10 @@ proc fetch_cert_windows {hp {vencrypt 0} {anondh 0}} {
 			foreach pid $pids {
 				winkill $pid
 			}
+			if {$ipv6_pid != ""} {
+				winkill $ipv6_pid
+			}
+
 			catch {close $ph}
 			catch {file delete $tin $tou}
 			return $text
@@ -5511,6 +6060,9 @@ proc fetch_cert_windows {hp {vencrypt 0} {anondh 0}} {
 		close $ph
 	}
 	catch {file delete $tin $tou}
+	if {$ipv6_pid != ""} {
+		winkill $ipv6_pid
+	}
 	return $text
 }
 
@@ -6551,6 +7103,24 @@ proc launch_unix {hp} {
 		set env(SSVNC_MULTIPLE_LISTEN) "1"
 	}
 
+	if {$use_ssh} {
+		;
+	} elseif {$use_sshssl} {
+		;
+	} elseif {$use_ssl} {
+		set prox  [get_ssh_proxy $hp]
+		if {$prox != "" && [regexp {@} $prox]} {
+			mesg "Error: proxy contains '@'  Did you mean to use SSH mode?"
+			bell
+			return
+		}
+		if [regexp {@} $hp] {
+			mesg "Error: host contains '@'  Did you mean to use SSH mode?"
+			bell
+			return
+		}
+	}
+
 	if {$use_ssh || $use_sshssl} {
 		if {$ssh_local_protection} {
 			if {![info exists env(LIM_ACCEPT)]} {
@@ -6600,6 +7170,7 @@ proc launch_unix {hp} {
 		if {$ts_only} {
 			regsub {:0$} $hpnew "" hpnew 
 			if {$proxy == ""} {
+				# XXX host_part
 				if {[regexp {^([^:]*):([0-9][0-9]*)$} $hpnew mv sshhst sshpt]} {
 					set proxy "$sshhst:$sshpt"
 					set hpnew "localhost"
@@ -6729,7 +7300,8 @@ proc launch_unix {hp} {
 			set env(SS_VNCVIEWER_SSH_ONLY) 1
 			if {$proxy == ""} {
 				set hpt $hpnew
-				regsub {:[0-9]*$} $hpt "" hpt
+				# XXX host_part
+				regsub {:[0-9][0-9]*$} $hpt "" hpt
 				set cmd "$cmd -proxy '$hpt'"
 			}
 			set geometry [xterm_center_geometry]
@@ -7177,7 +7749,9 @@ proc launch_unix {hp} {
 
 	init_unixpw $hp
 
-	vencrypt_tutorial_mesg
+	if {! $do_direct} {
+		vencrypt_tutorial_mesg
+	}
 
 	wm withdraw .
 	update
@@ -7347,6 +7921,11 @@ proc note_stunnel_pids {when} {
 
 proc del_launch_windows_ssh_files {} {
 	global launch_windows_ssh_files
+	global env
+
+	if {[info exists env(SSVNC_NO_DELETE)]} {
+		return
+	}
 	
 	if {$launch_windows_ssh_files != ""} {
 		foreach tf [split $launch_windows_ssh_files] {
@@ -7526,7 +8105,7 @@ proc launch {{hp ""}} {
 		regsub {^.*HOME=} $t "" t
 		set t [string trim $t]
 		set env(SSVNC_HOME) $t
-		mesg "set SSVNC_HOME to $t"
+		mesg "Set SSVNC_HOME to $t"
 		set vncdisplay ""
 		return 0
 	}
@@ -7535,7 +8114,7 @@ proc launch {{hp ""}} {
 		regsub {^.*DISPLAY=} $t "" t
 		set t [string trim $t]
 		set env(DISPLAY) $t
-		mesg "set DISPLAY to $t"
+		mesg "Set DISPLAY to $t"
 		set vncdisplay ""
 		global uname darwin_cotvnc
 		if {$uname == "Darwin"} {
@@ -7553,7 +8132,7 @@ proc launch {{hp ""}} {
 		set t [string trim $t]
 		set env(DYLD_LIBRARY_PATH) $t
 		set env(SSVNC_DYLD_LIBRARY_PATH) $t
-		mesg "set DYLD_LIBRARY_PATH to $t"
+		mesg "Set DYLD_LIBRARY_PATH to $t"
 		set vncdisplay ""
 		return 0
 	}
@@ -7562,7 +8141,7 @@ proc launch {{hp ""}} {
 		regsub {^.*SLEEP=} $t "" t
 		set t [string trim $t]
 		set env(SSVNC_EXTRA_SLEEP) $t
-		mesg "set SSVNC_EXTRA_SLEEP to $t"
+		mesg "Set SSVNC_EXTRA_SLEEP to $t"
 		set vncdisplay ""
 		return 0
 	}
@@ -7571,7 +8150,7 @@ proc launch {{hp ""}} {
 		regsub {^.*SSH=} $t "" t
 		set t [string trim $t]
 		set env(SSH) $t
-		mesg "set SSH to $t"
+		mesg "Set SSH to $t"
 		set vncdisplay ""
 		return 0
 	}
@@ -7580,7 +8159,25 @@ proc launch {{hp ""}} {
 		regsub {^.*=} $t "" t
 		set t [string trim $t]
 		set env(SSVNC_FINISH_SLEEP) $t
-		mesg "set SSVNC_FINISH_SLEEP to $t"
+		mesg "Set SSVNC_FINISH_SLEEP to $t"
+		set vncdisplay ""
+		return 0
+	}
+	if {[regexp {^NO_DELETE=} $hpt] || [regexp {^SSVNC_NO_DELETE=} $hpt]} {
+		set t $hpt
+		regsub {^.*=} $t "" t
+		set t [string trim $t]
+		set env(SSVNC_NO_DELETE) $t
+		mesg "Set SSVNC_NO_DELETE to $t"
+		set vncdisplay ""
+		return 0
+	}
+	if {[regexp {^BAT_SLEEP=} $hpt] || [regexp {^SSVNC_BAT_SLEEP=} $hpt]} {
+		set t $hpt
+		regsub {^.*=} $t "" t
+		set t [string trim $t]
+		set env(SSVNC_BAT_SLEEP) $t
+		mesg "Set SSVNC_BAT_SLEEP to $t"
 		set vncdisplay ""
 		return 0
 	}
@@ -7589,7 +8186,7 @@ proc launch {{hp ""}} {
 		regsub {^.*DEBUG_NETSTAT=} $t "" t
 		global debug_netstat
 		set debug_netstat $t
-		mesg "set DEBUG_NETSTAT to $t"
+		mesg "Set DEBUG_NETSTAT to $t"
 		set vncdisplay ""
 		return 0
 	}
@@ -7597,7 +8194,7 @@ proc launch {{hp ""}} {
 		set t $hpt
 		regsub {^.*REPEATER_FORCE=} $t "" t
 		set env(REPEATER_FORCE) $t
-		mesg "set REPEATER_FORCE to $t"
+		mesg "Set REPEATER_FORCE to $t"
 		set vncdisplay ""
 		return 0
 	}
@@ -7619,6 +8216,14 @@ proc launch {{hp ""}} {
 
 		return 0
 	}
+	if {[regexp -nocase {^IPV6=([01])} $hpt mv val]} {
+		global env have_ipv6
+		set have_ipv6 $val
+		set env(SSVNC_IPV6) $val
+		mesg "Set have_ipv6 to $val"
+		set vncdisplay ""
+		return 0
+	}
 
 
 	regsub {[ 	]*cmd=.*$} $hp "" tt
@@ -7637,6 +8242,7 @@ proc launch {{hp ""}} {
 		mac_raise
 		return
 	}
+	# XXX host_part
 	if {! [regexp ":" $hp]} {
 		if {! [regexp {cmd=} $hp]} {
 			set s [string trim $hp]
@@ -7649,7 +8255,7 @@ proc launch {{hp ""}} {
 	}
 
 	if {!$use_ssl && !$use_ssh && !$use_sshssl && $sshssl_sw == "none"} {
-		regsub -nocase {^[A-z+]*://}	$hp "" hp
+		regsub -nocase {^[a-z0-9+]*://}	$hp "" hp
 		set hp "Vnc://$hp"
 	}
 
@@ -7840,11 +8446,33 @@ proc launch {{hp ""}} {
 	global listening_name
 	set listening_name ""
 
+	if {$use_ssh} {
+		;
+	} elseif {$use_sshssl} {
+		;
+	} elseif {$use_ssl} {
+		if {$proxy != "" && [regexp {@} $proxy]} {
+			mesg "Error: proxy contains '@'  Did you mean to use SSH mode?"
+			bell
+			return
+		}
+		if [regexp {@} $hp] {
+			mesg "Error: host contains '@'  Did you mean to use SSH mode?"
+			bell
+			return
+		}
+	}
+
+	global ssh_ipv6_pid
+	set ssh_ipv6_pid ""
+
 	if {$use_sshssl} {
 		set rc [launch_windows_ssh $hp $file2 $n2]
 		if {$rc == 0} {
-			catch {file delete $file1}
-			catch {file delete $file2}
+			if {![info exists env(SSVNC_NO_DELETE)]} {
+				catch {file delete $file1}
+				catch {file delete $file2}
+			}
 			del_launch_windows_ssh_files
 			return
 		}
@@ -7855,11 +8483,11 @@ proc launch {{hp ""}} {
 		return
 	}
 
-	set list [split $hp ":"] 
+	set host [host_part $hp];
+	set host_orig $host
 
 	global win_localhost
 
-	set host [lindex $list 0]
 	if {$host == ""} {
 		set host $win_localhost
 	}
@@ -7871,9 +8499,7 @@ proc launch {{hp ""}} {
 		regsub {^.*@} $host "" host
 	}
 
-	set disp [lindex $list 1]
-	set disp [string trim $disp]
-	regsub { .*$} $disp "" disp
+	set disp [port_part $hp]
 	if {[regexp {^-[0-9][0-9]*$} $disp]} {
 		;
 	} elseif {$disp == "" || ! [regexp {^[0-9][0-9]*$} $disp]} {
@@ -7998,6 +8624,16 @@ proc launch {{hp ""}} {
 		set proxy [maybe_add_vencrypt $proxy $hp]
 	}
 
+	set ipv6_pid ""
+	global have_ipv6
+	if {$have_ipv6} {
+		set res [ipv6_proxy $proxy $host $port]
+		set proxy    [lindex $res 0]
+		set host     [lindex $res 1]
+		set port     [lindex $res 2]
+		set ipv6_pid [lindex $res 3]
+	}
+
 	if {$proxy != ""} {
 		if {$use_sshssl} {
 			;
@@ -8063,6 +8699,9 @@ proc launch {{hp ""}} {
 			}
 			set listening_name "$hn:$port  (or nn.nn.nn.nn:$port, etc.)"
 		}
+		if {$host_orig != "" && $hloc == ""} {
+			set hloc "$host_orig:"
+		}
 		puts $fh "accept = $hloc$port"
 		puts $fh "connect = $win_localhost:$port2"
 	}
@@ -8079,7 +8718,17 @@ proc launch {{hp ""}} {
 	}
 
 	if {$fail} {
-		catch {file delete $file1}
+		if {![info exists env(SSVNC_NO_DELETE)]} {
+			catch {file delete $file1}
+		}
+		catch { unset env(SSVNC_PROXY) }
+		catch { unset env(SSVNC_LISTEN) }
+		catch { unset env(SSVNC_REVERSE) }
+		catch { unset env(SSVNC_DEST) }
+		catch { unset env(SSVNC_PREDIGESTED_HANDSHAKE) }
+		winkill $ipv6_pid
+		winkill $ssh_ipv6_pid
+		set ssh_ipv6_pid ""
 		return
 	}
 
@@ -8087,19 +8736,23 @@ proc launch {{hp ""}} {
 
 	set proxy_pid ""
 	set proxy_pid2 ""
+
 	if {$proxy != ""} {
 		if [regexp {vencrypt:} $proxy] {
 			set vport [expr "$n1 + 5900"]
 			mesg "Starting VeNCrypt helper on port $vport,$port3 ..."
 			after 500
-			catch {file delete "$file1.pre"}
+			if {![info exists env(SSVNC_NO_DELETE)]} {
+				catch {file delete "$file1.pre"}
+			}
 			set env(SSVNC_PREDIGESTED_HANDSHAKE) "$file1.pre"
 			set env(SSVNC_VENCRYPT_VIEWER_BRIDGE) "$vport,$port3"
 			set proxy_pid2 [exec "connect_br.exe" &]
 			catch { unset env(SSVNC_VENCRYPT_VIEWER_BRIDGE) }
 		}
-		mesg "Starting VeNCrypt TCP helper on port $port ..."
-		after 500
+		mesg "Starting TCP helper on port $port ..."
+		after 400
+		# ssl br case:
 		set proxy_pid [exec "connect_br.exe" &]
 		catch { unset env(SSVNC_PROXY) }
 		catch { unset env(SSVNC_LISTEN) }
@@ -8136,7 +8789,9 @@ proc launch {{hp ""}} {
 
 	del_launch_windows_ssh_files
 
-	catch {file delete $file1}
+	if {![info exists env(SSVNC_NO_DELETE)]} {
+		catch {file delete $file1}
+	}
 
 	if {$debug} {
 		;
@@ -8169,6 +8824,9 @@ proc launch {{hp ""}} {
 		win_nokill_msg
 	}
 	mesg "Disconnected from $hp."
+	winkill $ipv6_pid
+	winkill $ssh_ipv6_pid
+	set ssh_ipv6_pid ""
 
 	global is_win9x use_sound sound_daemon_local_kill sound_daemon_local_cmd
 	if {! $is_win9x && $use_sound && $sound_daemon_local_kill && $sound_daemon_local_cmd != ""} {
@@ -8187,11 +8845,11 @@ proc direct_connect_windows {{hp ""}} {
 	global listening_name
 	set listening_name ""
 
-	set list [split $hp ":"] 
+	set host [host_part $hp]
 
-	global win_localhost
+	set host_orig $host
 
-	set host [lindex $list 0]
+	global win_localhost
 	if {$host == ""} {
 		set host $win_localhost
 	}
@@ -8203,9 +8861,7 @@ proc direct_connect_windows {{hp ""}} {
 		regsub {^.*@} $host "" host
 	}
 
-	set disp [lindex $list 1]
-	set disp [string trim $disp]
-	regsub { .*$} $disp "" disp
+	set disp [port_part $hp]
 	if {[regexp {^-[0-9][0-9]*$} $disp]} {
 		;
 	} elseif {$disp == "" || ! [regexp {^[0-9][0-9]*$} $disp]} {
@@ -8224,6 +8880,16 @@ proc direct_connect_windows {{hp ""}} {
 		set port $disp
 	}
 
+	global have_ipv6
+	set ipv6_pid ""
+	if {$have_ipv6 && !$use_listen} {
+		set res [ipv6_proxy $proxy $host $port]
+		set proxy    [lindex $res 0]
+		set host     [lindex $res 1]
+		set port     [lindex $res 2]
+		set ipv6_pid [lindex $res 3]
+	}
+
 	if {$proxy != ""} {
 		if [regexp {@} $proxy] {
 			bell
@@ -8250,13 +8916,18 @@ proc direct_connect_windows {{hp ""}} {
 	}
 
 	if {$fail} {
+		catch { unset env(SSVNC_PROXY) }
+		catch { unset env(SSVNC_LISTEN) }
+		catch { unset env(SSVNC_DEST) }
+		winkill $ipv6_pid
 		return
 	}
 
 	set proxy_pid ""
 	if {$proxy != ""} {
 		mesg "Starting Proxy TCP helper on port $port ..."
-		after 500
+		after 400
+		# unencrypted br case:
 		set proxy_pid [exec "connect_br.exe" &]
 		catch { unset env(SSVNC_PROXY) }
 		catch { unset env(SSVNC_LISTEN) }
@@ -8275,9 +8946,14 @@ proc direct_connect_windows {{hp ""}} {
 		if {$n >= 5500} {
 			set n [expr $n - 5500]
 		}
+		global direct_connect_reverse_host_orig
+		set direct_connect_reverse_host_orig $host_orig
+
 		do_viewer_windows "$n"
+
+		set direct_connect_reverse_host_orig ""
 	} else {
-		if {$port >= 5900} {
+		if {$port >= 5900 && $port < 6100} {
 			set port [expr $port - 5900]
 		}
 		do_viewer_windows "$host:$port"
@@ -8287,6 +8963,8 @@ proc direct_connect_windows {{hp ""}} {
 
 	mesg "Disconnected from $hp."
 
+	winkill $ipv6_pid
+
 	global port_knocking_list
 	if [regexp {FINISH} $port_knocking_list] {
 		do_port_knock $host finish
@@ -10363,7 +11041,8 @@ proc save_profile {{parent "."}} {
 	}
 	set h [string trim $vncdisp]
 	set p $h
-	regsub {:.*$} $h "" h
+	# XXX host_part
+	regsub {:[0-9][0-9]*$} $h "" h
 	set host $h
 	regsub {[ 	].*$} $p "" p
 	regsub {^.*:} $p "" p
@@ -10394,7 +11073,7 @@ proc save_profile {{parent "."}} {
 		set proxyport ""
 	} else {
 		set p $h
-		regsub {:.*$} $h "" h
+		regsub {:[0-9][0-9]*$} $h "" h
 		set proxy $h
 		regsub {[ 	].*$} $p "" p
 		regsub {^.*:} $p "" p
@@ -10499,13 +11178,18 @@ proc rand_port {} {
 	global rand_port_list
 
 	set p ""
-	for {set i 0} {$i < 20} {incr i} {
+	for {set i 0} {$i < 30} {incr i} {
 		set p [expr 25000 + 35000 * rand()]	
 		set p [expr round($p)]
 		if {![info exists rand_port_list($p)]} {
 			break
 		}
 	}
+	if {$p == ""} {
+		unset rand_port_list
+		set p [expr 25000 + 35000 * rand()]	
+		set p [expr round($p)]
+	}
 	set rand_port_list($p) 1
 	return $p
 }
@@ -10635,7 +11319,7 @@ proc get_smb_redir {} {
 		set lhost ""
 		set lport ""
 		if {$hostport != ""} {
-			if [regexp {(.*):(.*)} $hostport mvar lhost lport] {
+			if [regexp {(.*):([0-9][0-9]*)} $hostport mvar lhost lport] {
 				;
 			} else {
 				set lhost $hostport
@@ -10643,7 +11327,7 @@ proc get_smb_redir {} {
 			}
 		} else {
 			if [regexp {//([^/][^/]*)/} $share mvar h] {
-				if [regexp {(.*):(.*)} $h mvar lhost lport] {
+				if [regexp {(.*):([0-9][0-9]*)} $h mvar lhost lport] {
 					;
 				} else {
 					set lhost $h
@@ -13704,6 +14388,8 @@ proc help_ssvncviewer_opts {} {
          VNCVIEWERCMD             (unix viewer command, default vncviewer)
          VNCVIEWERCMD_OVERRIDE    (force override of VNCVIEWERCMD)
          VNCVIEWERCMD_EXTRA_OPTS  (extra options to pass to VNCVIEWERCMD)
+         VNCVIEWER_LISTEN_LOCALHOST (force ssvncviewer to -listen on localhost)
+         VNCVIEWER_NO_SEC_TYPE_TIGHT(force ssvncviewer to skip rfbSecTypeTight)
 
          SSVNC_MULTIPLE_LISTEN    (-multilisten, see Multiple LISTEN above)
          SSVNC_ACCEPT_POPUP       (-acceptpopup, see Accept Popup Dialog)
@@ -13731,6 +14417,7 @@ proc help_ssvncviewer_opts {} {
          SSVNC_NO_MAYBE_SYNC
          SSVNC_MAX_LISTEN         (number of time to listen for reverse conn.)
          SSVNC_LISTEN_ONCE        (listen for reverse conn. only once)
+         STUNNEL_LISTEN           (stunnel interface for reverse conn.
          SSVNC_EXIT_DEBUG
          SSVNC_DEBUG_CHAT
          SSVNC_NO_MESSAGE_POPUP
@@ -13749,6 +14436,7 @@ proc help_ssvncviewer_opts {} {
          SSVNC_TEST_SEC_TYPE
          SSVNC_LIM_ACCEPT_PRELOAD
          SSVNC_SOCKS5
+         SSVNC_IPV6               (0 to disable ss_vncviewer ipv6 check)
 }
 
 	.av.f.t insert end $msg
@@ -14414,7 +15102,7 @@ proc multilisten_dialog {} {
 	wm title .multil "Multiple LISTEN Connections"
 
 	global help_font
-	set h 35
+	set h 36
 	if [small_height] {
 		set h 30
 	}
@@ -14430,8 +15118,9 @@ proc multilisten_dialog {} {
     This option only applies on Unix or MaOSX when using the supplied
     SSVNC vncviewer.  If you specify your own VNC Viewer it has no effect.
 
-    On Windows (only the stock TightVNC viewer is provided) it has no
-    effect.  On MacOSX if the COTVNC viewer is used it has no effect.
+    On Windows (only the stock TightVNC viewer is provided) it has no effect
+    because the Windows SSVNC can ONLY do "Multiple LISTEN Connections". 
+    Similarly on MacOSX if the COTVNC viewer is used there is no effect.
 
     Rationale:  To play it safe, the Unix vncviewer provided by SSVNC
     (ssvncviewer) only allows one LISTEN reverse connection at a time.
@@ -14646,9 +15335,10 @@ proc do_port_knock {hp mode} {
 	set default_delay 150
 
 	set host [string trim $hp]
+	# XXX host_part
 	regsub {^vnc://} $host "" host
 	regsub {^.*@} $host "" host
-	regsub {:.*$} $host "" host
+	regsub {:[0-9][0-9]*$} $host "" host
 	set host0 [string trim $host]
 
 	if {$host0 == ""} {
@@ -14749,7 +15439,7 @@ proc do_port_knock {hp mode} {
 			set line [string trim $first]
 		}
 
-		if {[regexp {^(.*):(.*)$} $line mv host port]} {
+		if {[regexp {^(.*):([0-9][0-9]*)$} $line mv host port]} {
 			;
 		} else {
 			set host $host0
@@ -14850,7 +15540,7 @@ proc do_port_knock {hp mode} {
 				raise .
 				tk_messageBox -type ok -icon error -message $emess -title "Error: socket -async $host $port"
 			}
-			set socks($i) $s
+			set sockets($i) $s
 			# seems we have to close it immediately to avoid multiple SYN's.
 			# does not help on Win9x.
 			catch {after 30; close $s};
@@ -14868,7 +15558,7 @@ proc do_port_knock {hp mode} {
 
 	if {0} {
 		for {set j 0} {$j < $i} {incr j} {
-			set $s $socks($j)
+			set $s $sockets($j)
 			if {$s != ""} {
 				catch {close $s}	
 			}
@@ -17146,7 +17836,7 @@ proc toggle_vnc_prefix {} {
 	if [regexp -nocase {^vnc://} $vncdisplay] {
 		regsub -nocase {^vnc://} $vncdisplay "" vncdisplay
 	} else {
-		regsub -nocase {^[A-z+]*://} $vncdisplay "" vncdisplay
+		regsub -nocase {^[a-z0-9+]*://} $vncdisplay "" vncdisplay
 		set vncdisplay "Vnc://$vncdisplay"
 	}
 	catch {.f0.e icursor end}
@@ -17174,6 +17864,10 @@ if {! $is_windows} {
 
 set ffont "fixed"
 
+global have_ipv6
+set have_ipv6 ""
+check_for_ipv6
+
 # need to check if "fixed" font under XFT on tk8.5 is actually fixed width!!
 if {$tcl_platform(platform) == "unix"} {
 	set ls ""
@@ -17389,6 +18083,15 @@ if [file exists $ssvncrc] {
 			if [regexp {^killstunnel=0} $str] {
 				set kill_stunnel 0
 			}
+			global have_ipv6
+			if [regexp {^ipv6=1} $str] {
+				set have_ipv6 1
+				set env(SSVNC_IPV6) 1
+			}
+			if [regexp {^ipv6=0} $str] {
+				set have_ipv6 0
+				set env(SSVNC_IPV6) 0
+			}
 			if [regexp {^mycert=(.*)$} $str m val] {
 				set val [string trim $val]
 				set mycert_default $val
@@ -17892,7 +18595,7 @@ for {set i 0} {$i < $argc} {incr i} {
 					break;
 				}
 			}
-			if {! $ok && [regexp {:} $item]} {
+			if {! $ok && [regexp {:[0-9][0-9]*$} $item]} {
 				global vncdisplay
 				set vncdisplay $item
 				set ok 1
diff --git a/x11vnc/misc/enhanced_tightvnc_viewer/build.unix b/x11vnc/misc/enhanced_tightvnc_viewer/build.unix
index bd258ed..48c9343 100755
--- a/x11vnc/misc/enhanced_tightvnc_viewer/build.unix
+++ b/x11vnc/misc/enhanced_tightvnc_viewer/build.unix
@@ -389,7 +389,7 @@ if [ "X$SSVNC_BUILD_SKIP_STUNNEL" = "X" ]; then
 		cp configure configure.orig
 		sed -e "s,/var/ssl,/var/ssl /usr/sfw," configure.orig > configure
 	fi
-	env LDFLAGS="-L$start/$libs $LDFLAGS_OS" CPPFLAGS="$CPPFLAGS_OS" ./configure --disable-libwrap
+	env LDFLAGS="-L$start/$libs $LDFLAGS_OS" CPPFLAGS="$CPPFLAGS_OS" ./configure --disable-libwrap --enable-ipv6
 	make
 	ls -l src/stunnel
 	cd "$start"
diff --git a/x11vnc/misc/enhanced_tightvnc_viewer/man/man1/ssvnc.1 b/x11vnc/misc/enhanced_tightvnc_viewer/man/man1/ssvnc.1
index 46bea26..60c60de 100644
--- a/x11vnc/misc/enhanced_tightvnc_viewer/man/man1/ssvnc.1
+++ b/x11vnc/misc/enhanced_tightvnc_viewer/man/man1/ssvnc.1
@@ -217,7 +217,7 @@ For example:
 
 or set both of them at once.
 
-To acheive the same effect, you can also
+To achieve the same effect, you can also
 set parameters in your ~/.ssvncrc file, for example:
 
 font_default=helvetica -20 bold
diff --git a/x11vnc/misc/enhanced_tightvnc_viewer/man/man1/ssvncviewer.1 b/x11vnc/misc/enhanced_tightvnc_viewer/man/man1/ssvncviewer.1
index a9dd71f..cd5ff0a 100644
--- a/x11vnc/misc/enhanced_tightvnc_viewer/man/man1/ssvncviewer.1
+++ b/x11vnc/misc/enhanced_tightvnc_viewer/man/man1/ssvncviewer.1
@@ -11,7 +11,7 @@
 .\" License as specified in the file LICENCE.TXT that comes with the
 .\" TightVNC distribution.
 .\"
-.TH ssvncviewer 1 "December 2009" "" "SSVNC"
+.TH ssvncviewer 1 "September 2009" "" "SSVNC"
 .SH NAME
 ssvncviewer \- an X viewer client for VNC
 .SH SYNOPSIS
diff --git a/x11vnc/misc/enhanced_tightvnc_viewer/src/patches/_bundle b/x11vnc/misc/enhanced_tightvnc_viewer/src/patches/_bundle
index d04ae89..940c9f1 100755
--- a/x11vnc/misc/enhanced_tightvnc_viewer/src/patches/_bundle
+++ b/x11vnc/misc/enhanced_tightvnc_viewer/src/patches/_bundle
@@ -1,7 +1,7 @@
 #!/bin/sh
 
 rm -rf ./src/tmp/* || exit 1
-vers=1.0.25
+vers=1.0.27
 
 cd .. || exit 1
 
diff --git a/x11vnc/misc/enhanced_tightvnc_viewer/src/patches/_getpatches b/x11vnc/misc/enhanced_tightvnc_viewer/src/patches/_getpatches
index 8e1ddcc..d12e1d1 100755
--- a/x11vnc/misc/enhanced_tightvnc_viewer/src/patches/_getpatches
+++ b/x11vnc/misc/enhanced_tightvnc_viewer/src/patches/_getpatches
@@ -1,5 +1,10 @@
 #!/bin/sh
 
+if [ ! -f ./_getpatches ]; then
+	ls -l ./_getpatches
+	exit 1
+fi
+
 cp -p /dist/src/apps/VNC/tight_vnc_1.3dev5/tight-vncviewer*patch .
 cp -p /dist/src/apps/VNC/tight_vnc_1.3dev5/vnc_unixsrc_vncviewer.patched.tar ../zips/
 
diff --git a/x11vnc/misc/enhanced_tightvnc_viewer/src/patches/tight-vncviewer-full.patch b/x11vnc/misc/enhanced_tightvnc_viewer/src/patches/tight-vncviewer-full.patch
index a511c03..6c4a993 100644
--- a/x11vnc/misc/enhanced_tightvnc_viewer/src/patches/tight-vncviewer-full.patch
+++ b/x11vnc/misc/enhanced_tightvnc_viewer/src/patches/tight-vncviewer-full.patch
@@ -664,7 +664,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/Vncviewer vnc_unixsrc/vncview
 +
 diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/argsresources.c vnc_unixsrc/vncviewer/argsresources.c
 --- vnc_unixsrc.orig/vncviewer/argsresources.c	2007-02-04 17:10:31.000000000 -0500
-+++ vnc_unixsrc/vncviewer/argsresources.c	2009-11-25 00:02:42.000000000 -0500
++++ vnc_unixsrc/vncviewer/argsresources.c	2010-02-25 21:52:30.000000000 -0500
 @@ -31,9 +31,9 @@
  
  char *fallback_resources[] = {
@@ -2099,7 +2099,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/argsresources.c vnc_unixsrc/v
  
  
  /*
-@@ -343,77 +1536,234 @@
+@@ -343,77 +1536,233 @@
   * not already processed by XtVaAppInitialize().  It sets vncServerHost and
   * vncServerPort and all the fields in appData.
   */
@@ -2111,8 +2111,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/argsresources.c vnc_unixsrc/v
 -  int i;
 -  char *vncServerName, *colonPos;
 -  int len, portOffset;
-+	int i;
-+	char *vncServerName, *colonPos;
++	char *vncServerName = NULL, *colonPos;
 +	int len, portOffset;
 +	int disp;
  
@@ -2375,7 +2374,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/argsresources.c vnc_unixsrc/v
 +			len--;
 +			portOffset = 0;
 +		}
-+		if (!len || strspn(colonPos + 1, "0123456789") != len) {
++		if (!len || strspn(colonPos + 1, "0123456789") != (size_t) len) {
 +			usage();
 +		}
 +#if 0
@@ -2391,7 +2390,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/argsresources.c vnc_unixsrc/v
  }
 diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/colour.c vnc_unixsrc/vncviewer/colour.c
 --- vnc_unixsrc.orig/vncviewer/colour.c	2002-04-30 09:07:31.000000000 -0400
-+++ vnc_unixsrc/vncviewer/colour.c	2009-11-29 22:31:14.000000000 -0500
++++ vnc_unixsrc/vncviewer/colour.c	2010-02-25 22:02:19.000000000 -0500
 @@ -31,9 +31,12 @@
  #define BGR233_SIZE 256
  unsigned long BGR233ToPixel[BGR233_SIZE];
@@ -2524,6 +2523,15 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/colour.c vnc_unixsrc/vncviewe
    }
  
    return bpp;
+@@ -374,7 +442,7 @@
+ 	if (!exactBGR233[i] &&
+ 	    XAllocColor(dpy, cmap, &cmapEntry[i])) {
+ 
+-	  if (cmapEntry[i].pixel == i) {
++	  if ((long) cmapEntry[i].pixel == i) {
+ 
+ 	    shared[i] = True; /* probably shared */
+ 
 @@ -394,16 +462,43 @@
      for (r = 0; r < 8; r++) {
        for (g = 0; g < 8; g++) {
@@ -2582,7 +2590,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/colour.c vnc_unixsrc/vncviewe
  	    if (shared[nearestPixel] && !usedAsNearest[nearestPixel])
  	      nSharedUsed++;
  	    usedAsNearest[nearestPixel] = True;
-@@ -433,6 +528,57 @@
+@@ -433,6 +528,59 @@
    }
  }
  
@@ -2591,7 +2599,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/colour.c vnc_unixsrc/vncviewe
 +{
 +  int r, g, b;
 +  int r2, g2, b2;
-+  long i, idx;
++  long idx;
 +  int cnt = 0;
 +  unsigned long pixel = 0;
 +
@@ -2628,19 +2636,21 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/colour.c vnc_unixsrc/vncviewe
 +		} else {
 +			idx = (b<<bs) | (g<<gs) | (r<<rs);
 +		}
-+		if (0) fprintf(stderr, "cnt: %5d idx: %5d pixel: 0x%08x\n", cnt, idx, pixel);
++		if (0) fprintf(stderr, "cnt: %5d idx: %lu pixel: 0x%08x\n", cnt, idx, (unsigned int) pixel);
 +		BGR565ToPixel[idx] = pixel;
 +		cnt++;
 +	}
 +      }
 +    }
++	green_mask = 0;
++	blue_mask = 0;
 +}
 +
 +
  
  /*
   * AllocateExactBGR233Colours() attempts to allocate each of the colours in the
-@@ -484,8 +630,13 @@
+@@ -484,8 +632,13 @@
      ri = rn;
      for (gi = 0; gi < gn; gi++) {
        for (bi = 0; bi < bn; bi++) {
@@ -2656,7 +2666,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/colour.c vnc_unixsrc/vncviewe
        }
      }
      rn++;
-@@ -496,8 +647,13 @@
+@@ -496,8 +649,13 @@
      gi = gn;
      for (ri = 0; ri < rn; ri++) {
        for (bi = 0; bi < bn; bi++) {
@@ -2672,7 +2682,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/colour.c vnc_unixsrc/vncviewe
        }
      }
      gn++;
-@@ -507,8 +663,13 @@
+@@ -507,8 +665,13 @@
        bi = bn;
        for (ri = 0; ri < rn; ri++) {
  	for (gi = 0; gi < gn; gi++) {
@@ -2688,7 +2698,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/colour.c vnc_unixsrc/vncviewe
  	}
        }
        bn++;
-@@ -529,18 +690,36 @@
+@@ -529,18 +692,36 @@
  AllocateBGR233Colour(int r, int g, int b)
  {
    XColor c;
@@ -2818,7 +2828,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/cp_it vnc_unixsrc/vncviewer/c
 +ls -l ./vncviewer* $dest $yy* $HOME/etv_col/Linux.i686/vncviewer*
 diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/cursor.c vnc_unixsrc/vncviewer/cursor.c
 --- vnc_unixsrc.orig/vncviewer/cursor.c	2003-01-15 04:46:52.000000000 -0500
-+++ vnc_unixsrc/vncviewer/cursor.c	2008-10-18 09:35:02.000000000 -0400
++++ vnc_unixsrc/vncviewer/cursor.c	2010-02-25 22:04:28.000000000 -0500
 @@ -38,8 +38,11 @@
  
  
@@ -2858,6 +2868,24 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/cursor.c vnc_unixsrc/vncviewe
  
  Bool HandleXCursor(int xhot, int yhot, int width, int height)
  {
+@@ -124,7 +134,7 @@
+     XQueryBestCursor(dpy, dr, width, height, &wret, &hret);
+   }
+ 
+-  if (width * height == 0 || wret < width || hret < height) {
++  if (width * height == 0 || (int) wret < width || (int) hret < height) {
+     /* Free resources */
+     if (buf != NULL)
+       free(buf);
+@@ -139,7 +149,7 @@
+   fg.green = (unsigned short)colors.foreGreen << 8 | colors.foreGreen;
+   fg.blue  = (unsigned short)colors.foreBlue  << 8 | colors.foreBlue;
+ 
+-  for (i = 0; i < bytesData * 2; i++)
++  for (i = 0; (size_t) i < bytesData * 2; i++)
+     buf[i] = (char)_reverse_byte[(int)buf[i] & 0xFF];
+ 
+   source = XCreateBitmapFromData(dpy, dr, buf, width, height);
 @@ -167,148 +177,179 @@
  
  Bool HandleCursorShape(int xhot, int yhot, int width, int height, CARD32 enc)
@@ -3176,7 +3204,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/cursor.c vnc_unixsrc/vncviewe
 -    x = si.framebufferWidth - 1;
 -  if (y >= si.framebufferHeight)
 -    y = si.framebufferHeight - 1;
-+	//fprintf(stderr, "xy: %d %d\n", x, y);
++	/* fprintf(stderr, "xy: %d %d\n", x, y); */
  
 -  SoftCursorMove(x, y);
 -  return True;
@@ -3309,7 +3337,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/cursor.c vnc_unixsrc/vncviewe
  }
  
  
-@@ -429,41 +479,170 @@
+@@ -429,41 +479,169 @@
  	  rcLockY + rcLockHeight > rcCursorY - rcHotY);
  }
  
@@ -3372,7 +3400,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/cursor.c vnc_unixsrc/vncviewe
 +
 +static void SoftCursorCopyArea(int oper) {
 +	int x, y, w, h;
-+	int xs, ys, ws, hs;
++	int xs = 0, ys = 0, ws = 0, hs = 0;
 +	static int scale_saved = 0, ss_w, ss_h;
 +	int db = 0;
 +
@@ -3398,7 +3426,6 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/cursor.c vnc_unixsrc/vncviewe
 +	}
 +
 +	if (image_scale != NULL && scale_x > 0) {
-+		int i, t = 1;
 +		xs = (int) (x * scale_factor_x);
 +		ys = (int) (y * scale_factor_y);
 +		ws = scale_round(w, scale_factor_x);
@@ -3513,7 +3540,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/cursor.c vnc_unixsrc/vncviewe
  }
  
  static void SoftCursorDraw(void)
-@@ -472,43 +651,182 @@
+@@ -472,43 +650,182 @@
    int offset, bytesPerPixel;
    char *pos;
  
@@ -3726,8 +3753,8 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/cursor.c vnc_unixsrc/vncviewe
 -
 diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/desktop.c vnc_unixsrc/vncviewer/desktop.c
 --- vnc_unixsrc.orig/vncviewer/desktop.c	2004-05-28 13:29:29.000000000 -0400
-+++ vnc_unixsrc/vncviewer/desktop.c	2009-11-29 22:05:55.000000000 -0500
-@@ -28,28 +28,498 @@
++++ vnc_unixsrc/vncviewer/desktop.c	2010-02-25 22:32:49.000000000 -0500
+@@ -28,28 +28,497 @@
  #include <X11/extensions/XShm.h>
  #endif
  
@@ -3757,7 +3784,6 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/desktop.c vnc_unixsrc/vncview
 +int image_is_shm = 0;
  
  static Cursor CreateDotCursor();
-+static Cursor CreateBogoCursor();
  static void CopyBGR233ToScreen(CARD8 *buf, int x, int y, int width,int height);
  static void HandleBasicDesktopEvent(Widget w, XtPointer ptr, XEvent *ev,
  				    Boolean *cont);
@@ -3851,7 +3877,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/desktop.c vnc_unixsrc/vncview
 +void put_image(int src_x, int src_y, int dst_x, int dst_y, int width, int height, int solid);
 +void create_image();
 +
-+// toplevel -> form -> viewport -> desktop
++/* toplevel -> form -> viewport -> desktop */
 +
 +void adjust_Xt_win(int w, int h) {
 +	int x, y, dw, dh, h0 = h;
@@ -3932,7 +3958,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/desktop.c vnc_unixsrc/vncview
 +
 +	if (image_scale == NULL) {
 +		/* switching from not scaled */
-+		int i, start_over = 0;
++		int i;
 +		int Bpl = image->bytes_per_line;
 +		char *dst, *src = image->data;
 +
@@ -4049,7 +4075,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/desktop.c vnc_unixsrc/vncview
 +
 +	SoftCursorUnlockScreen();
 +
-+	fprintf(stderr, "rescale: image_scale=0x%x image=0x%x image_ycrop=0x%x\n", image_scale, image, image_ycrop);
++	fprintf(stderr, "rescale: image_scale=%p image=%p image_ycrop=%p\n", (void *) image_scale, (void *) image, (void *) image_ycrop);
 +	last_rescale = dnow();
 +
 +}
@@ -4222,7 +4248,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/desktop.c vnc_unixsrc/vncview
 +		int h = si.framebufferHeight;
 +		if (h > 2 * w) {
 +			fprintf(stderr, "Tall display (%dx%d) suspect 'x11vnc -ncache' mode,\n", w, h);
-+			fprintf(stderr, "  setting auto -ycrop detection.\n", w, h);
++			fprintf(stderr, "  setting auto -ycrop detection.\n");
 +			appData.yCrop = -1;
 +		}
 +	}
@@ -4230,7 +4256,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/desktop.c vnc_unixsrc/vncview
  
  /*
   * DesktopInitBeforeRealization creates the "desktop" widget and the viewport
-@@ -59,92 +529,1017 @@
+@@ -59,91 +528,1023 @@
  void
  DesktopInitBeforeRealization()
  {
@@ -4285,7 +4311,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/desktop.c vnc_unixsrc/vncview
 -  for (i = 0; i < 256; i++)
 -    modifierPressed[i] = False;
 +	if (appData.yCrop) {
-+		int wm, hm;
++		int hm;
 +		if (appData.yCrop < 0) {
 +			appData.yCrop = guessCrop();
 +			fprintf(stderr, "Set -ycrop to: %d\n", appData.yCrop);
@@ -4301,20 +4327,8 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/desktop.c vnc_unixsrc/vncview
 -    if (!image)
 -      appData.useShm = False;
 -  }
--#endif
 +		hm *= frac_y;
- 
--  if (!image) {
--    image = XCreateImage(dpy, vis, visdepth, ZPixmap, 0, NULL,
--			 si.framebufferWidth, si.framebufferHeight,
--			 BitmapPad(dpy), 0);
--
--    image->data = malloc(image->bytes_per_line * image->height);
--    if (!image->data) {
--      fprintf(stderr,"malloc failed\n");
--      exit(1);
--    }
--  }
++
 +		XtVaSetValues(toplevel, XtNmaxHeight, hm, XtNheight, hm, NULL);
 +		XtVaSetValues(form,     XtNmaxHeight, hm, XtNheight, hm, NULL);
 +		XtVaSetValues(viewport, XtNforceBars, False, NULL);
@@ -4331,11 +4345,25 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/desktop.c vnc_unixsrc/vncview
 +	create_image();
 +}
 +
++#if 0
 +static Widget scrollbar_y = NULL;
-+
 +static int xsst = 2;
+ #endif
+ 
+-  if (!image) {
+-    image = XCreateImage(dpy, vis, visdepth, ZPixmap, 0, NULL,
+-			 si.framebufferWidth, si.framebufferHeight,
+-			 BitmapPad(dpy), 0);
+-
+-    image->data = malloc(image->bytes_per_line * image->height);
+-    if (!image->data) {
+-      fprintf(stderr,"malloc failed\n");
+-      exit(1);
+-    }
+-  }
 +#include <X11/Xaw/Scrollbar.h>
 +
++#if 0
 +static XtCallbackProc Scrolled(Widget w, XtPointer closure, XtPointer call_data) {
 +	Position x, y;
 +	XtVaGetValues(desktop, XtNx, &x, XtNy, &y, NULL);
@@ -4350,6 +4378,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/desktop.c vnc_unixsrc/vncview
 +		float t = 0.0;
 +		XtVaSetValues(w, XtNtopOfThumb, &t, NULL);
 +	}
++	if (closure) {}
  }
  
 +static XtCallbackProc Jumped(Widget w, XtPointer closure, XtPointer call_data) {
@@ -4369,12 +4398,13 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/desktop.c vnc_unixsrc/vncview
 +			XtVaSetValues(w, XtNtopOfThumb, *(XtArgVal*)&t, XtNshown, *(XtArgVal*)&s, NULL);
 +		}
 +	}
++	if (closure) {}
 +}
++#endif
 +
 +extern double dnow(void);
 +
 +void check_things() {
-+	static int installed_callback = 0;
 +	static int first = 1;
 +	static double last_scrollbar = 0.0;
 +	int w = si.framebufferWidth;
@@ -4399,7 +4429,6 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/desktop.c vnc_unixsrc/vncview
 +		wv = XtNameToWidget(viewport, "vertical");
 +		wh = XtNameToWidget(viewport, "horizontal");
 +		if (wc && wv && wh) {
-+			int doit = 1;
 +			int sb = appData.sbWidth;
 +			XtVaGetValues(wv, XtNwidth, &w0, XtNheight, &h0, XtNborderWidth, &b0, XtNx, &x0, XtNy, &y0, NULL);
 +			XtVaGetValues(wh, XtNwidth, &w1, XtNheight, &h1, XtNborderWidth, &b1, XtNx, &x1, XtNy, &y1, NULL);
@@ -4562,8 +4591,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/desktop.c vnc_unixsrc/vncview
 +			appData.useXserverBackingStore = False;
 +		}
 +	}
- 
--  XChangeWindowAttributes(dpy, desktopWin, valuemask, &attr);
++
 +	if (appData.useXserverBackingStore) {
 +		XtVaGetApplicationResources(desktop, (XtPointer)&attr.backing_store,
 +		    desktopBackingStoreResources, 1, NULL);
@@ -4597,13 +4625,11 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/desktop.c vnc_unixsrc/vncview
 +
 +extern void FreeX11Cursor(void);
 +extern void FreeSoftCursor(void);
-+
+ 
+-  XChangeWindowAttributes(dpy, desktopWin, valuemask, &attr);
 +void
 +DesktopCursorOff()
 +{
-+	XSetWindowAttributes attr;
-+	unsigned long valuemask;
-+
 +	if (dotCursor3 == None) {
 +		dotCursor3 = CreateDotCursor(3);
 +		dotCursor4 = CreateDotCursor(4);
@@ -4615,9 +4641,9 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/desktop.c vnc_unixsrc/vncview
 +	}
 +	FreeX11Cursor();
 +	FreeSoftCursor();
- }
- 
- 
++}
++
++
 +#define CEIL(x)  ( (double) ((int) (x)) == (x) ? \
 +	(double) ((int) (x)) : (double) ((int) (x) + 1) )
 +#define FLOOR(x) ( (double) ((int) (x)) )
@@ -4630,7 +4656,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/desktop.c vnc_unixsrc/vncview
 +		i = n - 1;
 +	}
 +	return i;
-+}
+ }
 +#else
 +#define nfix(i, n) ( i < 0 ? 0 : ( (i >= n) ? (n - 1) : i  ) )
 +#endif
@@ -4653,7 +4679,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/desktop.c vnc_unixsrc/vncview
 +
 +	double w, wx, wy, wtot; /* pixel weights */
 +
-+	double x1, y1, x2, y2;  /* x-y coords for destination pixels edges */
++	double x1 = 0, y1, x2 = 0, y2;  /* x-y coords for destination pixels edges */
 +	double dx, dy;          /* size of destination pixel */
 +	double ddx=0, ddy=0;    /* for interpolation expansion */
 +
@@ -4674,7 +4700,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/desktop.c vnc_unixsrc/vncview
 +	/* internal */
 +
 +	int X1, X2, Y1, Y2;
-+
+ 
 +	int Nx = si.framebufferWidth;
 +	int Ny = si.framebufferHeight;
 +
@@ -4688,7 +4714,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/desktop.c vnc_unixsrc/vncview
 +	unsigned long main_red_mask = image->red_mask;
 +	unsigned long main_green_mask = image->green_mask;
 +	unsigned long main_blue_mask = image->blue_mask;
-+	int mark = 1, n;
++	int mark = 1;
 +
 +	char *src_fb = image_scale->data;
 +	char *dst_fb = image->data;
@@ -4696,7 +4722,9 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/desktop.c vnc_unixsrc/vncview
 +	static int nosolid = -1;
 +	int sbdy = 3;
 +	double fmax = factor_x > factor_y ? factor_x : factor_y;
++#if 0
 +	double fmin = factor_x < factor_y ? factor_x : factor_y;
++#endif
 +
 +	X1 = *px;
 +	X2 = *px + *pw;
@@ -4708,7 +4736,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/desktop.c vnc_unixsrc/vncview
 +		sbdy = (int) (2.0 * fmax * sbdy);
 +	}
 +
-+	//fprintf(stderr, "scale_rect: %dx%d+%d+%d\n", *pw, *ph, *px, *py);
++	/* fprintf(stderr, "scale_rect: %dx%d+%d+%d\n", *pw, *ph, *px, *py); */
 +
 +	*px = (int) (*px * factor_x);
 +	*py = (int) (*py * factor_y);
@@ -4808,7 +4836,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/desktop.c vnc_unixsrc/vncview
 +			mag_int = n;
 +		}
 +	}
-+if (0) fprintf(stderr, "X1: %d Y1: %d X2: %d Y2: %d\n", X1, Y1, X2, Y2);//G
++if (0) fprintf(stderr, "X1: %d Y1: %d X2: %d Y2: %d\n", X1, Y1, X2, Y2);
 +
 +	if (mark && !shrink && blend) {
 +		/*
@@ -4892,7 +4920,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/desktop.c vnc_unixsrc/vncview
 +	 * Loop over destination pixels in scaled fb:
 +	 */
 +	for (j=j1; j<j2; j++) {
-+		int jbdy = 1, I1_solid;
++		int jbdy = 1, I1_solid = 0;
 +
 +		y1 =  j * dy;	/* top edge */
 +		if (y1 > Ny - 1) {
@@ -4987,7 +5015,9 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/desktop.c vnc_unixsrc/vncview
 +				I2 = I1 + 1;	/* simple interpolation */
 +				ddx = x1 - I1;
 +			}
-+//if (first) fprintf(stderr, "  I1=%d I2=%d J1=%d J2=%d\n", I1, I2, J1, J2);//G
++#if 0
++if (first) fprintf(stderr, "  I1=%d I2=%d J1=%d J2=%d\n", I1, I2, J1, J2);
++#endif
 +
 +			/* Zero out accumulators for next pixel average: */
 +			for (b=0; b<4; b++) {
@@ -5281,9 +5311,11 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/desktop.c vnc_unixsrc/vncview
 +	}
 +}
 +
-+//fprintf(stderr, "non-shmB image %d %d %d %d %d %d\n", src_x, src_y, dst_x, dst_y, width, height);
-+//fprintf(stderr, "shm image_ycrop %d %d %d %d %d %d\n", 0, 0, dst_x, dst_y, width, height);
-+//fprintf(stderr, "non-shmA image %d %d %d %d %d %d\n", src_x, src_y, dst_x, dst_y, width, height);
++#if 0
++fprintf(stderr, "non-shmB image %d %d %d %d %d %d\n", src_x, src_y, dst_x, dst_y, width, height);
++fprintf(stderr, "shm image_ycrop %d %d %d %d %d %d\n", 0, 0, dst_x, dst_y, width, height);
++fprintf(stderr, "non-shmA image %d %d %d %d %d %d\n", src_x, src_y, dst_x, dst_y, width, height);
++#endif
 +
 +void releaseAllPressedModifiers(void) {
 +	int i;
@@ -5306,25 +5338,25 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/desktop.c vnc_unixsrc/vncview
 +}
 +
 +#define PR_EXPOSE fprintf(stderr, "Expose: %04dx%04d+%04d+%04d %04d/%04d/%04d now: %8.4f rescale: %8.4f fullscreen: %8.4f\n", width, height, x, y, si.framebufferWidth, appData.yCrop, si.framebufferHeight, now - start_time, now - last_rescale, now - last_fullscreen);
-+
+ 
  /*
   * HandleBasicDesktopEvent - deal with expose and leave events.
-  */
-@@ -152,42 +1547,528 @@
+@@ -152,42 +1553,529 @@
  static void
  HandleBasicDesktopEvent(Widget w, XtPointer ptr, XEvent *ev, Boolean *cont)
  {
 -  int i;
-+	int i, x, y, width, height;
-+	static double last_expose = 0.0;
++	int x, y, width, height;
 +	double now = dnow();
+ 
+-  switch (ev->type) {
++	if (w || ptr || cont) {}
 +
 +	if (0) {
 +		PR_EXPOSE;
 +	}
  
--  switch (ev->type) {
- 
++
 +  switch (ev->type) {
    case Expose:
    case GraphicsExpose:
@@ -5452,8 +5484,8 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/desktop.c vnc_unixsrc/vncview
 +	break;
    }
 +	check_things();
- }
- 
++}
++
 +extern Position desktopX, desktopY;
 +
 +void x11vnc_appshare(char *cmd) {
@@ -5548,7 +5580,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/desktop.c vnc_unixsrc/vncview
 +
 +	x2 = -x;
 +	y2 = -y;
- 
++
 +	if (amount == -1.0) {
 +		int dx = horiz;
 +		int dy = vert;
@@ -5593,8 +5625,8 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/desktop.c vnc_unixsrc/vncview
 +	} else if (amount == -1.0) {
 +		XSync(dpy, False);
 +	}
-+}
-+
+ }
+ 
 +void scale_desktop(int bigger, double frac) {
 +	double current, new;
 +	char tmp[100];
@@ -5631,7 +5663,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/desktop.c vnc_unixsrc/vncview
 +	if (0.99 < new && new < 1.01) {
 +		new = 1.0;
 +	}
-+
+ 
 +	if (new > 5.0) {
 +		fprintf(stderr, "scale_desktop: not scaling > 5.0: %f\n", new);
 +		return;
@@ -5861,7 +5893,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/desktop.c vnc_unixsrc/vncview
  /*
   * SendRFBEvent is an action which sends an RFB event.  It can be used in two
   * ways.  Without any parameters it simply sends an RFB event corresponding to
-@@ -201,127 +2082,406 @@
+@@ -201,127 +2089,406 @@
   * button2 down, 3 for both, etc).
   */
  
@@ -5917,7 +5949,8 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/desktop.c vnc_unixsrc/vncview
 +		}
 +		return;
 +	}
-+
+ 
+-  if (appData.viewOnly) return;
 +	if (appData.fullScreen && ev->type == MotionNotify && !escape_drag_in_progress) {
 +		if (BumpScroll(ev)) {
 +			return;
@@ -6163,8 +6196,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/desktop.c vnc_unixsrc/vncview
 +	if (appData.viewOnly) {
 +		return;
 +	}
- 
--  if (appData.viewOnly) return;
++
 +	if (*num_params != 0) {
 +		if (strncasecmp(params[0],"key",3) == 0) {
 +			if (*num_params != 2) {
@@ -6376,14 +6408,30 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/desktop.c vnc_unixsrc/vncview
  }
  
  
-@@ -329,26 +2489,207 @@
+@@ -329,68 +2496,255 @@
   * CreateDotCursor.
   */
  
 +#ifndef very_small_dot_cursor
-+static Cursor
+ static Cursor
+-CreateDotCursor()
 +CreateDotCursor(int which)
-+{
+ {
+-  Cursor cursor;
+-  Pixmap src, msk;
+-  static char srcBits[] = { 0, 14,14,14, 0 };
+-  static char mskBits[] = { 14,31,31,31,14 };
+-  XColor fg, bg;
+-
+-  src = XCreateBitmapFromData(dpy, DefaultRootWindow(dpy), srcBits, 5, 5);
+-  msk = XCreateBitmapFromData(dpy, DefaultRootWindow(dpy), mskBits, 5, 5);
+-  XAllocNamedColor(dpy, DefaultColormap(dpy,DefaultScreen(dpy)), "black",
+-		   &fg, &fg);
+-  XAllocNamedColor(dpy, DefaultColormap(dpy,DefaultScreen(dpy)), "white",
+-		   &bg, &bg);
+-  cursor = XCreatePixmapCursor(dpy, src, msk, &fg, &bg, 2, 2);
+-  XFreePixmap(dpy, src);
+-  XFreePixmap(dpy, msk);
 +	Cursor cursor;
 +	Pixmap src, msk;
 +	static char srcBits3[] = { 0x00, 0x02, 0x00 };
@@ -6406,28 +6454,14 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/desktop.c vnc_unixsrc/vncview
 +	cursor = XCreatePixmapCursor(dpy, src, msk, &fg, &bg, 1, 1);
 +	XFreePixmap(dpy, src);
 +	XFreePixmap(dpy, msk);
-+
+ 
+-  return cursor;
 +	return cursor;
-+}
+ }
 +#else
- static Cursor
- CreateDotCursor()
- {
--  Cursor cursor;
--  Pixmap src, msk;
--  static char srcBits[] = { 0, 14,14,14, 0 };
--  static char mskBits[] = { 14,31,31,31,14 };
--  XColor fg, bg;
--
--  src = XCreateBitmapFromData(dpy, DefaultRootWindow(dpy), srcBits, 5, 5);
--  msk = XCreateBitmapFromData(dpy, DefaultRootWindow(dpy), mskBits, 5, 5);
--  XAllocNamedColor(dpy, DefaultColormap(dpy,DefaultScreen(dpy)), "black",
--		   &fg, &fg);
--  XAllocNamedColor(dpy, DefaultColormap(dpy,DefaultScreen(dpy)), "white",
--		   &bg, &bg);
--  cursor = XCreatePixmapCursor(dpy, src, msk, &fg, &bg, 2, 2);
--  XFreePixmap(dpy, src);
--  XFreePixmap(dpy, msk);
++static Cursor
++CreateDotCursor()
++{
 +	Cursor cursor;
 +	Pixmap src, msk;
 +	static char srcBits[] = { 0, 14, 0 };
@@ -6443,11 +6477,11 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/desktop.c vnc_unixsrc/vncview
 +	cursor = XCreatePixmapCursor(dpy, src, msk, &fg, &bg, 1, 1);
 +	XFreePixmap(dpy, src);
 +	XFreePixmap(dpy, msk);
-+
+ 
 +	return cursor;
 +}
 +#endif
-+
+ 
 +int skip_maybe_sync = 0;
 +void maybe_sync(int width, int height) {
 +	static int singles = 0, always_skip = -1;
@@ -6486,13 +6520,17 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/desktop.c vnc_unixsrc/vncview
 +	}
 +#endif
 +}
-+/*
+ /*
+- * CopyDataToScreen.
 + * FillImage.
-+ */
-+
-+void
+  */
+ 
+ void
+-CopyDataToScreen(char *buf, int x, int y, int width, int height)
 +FillScreen(int x, int y, int width, int height, unsigned long fill)
-+{
+ {
+-  if (appData.rawDelay != 0) {
+-    XFillRectangle(dpy, desktopWin, gc, x, y, width, height);
 +	XImage *im = image_scale ? image_scale : image;
 +	int bpp = im->bits_per_pixel;
 +	int Bpp = im->bits_per_pixel / 8;
@@ -6505,13 +6543,17 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/desktop.c vnc_unixsrc/vncview
 +	unsigned int   *uip;
 +	char *scr;
 +	int b0, b1, b2;
-+
-+//fprintf(stderr, "FillImage bpp=%d %04dx%04d+%04d+%04d -- 0x%x\n", bpp, width, height, x, y, fill);
+ 
+-    XSync(dpy,False);
++#if 0
++fprintf(stderr, "FillImage bpp=%d %04dx%04d+%04d+%04d -- 0x%x\n", bpp, width, height, x, y, fill);
++#endif
 +	if (appData.chatOnly) {
 +		return;
 +	}
  
--  return cursor;
+-    usleep(appData.rawDelay * 1000);
+-  }
 +	if (widthInBytes > buflen || !buf)  {
 +		if (buf) {
 +			free(buf);
@@ -6528,7 +6570,23 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/desktop.c vnc_unixsrc/vncview
 +	} else {
 +		b0 = 2; b1 = 1; b2 = 0;
 +	}
-+
+ 
+-  if (!appData.useBGR233) {
+-    int h;
+-    int widthInBytes = width * myFormat.bitsPerPixel / 8;
+-    int scrWidthInBytes = si.framebufferWidth * myFormat.bitsPerPixel / 8;
+-
+-    char *scr = (image->data + y * scrWidthInBytes
+-		 + x * myFormat.bitsPerPixel / 8);
+-
+-    for (h = 0; h < height; h++) {
+-      memcpy(scr, buf, widthInBytes);
+-      buf += widthInBytes;
+-      scr += scrWidthInBytes;
+-    }
+-  } else {
+-    CopyBGR233ToScreen((CARD8 *)buf, x, y, width, height);
+-  }
 +	for (h = 0; h < width; h++) {
 +		if (bpp == 8) {
 +			*(ucp+h) = (unsigned char)  fill;
@@ -6542,7 +6600,12 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/desktop.c vnc_unixsrc/vncview
 +			*(uip+h) = (unsigned int)   fill;
 +		}
 +	}
-+
+ 
+-#ifdef MITSHM
+-  if (appData.useShm) {
+-    XShmPutImage(dpy, desktopWin, gc, image, x, y, x, y, width, height, False);
+-    return;
+-  }
 +	scr = im->data + y * Bpl + x * Bpp;
 +
 +	for (h = 0; h < height; h++) {
@@ -6561,7 +6624,10 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/desktop.c vnc_unixsrc/vncview
 +	int Bpl = im->bytes_per_line;
 +	int did2 = 0;
 +
-+//fprintf(stderr, "copy_rect: %04dx%04d+%04d+%04d -- %04d %04d Bpp=%d Bpl=%d\n", width, height, x, y, src_x, src_y, Bpp, Bpl);
++#if 0
++fprintf(stderr, "copy_rect: %04dx%04d+%04d+%04d -- %04d %04d Bpp=%d Bpl=%d\n", width, height, x, y, src_x, src_y, Bpp, Bpl);
+ #endif
+-  XPutImage(dpy, desktopWin, gc, image, x, y, x, y, width, height);
 +	copyrect2:
 +
 +	if (y < src_y) {
@@ -6597,20 +6663,16 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/desktop.c vnc_unixsrc/vncview
 +		did2 = 1;
 +		goto copyrect2;
 +	}
- }
- 
- 
-@@ -359,38 +2700,39 @@
- void
- CopyDataToScreen(char *buf, int x, int y, int width, int height)
- {
--  if (appData.rawDelay != 0) {
--    XFillRectangle(dpy, desktopWin, gc, x, y, width, height);
--
--    XSync(dpy,False);
--
--    usleep(appData.rawDelay * 1000);
--  }
++}
++
++
++/*
++ * CopyDataToScreen.
++ */
++
++void
++CopyDataToScreen(char *buf, int x, int y, int width, int height)
++{
 +	if (appData.chatOnly) {
 +		return;
 +	}
@@ -6619,23 +6681,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/desktop.c vnc_unixsrc/vncview
 +		XSync(dpy,False);
 +		usleep(appData.rawDelay * 1000);
 +	}
- 
--  if (!appData.useBGR233) {
--    int h;
--    int widthInBytes = width * myFormat.bitsPerPixel / 8;
--    int scrWidthInBytes = si.framebufferWidth * myFormat.bitsPerPixel / 8;
--
--    char *scr = (image->data + y * scrWidthInBytes
--		 + x * myFormat.bitsPerPixel / 8);
--
--    for (h = 0; h < height; h++) {
--      memcpy(scr, buf, widthInBytes);
--      buf += widthInBytes;
--      scr += scrWidthInBytes;
--    }
--  } else {
--    CopyBGR233ToScreen((CARD8 *)buf, x, y, width, height);
--  }
++
 +	if (appData.useBGR233) {
 +		CopyBGR233ToScreen((CARD8 *)buf, x, y, width, height);
 +	} else if (appData.useBGR565) {
@@ -6644,11 +6690,12 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/desktop.c vnc_unixsrc/vncview
 +		int h;
 +		int widthInBytes = width * myFormat.bitsPerPixel / 8;
 +		int scrWidthInBytes = si.framebufferWidth * myFormat.bitsPerPixel / 8;
++		char *scr;
 +		XImage *im = image_scale ? image_scale : image;
 +
 +		if (scrWidthInBytes != im->bytes_per_line) scrWidthInBytes = im->bytes_per_line;
 +
-+		char *scr = (im->data + y * scrWidthInBytes
++		scr = (im->data + y * scrWidthInBytes
 +		    + x * myFormat.bitsPerPixel / 8);
 +
 +		for (h = 0; h < height; h++) {
@@ -6657,20 +6704,13 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/desktop.c vnc_unixsrc/vncview
 +			scr += scrWidthInBytes;
 +		}
 +	}
- 
--#ifdef MITSHM
--  if (appData.useShm) {
--    XShmPutImage(dpy, desktopWin, gc, image, x, y, x, y, width, height, False);
--    return;
--  }
--#endif
--  XPutImage(dpy, desktopWin, gc, image, x, y, x, y, width, height);
++
 +	put_image(x, y, x, y, width, height, 0);
 +	maybe_sync(width, height);
  }
  
  
-@@ -401,62 +2743,339 @@
+@@ -401,62 +2755,338 @@
  static void
  CopyBGR233ToScreen(CARD8 *buf, int x, int y, int width, int height)
  {
@@ -6912,7 +6952,6 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/desktop.c vnc_unixsrc/vncview
 +			fprintf(stderr, "Set -ycrop to: %d\n", appData.yCrop);
 +		} else {
 +			int w1 = si.framebufferWidth;
-+			int w0 = old_width;
 +			appData.yCrop = (w1 * appData.yCrop) / old_width;
 +			if (appData.yCrop <= 100)  {
 +				appData.yCrop = guessCrop();
@@ -7066,8 +7105,8 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/desktop.c vnc_unixsrc/vncview
  }
 diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/dialogs.c vnc_unixsrc/vncviewer/dialogs.c
 --- vnc_unixsrc.orig/vncviewer/dialogs.c	2000-10-26 15:19:19.000000000 -0400
-+++ vnc_unixsrc/vncviewer/dialogs.c	2009-10-27 00:14:05.000000000 -0400
-@@ -25,75 +25,549 @@
++++ vnc_unixsrc/vncviewer/dialogs.c	2010-02-25 22:33:06.000000000 -0500
+@@ -25,75 +25,564 @@
  #include <X11/Xaw/Dialog.h>
  
  static Bool serverDialogDone = False;
@@ -7096,12 +7135,14 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/dialogs.c vnc_unixsrc/vncview
 +ScaleDialogDone(Widget w, XEvent *event, String *params, Cardinal *num_params)
 +{
 +	scaleDialogDone = True;
++	if (w || event || params || num_params) {}
 +}
 +
 +void
 +EscapeDialogDone(Widget w, XEvent *event, String *params, Cardinal *num_params)
 +{
 +	escapeDialogDone = True;
++	if (w || event || params || num_params) {}
 +}
 +
 +void dialog_over(Widget wid) {
@@ -7256,6 +7297,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/dialogs.c vnc_unixsrc/vncview
 +YCropDialogDone(Widget w, XEvent *event, String *params, Cardinal *num_params)
 +{
 +	ycropDialogDone = True;
++	if (w || event || params || num_params) {}
 +}
 +
 +char *
@@ -7301,6 +7343,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/dialogs.c vnc_unixsrc/vncview
 +ScbarDialogDone(Widget w, XEvent *event, String *params, Cardinal *num_params)
 +{
 +	scbarDialogDone = True;
++	if (w || event || params || num_params) {}
 +}
 +
 +char *
@@ -7346,6 +7389,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/dialogs.c vnc_unixsrc/vncview
 +ScaleNDialogDone(Widget w, XEvent *event, String *params, Cardinal *num_params)
 +{
 +	scaleNDialogDone = True;
++	if (w || event || params || num_params) {}
 +}
 +
 +char *
@@ -7392,6 +7436,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/dialogs.c vnc_unixsrc/vncview
 +QualityDialogDone(Widget w, XEvent *event, String *params, Cardinal *num_params)
 +{
 +	qualityDialogDone = True;
++	if (w || event || params || num_params) {}
 +}
 +
 +char *
@@ -7437,6 +7482,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/dialogs.c vnc_unixsrc/vncview
 +CompressDialogDone(Widget w, XEvent *event, String *params, Cardinal *num_params)
 +{
 +	compressDialogDone = True;
++	if (w || event || params || num_params) {}
 +}
 +
 +char *
@@ -7487,6 +7533,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/dialogs.c vnc_unixsrc/vncview
  {
 -  serverDialogDone = True;
 +	serverDialogDone = True;
++	if (w || event || params || num_params) {}
  }
  
  char *
@@ -7521,7 +7568,9 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/dialogs.c vnc_unixsrc/vncview
 +	} else {
 +		xtmove(pshell);
 +	}
-+	//dialog_input(pshell);
++#if 0
++	dialog_input(pshell);
++#endif
 +	wm_delete(pshell, "ServerDialogDone()");
 +
 +	serverDialogDone = False;
@@ -7547,6 +7596,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/dialogs.c vnc_unixsrc/vncview
 +UserDialogDone(Widget w, XEvent *event, String *params, Cardinal *num_params)
 +{
 +	userDialogDone = True;
++	if (w || event || params || num_params) {}
 +}
  
 -  XtPopdown(pshell);
@@ -7573,7 +7623,9 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/dialogs.c vnc_unixsrc/vncview
 +	} else {
 +		xtmove(pshell);
 +	}
-+	//dialog_input(pshell);
++#if 0
++	dialog_input(pshell);
++#endif
 +	wm_delete(pshell, "UserDialogDone()");
 +
 +	userDialogDone = False;
@@ -7591,11 +7643,13 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/dialogs.c vnc_unixsrc/vncview
  }
  
  void
- PasswordDialogDone(Widget w, XEvent *event, String *params,
- 		   Cardinal *num_params)
+-PasswordDialogDone(Widget w, XEvent *event, String *params,
+-		   Cardinal *num_params)
++PasswordDialogDone(Widget w, XEvent *event, String *params, Cardinal *num_params)
  {
 -  passwordDialogDone = True;
 +	passwordDialogDone = True;
++	if (w || event || params || num_params) {}
  }
  
  char *
@@ -7637,7 +7691,9 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/dialogs.c vnc_unixsrc/vncview
 +	} else {
 +		xtmove(pshell);
 +	}
-+	//dialog_input(pshell);
++#if 0
++	dialog_input(pshell);
++#endif
 +	wm_delete(pshell, "PasswordDialogDone()");
 +
 +	passwordDialogDone = False;
@@ -7657,8 +7713,14 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/dialogs.c vnc_unixsrc/vncview
  }
 diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/fullscreen.c vnc_unixsrc/vncviewer/fullscreen.c
 --- vnc_unixsrc.orig/vncviewer/fullscreen.c	2003-10-09 05:23:49.000000000 -0400
-+++ vnc_unixsrc/vncviewer/fullscreen.c	2008-10-25 18:22:14.000000000 -0400
-@@ -27,15 +27,18 @@
++++ vnc_unixsrc/vncviewer/fullscreen.c	2010-02-25 22:37:49.000000000 -0500
+@@ -22,20 +22,24 @@
+  */
+ 
+ #include <vncviewer.h>
++#include <time.h>
+ #include <X11/Xaw/Form.h>
+ #include <X11/Xaw/Viewport.h>
  #include <X11/Xaw/Toggle.h>
  
  static Bool DoBumpScroll();
@@ -7678,7 +7740,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/fullscreen.c vnc_unixsrc/vncv
  
  /*
   * FullScreenOn goes into full-screen mode.  It makes the toplevel window
-@@ -78,112 +81,450 @@
+@@ -78,112 +82,456 @@
   * variables so that FullScreenOff can use them.
   */
  
@@ -7807,7 +7869,9 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/fullscreen.c vnc_unixsrc/vncv
 +	
 +	int _NET_WM_STATE_REMOVE = 0;
 +	int _NET_WM_STATE_ADD = 1;
++#if 0
 +	int _NET_WM_STATE_TOGGLE = 2;
++#endif
 +	Atom _NET_WM_STATE = XInternAtom(dpy, "_NET_WM_STATE", False);
 +	Atom _NET_WM_STATE_FULLSCREEN = XInternAtom(dpy, "_NET_WM_STATE_FULLSCREEN", False);
 +	XEvent xev;	
@@ -8084,8 +8148,10 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/fullscreen.c vnc_unixsrc/vncv
 +			XUnmapWindow(dpy, topwin);
 +
 +			XtVaSetValues(toplevel, XtNoverrideRedirect, True, NULL);
-+			//XtVaSetValues(viewport, XtNoverrideRedirect, True, NULL);
-+			//XtVaSetValues(desktop,  XtNoverrideRedirect, True, NULL);
++#if 0
++			XtVaSetValues(viewport, XtNoverrideRedirect, True, NULL);
++			XtVaSetValues(desktop,  XtNoverrideRedirect, True, NULL);
++#endif
 +			XtVaSetValues(popup,    XtNoverrideRedirect, True, NULL);
 +
 +			XReparentWindow(dpy, topwin, DefaultRootWindow(dpy), 0, 0);
@@ -8133,8 +8199,10 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/fullscreen.c vnc_unixsrc/vncv
 +
 +	/* Now we can set "toplevel" to its proper size. */
 +
-+//	XtVaSetValues(toplevel, XtNwidth, toplevelWidth, XtNheight, toplevelHeight, NULL);
-+//	XtResizeWidget(toplevel, toplevelWidth, toplevelHeight, 0);
++#if 0
++	XtVaSetValues(toplevel, XtNwidth, toplevelWidth, XtNheight, toplevelHeight, NULL);
++	XtResizeWidget(toplevel, toplevelWidth, toplevelHeight, 0);
++#endif
 +	XResizeWindow(dpy, topwin, toplevelWidth, toplevelHeight);
 +
 +	if (do_net_wm) {
@@ -8204,7 +8272,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/fullscreen.c vnc_unixsrc/vncv
  
 -  XSetInputFocus(dpy, DefaultRootWindow(dpy), RevertToPointerRoot,
 -		 CurrentTime);
-+	// original vnc: DefaultRootWindow(dpy) instead of PointerRoot
++	/* original vnc: DefaultRootWindow(dpy) instead of PointerRoot */
 +	XSetInputFocus(dpy, PointerRoot, RevertToPointerRoot, CurrentTime);
  
 -  /* Optionally, grab the keyboard. */
@@ -8220,7 +8288,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/fullscreen.c vnc_unixsrc/vncv
  }
  
  
-@@ -205,28 +546,52 @@
+@@ -205,28 +553,52 @@
  void
  FullScreenOff()
  {
@@ -8287,7 +8355,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/fullscreen.c vnc_unixsrc/vncv
  		XtNhorizDistance, 0,
  		XtNvertDistance, 0,
  		XtNleft, XtChainLeft,
-@@ -235,24 +600,40 @@
+@@ -235,24 +607,42 @@
  		XtNbottom, XtChainBottom,
  		NULL);
  
@@ -8312,8 +8380,10 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/fullscreen.c vnc_unixsrc/vncv
 -  XtVaSetValues(popup, XtNoverrideRedirect, False, NULL);
 +	if (!do_net_wm) {
 +		XtVaSetValues(toplevel, XtNoverrideRedirect, False, NULL);
-+		//XtVaSetValues(viewport, XtNoverrideRedirect, False, NULL);
-+		//XtVaSetValues(desktop,  XtNoverrideRedirect, False, NULL);
++#if 0
++		XtVaSetValues(viewport, XtNoverrideRedirect, False, NULL);
++		XtVaSetValues(desktop,  XtNoverrideRedirect, False, NULL);
++#endif
 +		XtVaSetValues(popup,    XtNoverrideRedirect, False, NULL);
 +	}
 +
@@ -8345,7 +8415,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/fullscreen.c vnc_unixsrc/vncv
  }
  
  
-@@ -264,10 +645,11 @@
+@@ -264,10 +654,12 @@
  void
  SetFullScreenState(Widget w, XEvent *ev, String *params, Cardinal *num_params)
  {
@@ -8358,10 +8428,11 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/fullscreen.c vnc_unixsrc/vncv
 +	} else {
 +		XtVaSetValues(w, XtNstate, False, NULL);
 +	}
++	if (w || ev || params || num_params) {}
  }
  
  
-@@ -278,11 +660,11 @@
+@@ -278,11 +670,12 @@
  void
  ToggleFullScreen(Widget w, XEvent *ev, String *params, Cardinal *num_params)
  {
@@ -8375,10 +8446,11 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/fullscreen.c vnc_unixsrc/vncv
 +	} else {
 +		FullScreenOn();
 +	}
++	if (w || ev || params || num_params) {}
  }
  
  
-@@ -294,84 +676,220 @@
+@@ -294,84 +687,226 @@
  Bool
  BumpScroll(XEvent *ev)
  {
@@ -8545,6 +8617,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/fullscreen.c vnc_unixsrc/vncv
  {
 -  DoBumpScroll();
 +	DoBumpScroll();
++	if (clientData || id) {}
 +}
 +
 +/* not working: */
@@ -8651,18 +8724,23 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/fullscreen.c vnc_unixsrc/vncv
 +static void
 +JumpScrollTimerCallback(XtPointer clientData, XtIntervalId *id) {
 +	DoJumpScroll();
++	if (clientData || id) {}
 +}
 +void JumpRight(Widget w, XEvent *ev, String *params, Cardinal *num_params) {
 +	JumpScroll(1, 0); 
++	if (w || ev || params || num_params) {}
 +}
 +void JumpLeft(Widget w, XEvent *ev, String *params, Cardinal *num_params) {
 +	JumpScroll(0, 0); 
++	if (w || ev || params || num_params) {}
 +}
 +void JumpUp(Widget w, XEvent *ev, String *params, Cardinal *num_params) {
 +	JumpScroll(1, 1); 
++	if (w || ev || params || num_params) {}
  }
 +void JumpDown(Widget w, XEvent *ev, String *params, Cardinal *num_params) {
 +	JumpScroll(0, 1); 
++	if (w || ev || params || num_params) {}
 +}
 +
 +
@@ -8858,17 +8936,21 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/hextile.c vnc_unixsrc/vncview
 +#undef FillRectangle
 diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/listen.c vnc_unixsrc/vncviewer/listen.c
 --- vnc_unixsrc.orig/vncviewer/listen.c	2001-01-16 03:07:57.000000000 -0500
-+++ vnc_unixsrc/vncviewer/listen.c	2009-11-24 18:26:13.000000000 -0500
-@@ -32,6 +32,7 @@
++++ vnc_unixsrc/vncviewer/listen.c	2010-02-25 22:38:43.000000000 -0500
+@@ -32,14 +32,88 @@
  #define FLASHDELAY 1	/* seconds */
  
  Bool listenSpecified = False;
 +pid_t listenParent = 0;
  int listenPort = 0, flashPort = 0;
  
++#if 0
  static Font flashFont;
-@@ -40,6 +41,77 @@
+-
+ static void getFlashFont(Display *d);
  static void flashDisplay(Display *d, char *user);
++#endif
++
  static Bool AllXEventsPredicate(Display *d, XEvent *ev, char *arg);
  
 +void raiseme(int force);
@@ -8945,7 +9027,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/listen.c vnc_unixsrc/vncviewe
  /*
   * listenForIncomingConnections() - listen for incoming connections from
   * servers, and fork a new process to deal with each connection.  We must do
-@@ -58,8 +130,11 @@
+@@ -58,14 +132,18 @@
    int n;
    int i;
    char *displayname = NULL;
@@ -8957,17 +9039,28 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/listen.c vnc_unixsrc/vncviewe
  
    for (i = 1; i < *argc; i++) {
      if (strcmp(argv[i], "-display") == 0 && i+1 < *argc) {
-@@ -108,23 +183,40 @@
+       displayname = argv[i+1];
+     }
+   }
++  if (sock || flashUser || n) {}
+ 
+   if (listenArgIndex+1 < *argc && argv[listenArgIndex+1][0] >= '0' &&
+ 					    argv[listenArgIndex+1][0] <= '9') {
+@@ -108,23 +186,44 @@
      exit(1);
    }
  
 -  getFlashFont(d);
-+//getFlashFont(d);
++#if 0
++getFlashFont(d);
++#endif
  
    listenSocket = ListenAtTcpPort(listenPort);
 -  flashSocket = ListenAtTcpPort(flashPort);
 +
-+//flashSocket = ListenAtTcpPort(flashPort);
++#if 0
++flashSocket = ListenAtTcpPort(flashPort);
++#endif
 +  flashSocket = 1234;
  
    if ((listenSocket < 0) || (flashSocket < 0)) exit(1);
@@ -9004,12 +9097,13 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/listen.c vnc_unixsrc/vncviewe
  
      /* discard any X events */
      while (XCheckIfEvent(d, &ev, AllXEventsPredicate, NULL))
-@@ -132,12 +224,24 @@
+@@ -132,12 +231,26 @@
  
      FD_ZERO(&fds); 
  
--    FD_SET(flashSocket, &fds);
-+//  FD_SET(flashSocket, &fds);
++#if 0
+     FD_SET(flashSocket, &fds);
++#endif
      FD_SET(listenSocket, &fds);
      FD_SET(ConnectionNumber(d), &fds);
  
@@ -9030,7 +9124,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/listen.c vnc_unixsrc/vncviewe
      if (FD_ISSET(flashSocket, &fds)) {
  
        sock = AcceptTcpConnection(flashSocket);
-@@ -151,11 +255,66 @@
+@@ -151,11 +264,66 @@
        }
        close(sock);
      }
@@ -9100,12 +9194,13 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/listen.c vnc_unixsrc/vncviewe
  
        XCloseDisplay(d);
  
-@@ -170,18 +329,28 @@
+@@ -170,18 +338,32 @@
        case 0:
  	/* child - return to caller */
  	close(listenSocket);
--	close(flashSocket);
-+//	close(flashSocket);
++#if 0
+ 	close(flashSocket);
++#endif
 +	if (sml != NULL && !accept_popup_check(argc, argv, sip, sih)) {
 +		close(rfbsock);
 +		rfbsock = -1;
@@ -9122,8 +9217,9 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/listen.c vnc_unixsrc/vncviewe
  		  programName, XDisplayName(displayname));
  	  exit(1);
  	}
--	getFlashFont(d);
-+//	getFlashFont(d);
++#if 0
+ 	getFlashFont(d);
++#endif
 +	fprintf(stderr,"\n\n%s -listen: Listening on port %d\n",
 +	    programName,listenPort);
 +	fprintf(stderr,"%s -listen: Cmdline errors are not reported until "
@@ -9131,21 +9227,24 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/listen.c vnc_unixsrc/vncviewe
  	break;
        }
      }
-@@ -200,6 +369,13 @@
-   char **fontNames;
-   int nFontNames;
+@@ -193,9 +375,16 @@
+  * getFlashFont
+  */
  
-+#if 1
++#if 0
+ static void
+ getFlashFont(Display *d)
+ {
 +
++#if 1
 +	/* no longer used */
++	if (d) {}
 +	return;
-+
 +#else
-+
-   sprintf(fontName,"-*-courier-bold-r-*-*-%d-*-*-*-*-*-iso8859-1",
- 	  FLASHWIDTH);
-   fontNames = XListFonts(d, fontName, 1, &nFontNames);
-@@ -209,6 +385,9 @@
+   char fontName[256];
+   char **fontNames;
+   int nFontNames;
+@@ -209,6 +398,9 @@
      sprintf(fontName,"fixed");
    }
    flashFont = XLoadFont(d, fontName);
@@ -9155,19 +9254,19 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/listen.c vnc_unixsrc/vncviewe
  }
  
  
-@@ -222,6 +401,11 @@
-   Window w1, w2, w3, w4;
-   XSetWindowAttributes attr;
- 
+@@ -219,6 +411,11 @@
+ static void
+ flashDisplay(Display *d, char *user)
+ {
 +#if 1
 +	/* no longer used */
++	if (d || user) {}
 +	return;
 +#else
-+
-   XBell(d, 0);
+   Window w1, w2, w3, w4;
+   XSetWindowAttributes attr;
  
-   XForceScreenSaver(d, ScreenSaverReset);
-@@ -284,6 +468,9 @@
+@@ -284,7 +481,11 @@
    XDestroyWindow(d, w3);
    XDestroyWindow(d, w4);
    XFlush(d);
@@ -9175,12 +9274,29 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/listen.c vnc_unixsrc/vncviewe
 +#endif
 +
  }
++#endif
  
  /*
+  * AllXEventsPredicate is needed to make XCheckIfEvent return all events.
+@@ -293,5 +494,6 @@
+ static Bool
+ AllXEventsPredicate(Display *d, XEvent *ev, char *arg)
+ {
++  if (d || ev || arg) {}
+   return True;
+ }
 diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/misc.c vnc_unixsrc/vncviewer/misc.c
 --- vnc_unixsrc.orig/vncviewer/misc.c	2003-01-15 02:58:32.000000000 -0500
-+++ vnc_unixsrc/vncviewer/misc.c	2009-11-28 00:44:24.000000000 -0500
-@@ -33,12 +33,14 @@
++++ vnc_unixsrc/vncviewer/misc.c	2010-02-25 22:44:09.000000000 -0500
+@@ -23,6 +23,7 @@
+ 
+ #include <vncviewer.h>
+ #include <signal.h>
++#include <sys/wait.h>
+ #include <fcntl.h>
+ 
+ static void CleanupSignalHandler(int sig);
+@@ -33,12 +34,20 @@
  
  Dimension dpyWidth, dpyHeight;
  Atom wmDeleteWindow, wmState;
@@ -9192,10 +9308,16 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/misc.c vnc_unixsrc/vncviewer/
  static XtErrorHandler defaultXtErrorHandler;
  
 +int XError_ign = 0;
++
++void check_tall(void);
++int guessCrop(void);
++void get_scale_values(double *fx, double *fy);
++int scale_round(int n, double factor);
++Bool SendTextChatFinished(void);
  
  /*
   * ToplevelInitBeforeRealization sets the title, geometry and other resources
-@@ -48,87 +50,122 @@
+@@ -48,87 +57,122 @@
  void
  ToplevelInitBeforeRealization()
  {
@@ -9395,7 +9517,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/misc.c vnc_unixsrc/vncviewer/
  }
  
  
-@@ -141,14 +178,22 @@
+@@ -141,14 +185,22 @@
  void
  ToplevelInitAfterRealization()
  {
@@ -9426,7 +9548,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/misc.c vnc_unixsrc/vncviewer/
  }
  
  
-@@ -157,9 +202,7 @@
+@@ -157,9 +209,7 @@
   * CurrentTime if the event has no time field.
   */
  
@@ -9437,7 +9559,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/misc.c vnc_unixsrc/vncviewer/
    switch (ev->type) {
    case KeyPress:
    case KeyRelease:
-@@ -192,18 +235,15 @@
+@@ -192,18 +242,16 @@
   * generated by SendRFBEvent.
   */
  
@@ -9461,10 +9583,19 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/misc.c vnc_unixsrc/vncviewer/
 +		msec = atoi(params[0]);
 +	}
 +	usleep(msec * 1000);
++	if (w || event || params || num_params) {}
  }
  
  
-@@ -264,11 +304,9 @@
+@@ -256,6 +304,7 @@
+   /* Wait for Child 1 to die */
+   wait(&childstatus);
+   
++	if (w || event || params || num_params) {}
+   return;
+ }
+ 
+@@ -264,11 +313,10 @@
   * Quit action - called when we get a "delete window" message.
   */
  
@@ -9475,11 +9606,12 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/misc.c vnc_unixsrc/vncviewer/
 -  exit(0);
 +void Quit(Widget w, XEvent *event, String *params, Cardinal *num_params) {
 +	Cleanup();
++	if (w || event || params || num_params) {}
 +	exit(0);
  }
  
  
-@@ -276,49 +314,93 @@
+@@ -276,49 +324,94 @@
   * Cleanup - perform any cleanup operations prior to exiting.
   */
  
@@ -9549,7 +9681,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/misc.c vnc_unixsrc/vncviewer/
 +		if (XGetErrorText(dpy, error->error_code, str, 4096)) {
 +			fprintf(stderr, "%s", str);
 +		}
-+		return;
++		return 0;
 +	}
 +	fprintf(stderr,"CleanupXErrorHandler called\n");
 +	check_dbg();
@@ -9590,14 +9722,29 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/misc.c vnc_unixsrc/vncviewer/
 +	fprintf(stderr,"CleanupSignalHandler called\n");
 +	check_dbg();
 +	Cleanup();
++	if (sig) {}
 +	exit(1);
  }
  
  
+@@ -362,7 +455,7 @@
+   if (!XQueryTree(dpy, w, &dummy, &dummy, &children, &nchildren))
+     return False;
+ 
+-  for (i = 0; i < nchildren; i++) {
++  for (i = 0; i < (int) nchildren; i++) {
+     if (IconifyNamedWindow(children[i], name, undo)) {
+       XFree ((char *)children);
+       return True;
 diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/popup.c vnc_unixsrc/vncviewer/popup.c
 --- vnc_unixsrc.orig/vncviewer/popup.c	2000-06-11 08:00:53.000000000 -0400
-+++ vnc_unixsrc/vncviewer/popup.c	2009-10-27 00:14:17.000000000 -0400
-@@ -25,22 +25,59 @@
++++ vnc_unixsrc/vncviewer/popup.c	2010-02-25 22:52:14.000000000 -0500
+@@ -22,25 +22,69 @@
+  */
+ 
+ #include "vncviewer.h"
++#include <time.h>
++#include <sys/wait.h>
  
  #include <X11/Xaw/Form.h>
  #include <X11/Xaw/Command.h>
@@ -9609,6 +9756,8 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/popup.c vnc_unixsrc/vncviewer
 +
  Widget popup, fullScreenToggle;
  
++Bool SendTextChatFinished(void);
++
 +void popupFixer(Widget wid) {
 +	Window rr, cr; 
 +	unsigned int m;
@@ -9631,7 +9780,8 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/popup.c vnc_unixsrc/vncviewer
 +}
 +
 +void Noop(Widget w, XEvent *event, String *params, Cardinal *num_params) {
-+	//fprintf(stderr, "No-op\n");
++	if (0) fprintf(stderr, "No-op\n");
++	if (w || event || params || num_params) {}
 +}
 +
  void
@@ -9652,6 +9802,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/popup.c vnc_unixsrc/vncviewer
 +	}
 +	XSetWMProtocols(dpy, XtWindow(popup), &wmDeleteWindow, 1);
 +	XtOverrideTranslations(popup, XtParseTranslationTable ("<Message>WM_PROTOCOLS: HidePopup()"));
++	if (w || event || params || num_params) {}
  }
  
  void
@@ -9660,16 +9811,17 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/popup.c vnc_unixsrc/vncviewer
 -  XtPopdown(popup);
 +HidePopup(Widget w, XEvent *event, String *params, Cardinal *num_params) {
 +	XtPopdown(popup);
++	if (w || event || params || num_params) {}
  }
  
  
-@@ -52,42 +89,786 @@
+@@ -52,42 +96,805 @@
  };
  
  void
 -CreatePopup()
 +CreatePopup() {
-+	Widget buttonForm1, buttonForm2, twoForm, button, prevButton = NULL;
++	Widget buttonForm1, buttonForm2, twoForm, button = 0, prevButton = NULL;
 +	int i;
 +	char buttonName[12];
 +	String buttonType;
@@ -9729,12 +9881,14 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/popup.c vnc_unixsrc/vncviewer
 +  }
 +  XSetWMProtocols(dpy, XtWindow(scaleN), &wmDeleteWindow, 1);
 +  XtOverrideTranslations(scaleN, XtParseTranslationTable ("<Message>WM_PROTOCOLS: HideScaleN()"));
++	if (w || event || params || num_params) {}
 +}
 +
 +void
 +HideScaleN(Widget w, XEvent *event, String *params, Cardinal *num_params)
 +{
 +  XtPopdown(scaleN);
++	if (w || event || params || num_params) {}
 +}
 +
 +
@@ -9804,6 +9958,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/popup.c vnc_unixsrc/vncviewer
 +	appData.qualityLevel=qual;
 +	UpdateQual();
 +#endif
++	if (w || client || p) {}
 +}
 +
 +void qualJumpProc(Widget w, XtPointer client, XtPointer p) {
@@ -9813,6 +9968,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/popup.c vnc_unixsrc/vncviewer
 +	appData.qualityLevel=qual;
 +	UpdateQual();
 +#endif
++	if (w || client || p) {}
 +}
 +
 +void UpdateSubsampButtons(void) {
@@ -9852,12 +10008,14 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/popup.c vnc_unixsrc/vncviewer
 +	}
 +	XSetWMProtocols(dpy, XtWindow(turbovncW), &wmDeleteWindow, 1);
 +	XtOverrideTranslations(turbovncW, XtParseTranslationTable ("<Message>WM_PROTOCOLS: HideTurboVNC()"));
++	if (w || event || params || num_params) {}
 +}
 +
 +void
 +HideTurboVNC(Widget w, XEvent *event, String *params, Cardinal *num_params)
 +{
 +  XtPopdown(turbovncW);
++	if (w || event || params || num_params) {}
 +}
 +
 +void
@@ -9920,12 +10078,14 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/popup.c vnc_unixsrc/vncviewer
 +  }
 +  XSetWMProtocols(dpy, XtWindow(qualityW), &wmDeleteWindow, 1);
 +  XtOverrideTranslations(qualityW, XtParseTranslationTable ("<Message>WM_PROTOCOLS: HideQuality()"));
++	if (w || event || params || num_params) {}
 +}
 +
 +void
 +HideQuality(Widget w, XEvent *event, String *params, Cardinal *num_params)
 +{
 +  XtPopdown(qualityW);
++	if (w || event || params || num_params) {}
 +}
 +
 +
@@ -9977,12 +10137,14 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/popup.c vnc_unixsrc/vncviewer
 +  }
 +  XSetWMProtocols(dpy, XtWindow(compressW), &wmDeleteWindow, 1);
 +  XtOverrideTranslations(compressW, XtParseTranslationTable ("<Message>WM_PROTOCOLS: HideCompress()"));
++	if (w || event || params || num_params) {}
 +}
 +
 +void
 +HideCompress(Widget w, XEvent *event, String *params, Cardinal *num_params)
 +{
 +  XtPopdown(compressW);
++	if (w || event || params || num_params) {}
 +}
 +
 +
@@ -10031,6 +10193,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/popup.c vnc_unixsrc/vncviewer
 +		close(filexfer_listen);
 +		filexfer_listen = -1;
 +	}
++	if (w || event || params || num_params) {}
 +}
 +
 +extern int use_loopback;
@@ -10095,6 +10258,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/popup.c vnc_unixsrc/vncviewer
 +	}
 +	free(cmd);
 +	filexfer_listen = sock;
++	if (w || event || params || num_params) {}
 +}
 +
 +Widget chat, entry, text;
@@ -10120,6 +10284,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/popup.c vnc_unixsrc/vncviewer
 +		XSync(dpy, False);
 +		usleep(200 * 1000);
 +	}
++	if (w || event || params || num_params) {}
 +}
 +
 +void hidechat(void) {
@@ -10142,12 +10307,14 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/popup.c vnc_unixsrc/vncviewer
 +	SendTextChatClose();
 +	SendTextChatFinished();
 +	hidechat();
++	if (w || event || params || num_params) {}
 +}
 +
 +void dismiss_proc(Widget w, XtPointer client_data, XtPointer call_data) {
 +	SendTextChatClose();
 +	SendTextChatFinished();
 +	hidechat();
++	if (w || client_data || call_data) {}
 +}
 +
 +extern void printChat(char *, Bool);
@@ -10170,6 +10337,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/popup.c vnc_unixsrc/vncviewer
 +	}
 +	if (db) fprintf(stderr, "ChatTextCallback: %.4f\n", dnow() - start_time);
 +	CheckTextInput();
++	if (clientData || id) {}
 +}
 +
 +void CheckTextInput(void) {
@@ -10286,7 +10454,6 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/popup.c vnc_unixsrc/vncviewer
 +}
 +
 +void AppendChatInput(char *in) {
-+	int len;
 +	XawTextPosition beg, end;
 +	static XawTextPosition pos = 0;
 +	XawTextBlock txt;
@@ -10298,7 +10465,9 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/popup.c vnc_unixsrc/vncviewer
 +	XawTextSetInsertionPoint(text, pos);
 +	beg = XawTextGetInsertionPoint(text);
 +	end = beg;
-+	//fprintf(stderr, "AppendChatInput: pos=%d in= '%s'\n", beg, in);
++#if 0
++	fprintf(stderr, "AppendChatInput: pos=%d in= '%s'\n", beg, in);
++#endif
 +
 +	txt.firstPos = 0;
 +	txt.length = strlen(in);
@@ -10309,18 +10478,19 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/popup.c vnc_unixsrc/vncviewer
 +	XawTextSetInsertionPoint(text, beg + txt.length);
 +
 +	pos = XawTextGetInsertionPoint(text);
-+	//fprintf(stderr, "AppendChatInput done pos=%d\n", pos);
++#if 0
++	fprintf(stderr, "AppendChatInput done pos=%d\n", pos);
++#endif
 +}
 +
++#if 0
 +static char errorbuf[1] = {0};
++#endif
 +
 +void CreateChat(void) {
 +
 +	Widget myform, dismiss;
-+	int i, n;
 +	Dimension w = 400, h = 300;
-+	Dimension x = 33, y = 33;
-+	Arg args[10];
 +
 +	chat = XtVaCreatePopupShell("chat", topLevelShellWidgetClass, toplevel, XtNmappedWhenManaged, False, NULL);
 +
@@ -10353,7 +10523,6 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/popup.c vnc_unixsrc/vncviewer
 +Widget msgwin, msgtext;
 +
 +void AppendMsg(char *in) {
-+	int len;
 +	XawTextPosition beg, end;
 +	static XawTextPosition pos = 0;
 +	XawTextBlock txt;
@@ -10381,6 +10550,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/popup.c vnc_unixsrc/vncviewer
 +	msg_visible = 0;
 +	XSync(dpy, False);
 +	usleep(200 * 1000);
++	if (w || client_data || call_data) {}
 +}
 +
 +void msg_NO_proc(Widget w, XtPointer client_data, XtPointer call_data) {
@@ -10389,13 +10559,14 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/popup.c vnc_unixsrc/vncviewer
 +	msg_NO_clicked = 1;
 +	XSync(dpy, False);
 +	usleep(200 * 1000);
++	if (w || client_data || call_data) {}
 +}
 +
 +int CreateMsg(char *msg, int wait) {
 +
 +	Widget myform, dismiss, reject;
 +	char *p;
-+	int i, n, run, wmax = 0;
++	int n, run, wmax = 0;
 +	int ret = 1;
 +	Dimension w, h;
 +
@@ -10493,16 +10664,19 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/popup_ad vnc_unixsrc/vncviewe
 +}
 diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncviewer/rfbproto.c
 --- vnc_unixsrc.orig/vncviewer/rfbproto.c	2008-09-05 19:51:24.000000000 -0400
-+++ vnc_unixsrc/vncviewer/rfbproto.c	2009-11-27 11:50:35.000000000 -0500
-@@ -23,6 +23,7 @@
++++ vnc_unixsrc/vncviewer/rfbproto.c	2010-02-25 23:27:38.000000000 -0500
+@@ -23,7 +23,10 @@
   * rfbproto.c - functions to deal with client side of RFB protocol.
   */
  
 +#include <sys/stat.h>
  #include <unistd.h>
++#include <time.h>
++#include <ctype.h>
  #include <errno.h>
  #include <pwd.h>
-@@ -31,6 +32,9 @@
+ #include <vncviewer.h>
+@@ -31,6 +34,9 @@
  #include <zlib.h>
  #include <jpeglib.h>
  
@@ -10512,7 +10686,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
  static void InitCapabilities(void);
  static Bool SetupTunneling(void);
  static int ReadSecurityType(void);
-@@ -57,6 +61,44 @@
+@@ -57,6 +63,47 @@
  static Bool HandleTight16(int rx, int ry, int rw, int rh);
  static Bool HandleTight32(int rx, int ry, int rw, int rh);
  
@@ -10525,6 +10699,9 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
 +static Bool HandleZRLE24Down(int rx, int ry, int rw, int rh);
 +static Bool HandleZRLE32(int rx, int ry, int rw, int rh);
 +
++extern Bool HandleCursorPos(int x, int y);
++extern void printChat(char *, Bool);
++
 +typedef struct {
 +    unsigned long length;
 +} rfbZRLEHeader;
@@ -10557,10 +10734,13 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
  static void ReadConnFailedReason(void);
  static long ReadCompactLen (void);
  
-@@ -67,6 +109,22 @@
+@@ -67,6 +114,25 @@
  static void JpegSetSrcManager(j_decompress_ptr cinfo, CARD8 *compressedData,
                                int compressedLen);
  
++extern void deskey(unsigned char *, int);
++extern void des(unsigned char *, unsigned char *);
++
 +extern int currentMsg;
 +extern double scale_factor_x;
 +extern double scale_factor_y;
@@ -10580,7 +10760,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
  
  int rfbsock;
  char *desktopName;
-@@ -75,6 +133,14 @@
+@@ -75,6 +141,14 @@
  char *serverCutText = NULL;
  Bool newServerCutText = False;
  
@@ -10595,7 +10775,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
  int endianTest = 1;
  
  static Bool tightVncProtocol = False;
-@@ -177,8 +243,26 @@
+@@ -177,8 +251,26 @@
  	  sig_rfbEncodingPointerPos, "Pointer position update");
    CapsAdd(encodingCaps, rfbEncodingLastRect, rfbTightVncVendor,
  	  sig_rfbEncodingLastRect, "LastRect protocol extension");
@@ -10622,7 +10802,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
  
  /*
   * ConnectToRFBServer.
-@@ -187,24 +271,167 @@
+@@ -187,24 +279,167 @@
  Bool
  ConnectToRFBServer(const char *hostname, int port)
  {
@@ -10782,7 +10962,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
 +	if (type == rfbSecTypeAnonTls) str = "rfbSecTypeAnonTls";
 +	if (type == rfbSecTypeVencrypt) str = "rfbSecTypeVencrypt";
 +
-+	if (type == rfbUltraVncMsLogon) str = "rfbUltraVncMsLogon";
++	if (type == (int) rfbUltraVncMsLogon) str = "rfbUltraVncMsLogon";
 +	return str;
 +}
 +
@@ -10802,7 +10982,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
  /*
   * InitialiseRFBConnection.
   */
-@@ -212,211 +439,649 @@
+@@ -212,211 +447,654 @@
  Bool
  InitialiseRFBConnection(void)
  {
@@ -11164,7 +11344,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
 +		}
 +		dt_out_sc = dnow();
 +		msg_sz = Swap32IfBE(msg_sz);
-+		if (msg_sz < 0 || msg_sz > 1024) {
++		if (msg_sz > 1024) {
 +			fprintf(stderr, "UVNC msg size too big: %d\n", msg_sz);
 +			exit(1);
 +		}
@@ -11290,7 +11470,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
 +	switch (secType) {
 +		case rfbSecTypeNone:
 +			fprintf(stderr, "No VNC authentication needed\n");
-+			if (viewer_minor == 8) {
++			if (viewer_minor >= 8) {
 +				CARD32 authResult;
 +
 +				if (!ReadFromRFBServer((char *)&authResult, 4)) {
@@ -11300,9 +11480,9 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
 +				authResult = Swap32IfLE(authResult);
 +
 +				if (authResult == rfbVncAuthOK) {
-+					fprintf(stderr, "VNC authentication succeeded (%d) for rfbSecTypeNone (RFB 3.8)\n", authResult);
++					fprintf(stderr, "VNC authentication succeeded (%d) for rfbSecTypeNone (RFB 3.8)\n", (int) authResult);
 +				} else {
-+					sprintf(msgbuf, "VNC authentication failed (%d) for rfbSecTypeNone (RFB 3.8)\n\n", authResult);
++					sprintf(msgbuf, "VNC authentication failed (%d) for rfbSecTypeNone (RFB 3.8)\n\n", (int) authResult);
 +					wmsg(msgbuf, 1);
 +					return False;
 +				}
@@ -11503,6 +11683,8 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
 +	CARD8 secType = rfbSecTypeInvalid;
 +	int i, j;
 +
++	if (secTypeNames) {}
++
 +	/* Read the list of security types. */
 +	if (!ReadFromRFBServer((char *)&nSecTypes, sizeof(nSecTypes))) {
 +		return rfbSecTypeInvalid;
@@ -11547,18 +11729,18 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
 +	if (!ReadFromRFBServer((char *)secTypes, nSecTypes)) {
 +		return rfbSecTypeInvalid;
 +	}
- 
--  free(secTypes);
++
 +	if (getenv("SSVNC_DEBUG_SEC_TYPES")) {
 +		for (j = 0; j < (int)nSecTypes; j++) {
 +			fprintf(stderr, "sec-type[%d] %d\n", j, (int) secTypes[j]);
 +		}
 +	}
- 
--  if (secType == rfbSecTypeInvalid)
--    fprintf(stderr, "Server did not offer supported security type\n");
++
 +	/* Find out if the server supports TightVNC protocol extensions */
 +	for (j = 0; j < (int)nSecTypes; j++) {
++		if (getenv("VNCVIEWER_NO_SEC_TYPE_TIGHT")) {
++			break;
++		}
 +		if (getenv("SSVNC_NO_SEC_TYPE_TIGHT")) {
 +			break;
 +		}
@@ -11592,14 +11774,17 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
 +			break;
 +		}
 +	}
-+
+ 
+-  free(secTypes);
 +	if (secType == rfbSecTypeInvalid) {
 +		fprintf(stderr, "Server did not offer supported security type:\n");
 +		for (j = 0; j < (int)nSecTypes; j++) {
 +			fprintf(stderr, "  sectype[%d] %d\n", j, (int) secTypes[j]);
 +		}
 +	}
-+
+ 
+-  if (secType == rfbSecTypeInvalid)
+-    fprintf(stderr, "Server did not offer supported security type\n");
 +	free(secTypes);
  
 -  return (int)secType;
@@ -11607,7 +11792,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
  }
  
  
-@@ -451,6 +1116,9 @@
+@@ -451,6 +1129,9 @@
    return True;
  }
  
@@ -11617,7 +11802,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
  
  /*
   * Negotiate authentication scheme (protocol version 3.7t)
-@@ -459,58 +1127,388 @@
+@@ -459,58 +1140,406 @@
  static Bool
  PerformAuthenticationTight(void)
  {
@@ -11648,6 +11833,23 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
 -  }
 +	if (!caps.nAuthTypes) {
 +		fprintf(stderr, "No VNC authentication needed\n\n");
++		if (viewer_minor >= 8) {
++			CARD32 authResult;
++
++			if (!ReadFromRFBServer((char *)&authResult, 4)) {
++				return False;
++			}
++
++			authResult = Swap32IfLE(authResult);
++
++			if (authResult == rfbVncAuthOK) {
++				fprintf(stderr, "VNC authentication succeeded (%d) for PerformAuthenticationTight rfbSecTypeNone (RFB 3.8)\n", (int) authResult);
++			} else {
++				sprintf(msgbuf, "VNC authentication failed (%d) for PerformAuthenticationTight rfbSecTypeNone (RFB 3.8)\n\n", (int) authResult);
++				wmsg(msgbuf, 1);
++				return False;
++			}
++		}
 +		return True;
 +	}
  
@@ -11713,7 +11915,9 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
 +			return False;
 +		}
 +	}
-+
+ 
+-  fprintf(stderr, "No suitable authentication schemes offered by server\n");
+-  return False;
 +	sprintf(msgbuf, "No suitable authentication schemes offered by server\n");
 +	wmsg(msgbuf, 1);
 +	return False;
@@ -11780,11 +11984,9 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
 +			return False;
 +		}
 +	}
-+}
+ }
 +#endif
  
--  fprintf(stderr, "No suitable authentication schemes offered by server\n");
--  return False;
 +static void hexprint(char *label, char *data, int len) {
 +	int i;
 +	fprintf(stderr, "%s: ", label);
@@ -11821,6 +12023,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
 +}
 +
 +static void try_invert(char *wireuser, char *wirepass, unsigned long long actual_key) {
++	if (wireuser || wirepass || actual_key) {}
 +	return;
 +}
 +
@@ -11837,8 +12040,8 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
 +		}
 +	}
 +	return result;
- }
- 
++}
++
 +/*
 + * UltraVNC MS-Logon authentication (for v1.0.5 and later.)
 + */
@@ -11903,7 +12106,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
 +
 +	/* make a random long long: */
 +	uprv = 0xffffffff * (now - (unsigned int) now);
-+	uprv << 32;
++	uprv = uprv << 32;
 +	uprv |= (unsigned long long) urandom();
 +	uprv = uprv % max_dh;
 +
@@ -12048,7 +12251,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
  
  /*
   * Standard VNC authentication.
-@@ -519,80 +1517,115 @@
+@@ -519,80 +1548,119 @@
  static Bool
  AuthenticateVNC(void)
  {
@@ -12067,10 +12270,35 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
 +	int restart = 0;
  
 -  fprintf(stderr, "Performing standard VNC authentication\n");
-+	fprintf(stderr, "\nPerforming standard VNC authentication\n");
++	if (authScheme) {}
  
 -  if (!ReadFromRFBServer((char *)challenge, CHALLENGESIZE))
 -    return False;
++	fprintf(stderr, "\nPerforming standard VNC authentication\n");
+ 
+-  if (appData.passwordFile) {
+-    passwd = vncDecryptPasswdFromFile(appData.passwordFile);
+-    if (!passwd) {
+-      fprintf(stderr, "Cannot read valid password from file \"%s\"\n",
+-	      appData.passwordFile);
+-      return False;
+-    }
+-  } else if (appData.autoPass) {
+-    passwd = buffer;
+-    cstatus = fgets(buffer, sizeof buffer, stdin);
+-    if (cstatus == NULL)
+-       buffer[0] = '\0';
+-    else
+-    {
+-       len = strlen(buffer);
+-       if (len > 0 && buffer[len - 1] == '\n')
+-	  buffer[len - 1] = '\0';
+-    }
+-  } else if (appData.passwordDialog) {
+-    passwd = DoPasswordDialog();
+-  } else {
+-    passwd = getpass("Password: ");
+-  }
 +	if (!ReadFromRFBServer((char *)challenge, CHALLENGESIZE)) {
 +		return False;
 +	}
@@ -12107,33 +12335,6 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
 +		passwd = getpass("VNC Password: ");
 +	}
  
--  if (appData.passwordFile) {
--    passwd = vncDecryptPasswdFromFile(appData.passwordFile);
--    if (!passwd) {
--      fprintf(stderr, "Cannot read valid password from file \"%s\"\n",
--	      appData.passwordFile);
--      return False;
--    }
--  } else if (appData.autoPass) {
--    passwd = buffer;
--    cstatus = fgets(buffer, sizeof buffer, stdin);
--    if (cstatus == NULL)
--       buffer[0] = '\0';
--    else
--    {
--       len = strlen(buffer);
--       if (len > 0 && buffer[len - 1] == '\n')
--	  buffer[len - 1] = '\0';
--    }
--  } else if (appData.passwordDialog) {
--    passwd = DoPasswordDialog();
--  } else {
--    passwd = getpass("Password: ");
--  }
-+	if (getenv("VNCVIEWER_PASSWORD")) {
-+		putenv("VNCVIEWER_PASSWORD=none");
-+	}
- 
 -  if (!passwd || strlen(passwd) == 0) {
 -    fprintf(stderr, "Reading password failed\n");
 -    return False;
@@ -12141,6 +12342,11 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
 -  if (strlen(passwd) > 8) {
 -    passwd[8] = '\0';
 -  }
++	if (getenv("VNCVIEWER_PASSWORD")) {
++		putenv("VNCVIEWER_PASSWORD=none");
++	}
+ 
+-  vncEncryptBytes(challenge, passwd);
 +	if (restart) {
 +#define EN0 0
 +#define DE1 1
@@ -12158,26 +12364,23 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
 +		}
 +	}
  
--  vncEncryptBytes(challenge, passwd);
-+	vncEncryptBytes(challenge, passwd);
-+	
- 
 -  /* Lose the password from memory */
 -  memset(passwd, '\0', strlen(passwd));
++	vncEncryptBytes(challenge, passwd);
++	
  
 -  if (!WriteExact(rfbsock, (char *)challenge, CHALLENGESIZE))
 -    return False;
-+//	/* Lose the password from memory */
-+//	memset(passwd, '\0', strlen(passwd));
  
 -  if (!ReadFromRFBServer((char *)&authResult, 4))
 -    return False;
-+	if (!WriteExact(rfbsock, (char *)challenge, CHALLENGESIZE)) {
-+		return False;
-+	}
++#if 0
++	/* Lose the password from memory */
++	memset(passwd, '\0', strlen(passwd));
++#endif
  
 -  authResult = Swap32IfLE(authResult);
-+	if (!ReadFromRFBServer((char *)&authResult, 4)) {
++	if (!WriteExact(rfbsock, (char *)challenge, CHALLENGESIZE)) {
 +		return False;
 +	}
  
@@ -12196,9 +12399,13 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
 -	    (int)authResult);
 -    return False;
 -  }
-+	authResult = Swap32IfLE(authResult);
++	if (!ReadFromRFBServer((char *)&authResult, 4)) {
++		return False;
++	}
  
 -  return True;
++	authResult = Swap32IfLE(authResult);
++
 +	switch (authResult) {
 +	case rfbVncAuthOK:
 +		fprintf(stderr, "VNC authentication succeeded\n\n");
@@ -12227,7 +12434,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
  }
  
  /*
-@@ -602,68 +1635,75 @@
+@@ -602,68 +1670,77 @@
  static Bool
  AuthenticateUnixLogin(void)
  {
@@ -12304,8 +12511,10 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
  
 -  /* Lose the password from memory */
 -  memset(passwd, '\0', strlen(passwd));
-+//	/* Lose the password from memory */
-+//	memset(passwd, '\0', strlen(passwd));
++#if 0
++	/* Lose the password from memory */
++	memset(passwd, '\0', strlen(passwd));
++#endif
  
 -  if (!ReadFromRFBServer((char *)&authResult, sizeof(authResult)))
 -    return False;
@@ -12355,7 +12564,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
  }
  
  
-@@ -675,19 +1715,20 @@
+@@ -675,19 +1752,20 @@
  static Bool
  ReadInteractionCaps(void)
  {
@@ -12388,21 +12597,21 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
  }
  
  
-@@ -700,19 +1741,67 @@
- static Bool
- ReadCapabilityList(CapsContainer *caps, int count)
- {
+@@ -697,22 +1775,70 @@
+  * many records to read from the socket.
+  */
+ 
+-static Bool
+-ReadCapabilityList(CapsContainer *caps, int count)
+-{
 -  rfbCapabilityInfo msginfo;
 -  int i;
++static Bool
++ReadCapabilityList(CapsContainer *caps, int count)
++{
 +	rfbCapabilityInfo msginfo;
 +	int i;
- 
--  for (i = 0; i < count; i++) {
--    if (!ReadFromRFBServer((char *)&msginfo, sz_rfbCapabilityInfo))
--      return False;
--    msginfo.code = Swap32IfLE(msginfo.code);
--    CapsEnable(caps, &msginfo);
--  }
++
 +	for (i = 0; i < count; i++) {
 +		if (!ReadFromRFBServer((char *)&msginfo, sz_rfbCapabilityInfo)) {
 +			return False;
@@ -12410,14 +12619,20 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
 +		msginfo.code = Swap32IfLE(msginfo.code);
 +		CapsEnable(caps, &msginfo);
 +	}
- 
--  return True;
++
 +	return True;
 +}
 +
-+
+ 
+-  for (i = 0; i < count; i++) {
+-    if (!ReadFromRFBServer((char *)&msginfo, sz_rfbCapabilityInfo))
+-      return False;
+-    msginfo.code = Swap32IfLE(msginfo.code);
+-    CapsEnable(caps, &msginfo);
+-  }
 +/* used to have !tunnelSpecified */
-+
+ 
+-  return True;
 +static int guess_compresslevel(void) {
 +	int n;
 +	if (latency > 200.0) {
@@ -12465,7 +12680,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
  
  /*
   * SetFormatAndEncodings.
-@@ -729,6 +1818,17 @@
+@@ -729,6 +1855,21 @@
    Bool requestCompressLevel = False;
    Bool requestQualityLevel = False;
    Bool requestLastRectEncoding = False;
@@ -12479,11 +12694,15 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
 +	tQLmax = 100;
 +#endif
 +
-+//  fprintf(stderr, "SetFormatAndEncodings: sent_FBU state: %2d\n", sent_FBU);
++	if (requestTextChatEncoding || requestSubsampLevel || tQL) {}
++
++#if 0
++  fprintf(stderr, "SetFormatAndEncodings: sent_FBU state: %2d\n", sent_FBU);
++#endif
  
    spf.type = rfbSetPixelFormat;
    spf.format = myFormat;
-@@ -736,15 +1836,32 @@
+@@ -736,15 +1877,32 @@
    spf.format.greenMax = Swap16IfLE(spf.format.greenMax);
    spf.format.blueMax = Swap16IfLE(spf.format.blueMax);
  
@@ -12516,7 +12735,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
      do {
        char *nextEncStr = strchr(encStr, ' ');
        if (nextEncStr) {
-@@ -754,50 +1871,102 @@
+@@ -754,50 +1912,102 @@
  	encStrLen = strlen(encStr);
        }
  
@@ -12635,7 +12854,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
  	encs[se->nEncodings++] = Swap32IfLE(rfbEncodingRichCursor);
        if (se->nEncodings < MAX_ENCODINGS)
  	encs[se->nEncodings++] = Swap32IfLE(rfbEncodingPointerPos);
-@@ -806,10 +1975,16 @@
+@@ -806,10 +2016,16 @@
      if (se->nEncodings < MAX_ENCODINGS && requestLastRectEncoding) {
        encs[se->nEncodings++] = Swap32IfLE(rfbEncodingLastRect);
      }
@@ -12655,7 +12874,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
  	fprintf(stderr,"Same machine: preferring raw encoding\n");
  	encs[se->nEncodings++] = Swap32IfLE(rfbEncodingRaw);
        } else {
-@@ -818,44 +1993,84 @@
+@@ -818,44 +2034,84 @@
      }
  
      encs[se->nEncodings++] = Swap32IfLE(rfbEncodingCopyRect);
@@ -12762,7 +12981,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
  
    return True;
  }
-@@ -868,31 +2083,86 @@
+@@ -868,31 +2124,86 @@
  Bool
  SendIncrementalFramebufferUpdateRequest()
  {
@@ -12792,14 +13011,6 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
 -  rfbFramebufferUpdateRequestMsg fur;
 +	rfbFramebufferUpdateRequestMsg fur;
 +	static int db = -1;
-+
-+	if (db < 0) {
-+		if (getenv("SSVNC_DEBUG_RECTS")) {
-+			db = atoi(getenv("SSVNC_DEBUG_RECTS"));
-+		} else {
-+			db = 0;
-+		}
-+	}
  
 -  fur.type = rfbFramebufferUpdateRequest;
 -  fur.incremental = incremental ? 1 : 0;
@@ -12807,10 +13018,19 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
 -  fur.y = Swap16IfLE(y);
 -  fur.w = Swap16IfLE(w);
 -  fur.h = Swap16IfLE(h);
-+	if (db) fprintf(stderr, "SendFramebufferUpdateRequest(%d, %d, %d, %d, incremental=%d)\n", x, y, w, h, (int) incremental);
++	if (db < 0) {
++		if (getenv("SSVNC_DEBUG_RECTS")) {
++			db = atoi(getenv("SSVNC_DEBUG_RECTS"));
++		} else {
++			db = 0;
++		}
++	}
  
 -  if (!WriteExact(rfbsock, (char *)&fur, sz_rfbFramebufferUpdateRequestMsg))
 -    return False;
++	if (db) fprintf(stderr, "SendFramebufferUpdateRequest(%d, %d, %d, %d, incremental=%d)\n", x, y, w, h, (int) incremental);
+ 
+-  return True;
 +	if (dyn < 0) {
 +		struct stat sb;
 +		if (getenv("USER") && !strcmp(getenv("USER"), "runge")) {
@@ -12825,8 +13045,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
 +			dyn = 1;
 +		}
 +	}
- 
--  return True;
++
 +	if (appData.fileActive && filexfer_sock >= 0) {
 +		static int first = 1;
 +		if (first) {
@@ -12862,7 +13081,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
  }
  
  
-@@ -903,19 +2173,36 @@
+@@ -903,19 +2214,38 @@
  Bool
  SendPointerEvent(int x, int y, int buttonMask)
  {
@@ -12871,7 +13090,9 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
 +
 +	if (appData.fileActive) {
 +		if (!dyn || time(NULL) < last_filexfer + delay_filexfer) {
-+			//fprintf(stderr, "skip SendPointerEvent: %d - %d\n", last_filexfer, time(NULL));
++#if 0
++			fprintf(stderr, "skip SendPointerEvent: %d - %d\n", last_filexfer, time(NULL));
++#endif
 +			return True;
 +		}
 +	}
@@ -12911,7 +13132,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
  }
  
  
-@@ -926,12 +2213,20 @@
+@@ -926,12 +2256,22 @@
  Bool
  SendKeyEvent(CARD32 key, Bool down)
  {
@@ -12920,7 +13141,9 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
 +
 +	if (appData.fileActive) {
 +		if (!dyn || time(NULL) < last_filexfer + delay_filexfer) {
-+			//fprintf(stderr, "skip SendPointerEvent: %d - %d\n", last_filexfer, time(NULL));
++#if 0
++			fprintf(stderr, "skip SendPointerEvent: %d - %d\n", last_filexfer, time(NULL));
++#endif
 +			return True;
 +		}
 +	}
@@ -12937,7 +13160,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
  }
  
  
-@@ -942,281 +2237,1024 @@
+@@ -942,281 +2282,1025 @@
  Bool
  SendClientCutText(char *str, int len)
  {
@@ -12951,7 +13174,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
 +
 +	if (appData.fileActive) {
 +		if (!dyn || time(NULL) < last_filexfer + delay_filexfer) {
-+			// ultravnc java viewer lets this one through.
++			/* ultravnc java viewer lets this one through. */
 +			return True;
 +		}
 +	}
@@ -12969,7 +13192,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
 -  return  (WriteExact(rfbsock, (char *)&cct, sz_rfbClientCutTextMsg) &&
 -	   WriteExact(rfbsock, str, len));
 +	cct.type = rfbClientCutText;
-+	cct.length = Swap32IfLE(len);
++	cct.length = Swap32IfLE((unsigned int) len);
 +	currentMsg = rfbClientCutText;
 +	return  (WriteExact(rfbsock, (char *)&cct, sz_rfbClientCutTextMsg) &&
 +	    WriteExact(rfbsock, str, len));
@@ -13086,7 +13309,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
 +	chat.pad1 = 0;
 +	chat.pad2 = 0;
 +	chat.length = (unsigned int) strlen(str);
-+	if (db) fprintf(stderr, "SendTextChat: %d '%s'\n", chat.length, str);
++	if (db) fprintf(stderr, "SendTextChat: %d '%s'\n", (int) chat.length, str);
 +	chat.length = Swap32IfLE(chat.length);
 +	if (!WriteExact(rfbsock, (char *)&chat, sz_rfbTextChatMsg)) {
 +		return False;
@@ -13110,8 +13333,10 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
 +Bool
 +SendTextChatOpen(void)
 +{
-+	raiseme(0);
 +	rfbTextChatMsg chat;
+ 
+-    msg.fu.nRects = Swap16IfLE(msg.fu.nRects);
++	raiseme(0);
 +	chat.type = rfbTextChat;
 +	chat.pad1 = 0;
 +	chat.pad2 = 0;
@@ -13119,7 +13344,9 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
 +	return WriteExact(rfbsock, (char *)&chat, sz_rfbTextChatMsg);
 +}
  
--    msg.fu.nRects = Swap16IfLE(msg.fu.nRects);
+-    for (i = 0; i < msg.fu.nRects; i++) {
+-      if (!ReadFromRFBServer((char *)&rect, sz_rfbFramebufferUpdateRectHeader))
+-	return False;
 +Bool
 +SendTextChatClose(void)
 +{
@@ -13132,9 +13359,9 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
 +	return WriteExact(rfbsock, (char *)&chat, sz_rfbTextChatMsg);
 +}
  
--    for (i = 0; i < msg.fu.nRects; i++) {
--      if (!ReadFromRFBServer((char *)&rect, sz_rfbFramebufferUpdateRectHeader))
--	return False;
+-      rect.encoding = Swap32IfLE(rect.encoding);
+-      if (rect.encoding == rfbEncodingLastRect)
+-	break;
 +Bool
 +SendTextChatFinished(void)
 +{
@@ -13189,35 +13416,35 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
 +	unsigned int len;
 +
 +        int rfbDirContentRequest = 1;
-+        int rfbDirPacket = 2; // Full directory name or full file name.
++        int rfbDirPacket = 2; /* Full directory name or full file name. */
 +        int rfbFileTransferRequest = 3;
 +        int rfbFileHeader = 4;
-+        int rfbFilePacket = 5; // One slice of the file
++        int rfbFilePacket = 5; /* One slice of the file */
 +        int rfbEndOfFile = 6;
 +        int rfbAbortFileTransfer = 7;
 +        int rfbFileTransferOffer = 8;
-+        int rfbFileAcceptHeader = 9; // The server accepts or rejects the file
++        int rfbFileAcceptHeader = 9; /* The server accepts or rejects the file */
 +        int rfbCommand = 10;
 +        int rfbCommandReturn = 11;
 +        int rfbFileChecksums = 12;
 +
-+        int rfbRDirContent = 1; // Request a Server Directory contents
-+        int rfbRDrivesList = 2; // Request the server's drives list
++        int rfbRDirContent = 1; /* Request a Server Directory contents */
++        int rfbRDrivesList = 2; /* Request the server's drives list */
 +
-+        int rfbADirectory = 1; // Reception of a directory name
-+        int rfbAFile = 2; // Reception of a file name 
-+        int rfbADrivesList = 3; // Reception of a list of drives
-+        int rfbADirCreate = 4; // Response to a create dir command 
-+        int rfbADirDelete = 5; // Response to a delete dir command 
-+        int rfbAFileCreate = 6; // Response to a create file command 
-+        int rfbAFileDelete = 7; // Response to a delete file command
++        int rfbADirectory = 1; /* Reception of a directory name */
++        int rfbAFile = 2; /* Reception of a file name  */
++        int rfbADrivesList = 3; /* Reception of a list of drives */
++        int rfbADirCreate = 4; /* Response to a create dir command  */
++        int rfbADirDelete = 5; /* Response to a delete dir command  */
++        int rfbAFileCreate = 6; /* Response to a create file command  */
++        int rfbAFileDelete = 7; /* Response to a delete file command */
 +
-+        int rfbCDirCreate = 1; // Request the server to create the given directory
-+        int rfbCDirDelete = 2; // Request the server to delete the given directory
-+        int rfbCFileCreate = 3; // Request the server to create the given file
-+        int rfbCFileDelete = 4; // Request the server to delete the given file
++        int rfbCDirCreate = 1; /* Request the server to create the given directory */
++        int rfbCDirDelete = 2; /* Request the server to delete the given directory */
++        int rfbCFileCreate = 3; /* Request the server to create the given file */
++        int rfbCFileDelete = 4; /* Request the server to delete the given file */
 +
-+        int rfbRErrorUnknownCmd = 1; // Unknown FileTransfer command.
++        int rfbRErrorUnknownCmd = 1; /* Unknown FileTransfer command. */
 +#define rfbRErrorCmd 0xFFFFFFFF
 +
 +	static int db = -1;
@@ -13227,13 +13454,10 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
 +	if (filexfer_sock < 0) {
 +		return True;
 +	}
-+	// instead, we read and discard the ft msg data.
++	/* instead, we read and discard the ft msg data. */
 +#endif
- 
--      rect.encoding = Swap32IfLE(rect.encoding);
--      if (rect.encoding == rfbEncodingLastRect)
--	break;
-+//fprintf(stderr, "In  HandleFileXfer\n");
++
++/*fprintf(stderr, "In  HandleFileXfer\n"); */
  
 -      rect.r.x = Swap16IfLE(rect.r.x);
 -      rect.r.y = Swap16IfLE(rect.r.y);
@@ -13259,12 +13483,12 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
 -	if (!HandleCursorPos(rect.r.x, rect.r.y)) {
 -	  return False;
 +	last_filexfer = time(NULL);
-+	//fprintf(stderr, "last_filexfer-1: %d\n", last_filexfer);
++	/*fprintf(stderr, "last_filexfer-1: %d\n", last_filexfer); */
 +
-+	// load first byte to send to Java be the FT msg number:
++	/* load first byte to send to Java be the FT msg number: */
 +	hdr[0] = rfbFileTransfer;
 +
-+	// this is to avoid XtAppProcessEvent() calls induce by our ReadFromRFBServer calls below:
++	/* this is to avoid XtAppProcessEvent() calls induce by our ReadFromRFBServer calls below: */
 +	skip_XtUpdateAll = 1;
 +	if (!ReadFromRFBServer(&hdr[1], 11)) {
 +		skip_XtUpdateAll = 0;
@@ -13340,7 +13564,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
 +				int timeH4 = (unsigned char) fxfer[11];
 +				if (dattr != 0) {
 +					if (timeH1 == 0 && timeH2 == 0 && timeH3 == 0 && timeH4 == 0) {
-+						if (timeL1 != 0 || timeL2 != 0 && timeL3 != 0 && timeL4 != 0) {
++						if ((timeL1 != 0 || timeL2 != 0) && timeL3 != 0 && timeL4 != 0) {
 +							if (!guess_x11vnc) fprintf(stderr, "guessed x11vnc server\n");
 +							guess_x11vnc = 1;
 +						}
@@ -13358,14 +13582,11 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
 +
 +	len = (hdr[4] << 24) | (hdr[5] << 16) | (hdr[6] << 8) | hdr[7];
 +	if (db) fprintf(stderr, "Got rfbFileTransfer: len2 %u\n", len);
- 
--      /* If RichCursor encoding is used, we should prevent collisions
--	 between framebuffer updates and cursor drawing operations. */
--      SoftCursorLockArea(rect.r.x, rect.r.y, rect.r.w, rect.r.h);
++
 +#if 0
 +	if (hdr[1] == rfbFileHeader && len != rfbRErrorCmd)
 +#else
-+	// the extra 4 bytes get send on rfbRErrorCmd as well.
++	/* the extra 4 bytes get send on rfbRErrorCmd as well. */
 +	if (hdr[1] == rfbFileHeader) {
 +#endif
 +		int is_err = 0;
@@ -13395,14 +13616,17 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
 +		}
 +	}
  
--      switch (rect.encoding) {
+-      /* If RichCursor encoding is used, we should prevent collisions
+-	 between framebuffer updates and cursor drawing operations. */
+-      SoftCursorLockArea(rect.r.x, rect.r.y, rect.r.w, rect.r.h);
 +	read_no_more:
-+
+ 
+-      switch (rect.encoding) {
 +	if (filexfer_sock < 0) {
 +		int stop = 0;
 +		static time_t last_stop = 0;
 +#if 0
-+		// this isn't working
++		/* this isn't working */
 +		if (hdr[1] == rfbFilePacket || hdr[1] == rfbFileHeader) {
 +			fprintf(stderr, "filexfer_sock closed, trying to abort receive\n");
 +			stop = 1;
@@ -13429,7 +13653,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
 -	linesToRead = BUFFER_SIZE / bytesPerLine;
 +	if (db) fprintf(stderr, "CFX: B\n");
 +	CheckFileXfer();
-+//fprintf(stderr, "Out HandleFileXfer\n");
++/*fprintf(stderr, "Out HandleFileXfer\n"); */
 +	return True;
 +}
  
@@ -13471,7 +13695,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
 +		}
 +	}
 +
-+//fprintf(stderr, "msg.type: %d\n", msg.type);
++/*fprintf(stderr, "msg.type: %d\n", msg.type); */
  
 -      case rfbEncodingCopyRect:
 -      {
@@ -13575,29 +13799,13 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
  	break;
 -      }
 +    }
- 
--      case rfbEncodingHextile:
--      {
--	switch (myFormat.bitsPerPixel) {
--	case 8:
--	  if (!HandleHextile8(rect.r.x,rect.r.y,rect.r.w,rect.r.h))
--	    return False;
--	  break;
--	case 16:
--	  if (!HandleHextile16(rect.r.x,rect.r.y,rect.r.w,rect.r.h))
--	    return False;
--	  break;
--	case 32:
--	  if (!HandleHextile32(rect.r.x,rect.r.y,rect.r.w,rect.r.h))
--	    return False;
--	  break;
++
 +    case rfbFramebufferUpdate:
 +    {
 +	rfbFramebufferUpdateRectHeader rect;
 +	int linesToRead;
 +	int bytesPerLine;
 +	int i;
-+	int usecs;
 +
 +	int area_copyrect = 0;
 +	int area_tight = 0;
@@ -13610,6 +13818,8 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
 +	int cnt_pseudo = 0;
 +	int cnt_image  = 0;
 +
++	int skip_incFBU = 0;
++
 +	if (db) fprintf(stderr, "FBU-0:    %.6f\n", dnow());
 +	if (rdb < 0) {
 +		if (getenv("SSVNC_DEBUG_RECTS")) {
@@ -13617,9 +13827,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
 +		} else {
 +			rdb = 0;
 +		}
- 	}
--	break;
--      }
++	}
 +	if (delay_sync < 0) {
 +		if (getenv("SSVNC_DELAY_SYNC")) {
 +			delay_sync = atoi(getenv("SSVNC_DELAY_SYNC"));
@@ -13629,22 +13837,21 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
 +		}
 +	}
 +
-+	int skip_incFBU = 0;
 +	sent_FBU = -1;
  
--      case rfbEncodingZlib:
+-      case rfbEncodingHextile:
 -      {
 -	switch (myFormat.bitsPerPixel) {
 -	case 8:
--	  if (!HandleZlib8(rect.r.x,rect.r.y,rect.r.w,rect.r.h))
+-	  if (!HandleHextile8(rect.r.x,rect.r.y,rect.r.w,rect.r.h))
 -	    return False;
 -	  break;
 -	case 16:
--	  if (!HandleZlib16(rect.r.x,rect.r.y,rect.r.w,rect.r.h))
+-	  if (!HandleHextile16(rect.r.x,rect.r.y,rect.r.w,rect.r.h))
 -	    return False;
 -	  break;
 -	case 32:
--	  if (!HandleZlib32(rect.r.x,rect.r.y,rect.r.w,rect.r.h))
+-	  if (!HandleHextile32(rect.r.x,rect.r.y,rect.r.w,rect.r.h))
 -	    return False;
 -	  break;
 +	if (appData.pipelineUpdates) {
@@ -13659,39 +13866,46 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
 +		XSendEvent(dpy, XtWindow(desktop), False, 0, &ev);
  	}
 -	break;
--     }
+-      }
  
--      case rfbEncodingTight:
+-      case rfbEncodingZlib:
 -      {
 -	switch (myFormat.bitsPerPixel) {
 -	case 8:
--	  if (!HandleTight8(rect.r.x,rect.r.y,rect.r.w,rect.r.h))
+-	  if (!HandleZlib8(rect.r.x,rect.r.y,rect.r.w,rect.r.h))
 -	    return False;
 -	  break;
 -	case 16:
--	  if (!HandleTight16(rect.r.x,rect.r.y,rect.r.w,rect.r.h))
+-	  if (!HandleZlib16(rect.r.x,rect.r.y,rect.r.w,rect.r.h))
 -	    return False;
 -	  break;
 -	case 32:
--	  if (!HandleTight32(rect.r.x,rect.r.y,rect.r.w,rect.r.h))
+-	  if (!HandleZlib32(rect.r.x,rect.r.y,rect.r.w,rect.r.h))
 -	    return False;
 -	  break;
 +	if (!ReadFromRFBServer(((char *)&msg.fu) + 1, sz_rfbFramebufferUpdateMsg - 1)) {
 +		return False;
  	}
 -	break;
--      }
+-     }
  
--      default:
--	fprintf(stderr,"Unknown rect encoding %d\n",
--		(int)rect.encoding);
--	return False;
--      }
+-      case rfbEncodingTight:
+-      {
+-	switch (myFormat.bitsPerPixel) {
+-	case 8:
+-	  if (!HandleTight8(rect.r.x,rect.r.y,rect.r.w,rect.r.h))
+-	    return False;
+-	  break;
+-	case 16:
+-	  if (!HandleTight16(rect.r.x,rect.r.y,rect.r.w,rect.r.h))
+-	    return False;
+-	  break;
+-	case 32:
+-	  if (!HandleTight32(rect.r.x,rect.r.y,rect.r.w,rect.r.h))
+-	    return False;
+-	  break;
 +	msg.fu.nRects = Swap16IfLE(msg.fu.nRects);
- 
--      /* Now we may discard "soft cursor locks". */
--      SoftCursorUnlockScreen();
--    }
++
 +	if (rdb) fprintf(stderr, "Begin rect loop %d\n", msg.fu.nRects);
 +
 +	if (delay_sync) {
@@ -13728,8 +13942,15 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
 +		} \
 +		try_delay_sync = 0; \
 +		skip_maybe_sync = 0; \
-+	}
-+
+ 	}
+-	break;
+-      }
+ 
+-      default:
+-	fprintf(stderr,"Unknown rect encoding %d\n",
+-		(int)rect.encoding);
+-	return False;
+-      }
 +	for (i = 0; i < msg.fu.nRects; i++) {
 +		if (!ReadFromRFBServer((char *)&rect, sz_rfbFramebufferUpdateRectHeader)) {
 +			return False;
@@ -13745,7 +13966,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
 +		rect.r.w = Swap16IfLE(rect.r.w);
 +		rect.r.h = Swap16IfLE(rect.r.h);
 +
-+		if (rdb > 1) fprintf(stderr, "nRects: %d  i=%d enc: %d   %dx%d+%d+%d\n", msg.fu.nRects, i, rect.encoding, rect.r.w, rect.r.h, rect.r.x, rect.r.y); 
++		if (rdb > 1) fprintf(stderr, "nRects: %d  i=%d enc: %d   %dx%d+%d+%d\n", msg.fu.nRects, i, (int) rect.encoding, rect.r.w, rect.r.h, rect.r.x, rect.r.y); 
 +			
 +		if (rect.encoding == rfbEncodingXCursor || rect.encoding == rfbEncodingRichCursor) {
 +			cnt_pseudo++;
@@ -13786,7 +14007,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
 +			fprintf(stderr,"New Size: %dx%d at (%d, %d)\n", rect.r.w, rect.r.h, rect.r.x, rect.r.y);
 +			si.framebufferWidth = rect.r.w;
 +			si.framebufferHeight = rect.r.h;
-+			//fprintf(stderr, "si: %d %d\n", si.framebufferWidth, si.framebufferHeight);
++			/*fprintf(stderr, "si: %d %d\n", si.framebufferWidth, si.framebufferHeight); */
 +			ReDoDesktop();
 +			continue;
 +		}
@@ -13804,12 +14025,12 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
 +			case rfbEncodingRRE:
 +			case rfbEncodingCoRRE:
 +			case rfbEncodingHextile:
-+			//case rfbEncodingUltra:
-+//			case rfbEncodingZlib:
-+			//case rfbEncodingXOR_Zlib:
-+			//case rfbEncodingXORMultiColor_Zlib:
-+			//case rfbEncodingXORMonoColor_Zlib:
-+			//case rfbEncodingSolidColor:
++			/*case rfbEncodingUltra: */
++/*			case rfbEncodingZlib: */
++			/*case rfbEncodingXOR_Zlib: */
++			/*case rfbEncodingXORMultiColor_Zlib: */
++			/*case rfbEncodingXORMonoColor_Zlib: */
++			/*case rfbEncodingSolidColor: */
 +			case rfbEncodingTight:
 +			case rfbEncodingZlibHex:
 +			case rfbEncodingZRLE:
@@ -13826,14 +14047,14 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
 +		    (rect.r.y + rect.r.h > si.framebufferHeight)) {
 +			if (!appData.chatOnly) {
 +				fprintf(stderr,"Rect too large: %dx%d at (%d, %d) encoding=%d\n",
-+				rect.r.w, rect.r.h, rect.r.x, rect.r.y, rect.encoding);
++				rect.r.w, rect.r.h, rect.r.x, rect.r.y, (int) rect.encoding);
 +				return False;
 +			}
 +		}
 +
 +		if (rect.r.h * rect.r.w == 0) {
 +			fprintf(stderr,"*** Warning *** Zero size rect: %dx%d+%d+%d  encoding=%d\n",
-+			    rect.r.w, rect.r.h, rect.r.x, rect.r.y, rect.encoding);
++			    rect.r.w, rect.r.h, rect.r.x, rect.r.y, (int) rect.encoding);
 +			if (0) continue;
 +		}
 +
@@ -14133,7 +14354,10 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
 +		fprintf(stderr,"Unknown rect encoding %d\n", (int)rect.encoding);
 +		return False;
 +		}
-+
+ 
+-      /* Now we may discard "soft cursor locks". */
+-      SoftCursorUnlockScreen();
+-    }
 +		/* Now we may discard "soft cursor locks". */
 +		if (db) fprintf(stderr, "FBU-SUL1  %.6f\n", dnow());
 +
@@ -14184,7 +14408,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
  
  #ifdef MITSHM
      /* if using shared memory PutImage, make sure that the X server has
-@@ -1224,59 +3262,168 @@
+@@ -1224,59 +3308,168 @@
         mainly to avoid copyrect using invalid screen contents - not sure
         if we'd need it otherwise. */
  
@@ -14218,12 +14442,12 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
    {
 -    Window toplevelWin;
 +	Window toplevelWin;
-+
+ 
+-    XBell(dpy, 0);
 +	if (appData.useBell) {
 +		XBell(dpy, 0);
 +	}
- 
--    XBell(dpy, 0);
++
 +	if (appData.raiseOnBeep) {
 +		toplevelWin = XtWindow(toplevel);
 +		XMapRaised(dpy, toplevelWin);
@@ -14377,7 +14601,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
 +			appData.fileActive = False;
 +			SendFramebufferUpdateRequest(0, 0, 1, 1, False);
 +		} else {
-+//fprintf(stderr, "CFX: A\n");
++/*fprintf(stderr, "CFX: A\n"); */
 +			CheckFileXfer();
 +		}
 +	}
@@ -14386,7 +14610,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
  }
  
  
-@@ -1296,26 +3443,93 @@
+@@ -1296,26 +3489,93 @@
  #define CONCAT2(a,b) a##b
  #define CONCAT2E(a,b) CONCAT2(a,b)
  
@@ -14420,7 +14644,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
  #include "corre.c"
  #include "hextile.c"
  #include "zlib.c"
-+//
++
 +#ifdef TURBOVNC
 +#undef FillRectangle
 +#define FillRectangle turbovnc_FillRectangle
@@ -14429,7 +14653,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
 +#else
  #include "tight.c"
 +#endif
-+//
++
 +#include "zrle.c"
  #undef BPP
 +
@@ -14438,7 +14662,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
  #include "corre.c"
  #include "hextile.c"
  #include "zlib.c"
-+//
++
 +#ifdef TURBOVNC
 +#undef FillRectangle
 +#define FillRectangle turbovnc_FillRectangle
@@ -14447,7 +14671,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
 +#else
  #include "tight.c"
 +#endif
-+//
++
 +#include "zrle.c"
 +#define REALBPP 15
 +#include "zrle.c"
@@ -14458,7 +14682,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
  #include "corre.c"
  #include "hextile.c"
  #include "zlib.c"
-+//
++
 +#ifdef TURBOVNC
 +#undef FillRectangle
 +#define FillRectangle turbovnc_FillRectangle
@@ -14467,7 +14691,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
 +#else
  #include "tight.c"
 +#endif
-+//
++
 +#include "zrle.c"
 +#define REALBPP 24
 +#include "zrle.c"
@@ -14480,7 +14704,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
  #undef BPP
  
  /*
-@@ -1325,23 +3539,27 @@
+@@ -1325,23 +3585,27 @@
  static void
  ReadConnFailedReason(void)
  {
@@ -14502,7 +14726,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
 +		reasonLen = Swap32IfLE(reasonLen);
 +		if ((reason = malloc(reasonLen)) != NULL &&
 +		    ReadFromRFBServer(reason, reasonLen)) {
-+			int len = reasonLen < sizeof(msgbuf) - 10 ? (int) reasonLen : sizeof(msgbuf) - 10;
++			int len = (int) reasonLen < sizeof(msgbuf) - 10 ? (int) reasonLen : sizeof(msgbuf) - 10;
 +			sprintf(msgbuf,"VNC connection failed: %.*s\n", len, reason);
 +			wmsg(msgbuf, 1);
 +			free(reason);
@@ -14522,7 +14746,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
  }
  
  /*
-@@ -1358,9 +3576,9 @@
+@@ -1358,9 +3622,9 @@
  	    "  %s significant bit in each byte is leftmost on the screen.\n",
  	    (format->bigEndian ? "Most" : "Least"));
    } else {
@@ -14534,7 +14758,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
  	      (format->bigEndian ? "Most" : "Least"));
      }
      if (format->trueColour) {
-@@ -1462,4 +3680,3 @@
+@@ -1462,4 +3726,3 @@
  
    cinfo->src = &jpegSrcManager;
  }
@@ -14607,7 +14831,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rre.c vnc_unixsrc/vncviewer/r
 +#undef FillRectangle
 diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/selection.c vnc_unixsrc/vncviewer/selection.c
 --- vnc_unixsrc.orig/vncviewer/selection.c	2004-03-03 04:11:52.000000000 -0500
-+++ vnc_unixsrc/vncviewer/selection.c	2009-11-24 13:34:03.000000000 -0500
++++ vnc_unixsrc/vncviewer/selection.c	2010-02-25 23:28:48.000000000 -0500
 @@ -43,13 +43,16 @@
  				unsigned long* length, int* format);
  static void LoseSelection(Widget w, Atom *selection);
@@ -14664,7 +14888,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/selection.c vnc_unixsrc/vncvi
  }
  
  
-@@ -93,13 +102,15 @@
+@@ -93,13 +102,16 @@
  				Atom* selection, Atom* type, XtPointer value,
  				unsigned long* length, int* format)
  {
@@ -14684,10 +14908,11 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/selection.c vnc_unixsrc/vncvi
 +	if (value) {
 +		XtFree(value);
 +	}
++	if (w || clientData || selection || type || value || length || format) {}
  }
  
  
-@@ -121,26 +132,29 @@
+@@ -121,26 +133,30 @@
  void
  SelectionToVNC(Widget w, XEvent *event, String *params, Cardinal *num_params)
  {
@@ -14733,10 +14958,11 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/selection.c vnc_unixsrc/vncvi
 +	} else {
 +		XtGetSelectionValue(w, sendsel, XInternAtom(dpy, "TIMESTAMP", False), GetSelectionTimeCallback, NULL, TimeFromEvent(event));
 +	}
++	if (w || event || params || num_params) {}
  }
  
  
-@@ -158,10 +172,12 @@
+@@ -158,10 +174,13 @@
    int len = *length;
    char *str = (char *)value;
  
@@ -14750,10 +14976,11 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/selection.c vnc_unixsrc/vncvi
 +	} else if (!getenv("VNCVIEWER_NO_CUTBUFFER")) {
 +		SendCutBuffer();
 +	}
++	if (w || clientData || selection || type || value || length || format) {}
  }
  
  
-@@ -180,26 +196,23 @@
+@@ -180,26 +199,24 @@
  			 Atom* type, XtPointer value, unsigned long* length,
  			 int* format)
  {
@@ -14793,10 +15020,11 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/selection.c vnc_unixsrc/vncvi
 +	if (value) {
 +		XtFree(value);
 +	}
++	if (w || clientData || selection || type || value || length || format) {}
  }
  
  
-@@ -209,16 +222,17 @@
+@@ -209,16 +226,17 @@
   */
  
  static void
@@ -14822,7 +15050,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/selection.c vnc_unixsrc/vncvi
  }
  
  
-@@ -230,10 +244,11 @@
+@@ -230,10 +248,12 @@
  static void
  CutBufferChange(Widget w, XtPointer ptr, XEvent *ev, Boolean *cont)
  {
@@ -14834,10 +15062,11 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/selection.c vnc_unixsrc/vncvi
  
 -  cutBufferTime = ev->xproperty.time;
 +	cutBufferTime = ev->xproperty.time;
++	if (w || ptr || cont) {}
  }
  
  
-@@ -249,36 +264,68 @@
+@@ -249,36 +269,69 @@
  void
  SelectionFromVNC(Widget w, XEvent *event, String *params, Cardinal *num_params)
  {
@@ -14933,10 +15162,11 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/selection.c vnc_unixsrc/vncvi
 +		ClipboardSelectionOwner = True;
 +		if (dbg_sel) fprintf(stderr, "Own CLIPBOARD\n");
 +	}
++	if (w || event || params || num_params) {}
  }
  
  
-@@ -293,37 +340,36 @@
+@@ -293,37 +346,36 @@
  		 XtPointer* value, unsigned long* length, int* format)
  {
  
@@ -15002,7 +15232,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/selection.c vnc_unixsrc/vncvi
  }
  
  
-@@ -332,7 +378,12 @@
+@@ -332,7 +384,13 @@
   */
  
  static void
@@ -15017,11 +15247,12 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/selection.c vnc_unixsrc/vncvi
 +		if (dbg_sel) fprintf(stderr, "lost CLIPBOARD\n");
 +  		ClipboardSelectionOwner = False;
 +	}
++	if (w) {}
  }
 diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/shm.c vnc_unixsrc/vncviewer/shm.c
 --- vnc_unixsrc.orig/vncviewer/shm.c	2000-06-11 08:00:53.000000000 -0400
-+++ vnc_unixsrc/vncviewer/shm.c	2009-11-28 02:25:03.000000000 -0500
-@@ -30,71 +30,108 @@
++++ vnc_unixsrc/vncviewer/shm.c	2010-02-25 23:40:58.000000000 -0500
+@@ -30,71 +30,113 @@
  static Bool caughtShmError = False;
  static Bool needShmCleanup = False;
  
@@ -15036,6 +15267,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/shm.c vnc_unixsrc/vncviewer/s
 -  }
 +static int ShmCreationXErrorHandler(Display *dpy, XErrorEvent *error) {
 +	caughtShmError = True;
++	if (dpy || error) {}
 +	return 0;
  }
  
@@ -15149,7 +15381,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/shm.c vnc_unixsrc/vncviewer/s
 +
 +	if (shminfo.shmid == -1) {
 +		XDestroyImage(image);
-+		//fprintf(stderr, "CreateShmImage: destroyed 'image' (1)\n");
++		if (0) fprintf(stderr, "CreateShmImage: destroyed 'image' (1)\n");
 +		return NULL;
 +	}
 +
@@ -15157,7 +15389,9 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/shm.c vnc_unixsrc/vncviewer/s
 +
 +	if (shminfo.shmaddr == (char *)-1) {
 +		XDestroyImage(image);
-+		//fprintf(stderr, "CreateShmImage: destroyed 'image' (2)\n");
++#if 0
++		fprintf(stderr, "CreateShmImage: destroyed 'image' (2)\n");
++#endif
 +		shmctl(shminfo.shmid, IPC_RMID, 0);
 +		return NULL;
 +	}
@@ -15171,7 +15405,9 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/shm.c vnc_unixsrc/vncviewer/s
 +
 +	if (caughtShmError) {
 +		XDestroyImage(image);
-+		//fprintf(stderr, "CreateShmImage: destroyed 'image' (3)\n");
++#if 0
++		fprintf(stderr, "CreateShmImage: destroyed 'image' (3)\n");
++#endif
 +		shmdt(shminfo.shmaddr);
 +		shmctl(shminfo.shmid, IPC_RMID, 0);
 +		return NULL;
@@ -15203,8 +15439,14 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/smake vnc_unixsrc/vncviewer/s
 +fi
 diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/sockets.c vnc_unixsrc/vncviewer/sockets.c
 --- vnc_unixsrc.orig/vncviewer/sockets.c	2001-01-14 22:54:18.000000000 -0500
-+++ vnc_unixsrc/vncviewer/sockets.c	2009-11-27 13:55:46.000000000 -0500
-@@ -27,11 +27,17 @@
++++ vnc_unixsrc/vncviewer/sockets.c	2010-02-25 23:38:35.000000000 -0500
+@@ -22,17 +22,25 @@
+  */
+ 
+ #include <unistd.h>
++#include <time.h>
+ #include <sys/socket.h>
+ #include <errno.h>
  #include <netinet/in.h>
  #include <netinet/tcp.h>
  #include <arpa/inet.h>
@@ -15220,9 +15462,11 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/sockets.c vnc_unixsrc/vncview
 +#endif
 +
  void PrintInHex(char *buf, int len);
++extern void printChat(char *, Bool);
  
  Bool errorMessageOnReadFailure = True;
-@@ -56,31 +62,376 @@
+ 
+@@ -56,31 +64,396 @@
   */
  
  static Bool rfbsockReady = False;
@@ -15238,11 +15482,14 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/sockets.c vnc_unixsrc/vncview
 -  rfbsockReady = True;
 -  XtRemoveInput(*id);
 +	rfbsockReady = True;
-+//	XtRemoveInput(*id);
++#if 0
++	XtRemoveInput(*id);
++#endif
 +	XtRemoveInput(rfbsockId);
 +	if (do_xfrsockId) {
 +		XtRemoveInput(xfrsockId);
 +	}
++	if (clientData || fd || id) {}
  }
  
  static void
@@ -15260,6 +15507,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/sockets.c vnc_unixsrc/vncview
 +	if (do_rfbsockId) {
 +		XtRemoveInput(rfbsockId);
 +	}
++	if (clientData || fd || id) {}
 +}
 +
 +
@@ -15310,7 +15558,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/sockets.c vnc_unixsrc/vncview
 +		filexfer_listen = -1;
 +		return;
 +	}
-+//fprintf(stderr, "In  CheckFileXfer\n");
++if (0) fprintf(stderr, "In  CheckFileXfer\n");
 +
 +	if (filexfer_listen >=0) {
 +		n = filexfer_listen;
@@ -15348,6 +15596,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/sockets.c vnc_unixsrc/vncview
 +				unsigned char hdr[12];
 +				unsigned int len;
 +				if (db) fprintf(stderr, "try read filexfer...\n");
++				if (hdr || len || i) {}
 +#if 1
 +				rn = read(n, fxfer, 1*8192);
 +if (db) {
@@ -15367,7 +15616,9 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/sockets.c vnc_unixsrc/vncview
 +					close(n);
 +					filexfer_sock = -1;
 +					last_filexfer = time(NULL);
-+					//fprintf(stderr, "last_filexfer-2a: %d\n", last_filexfer);
++#if 0
++					fprintf(stderr, "last_filexfer-2a: %d\n", last_filexfer);
++#endif
 +					appData.fileActive = False;
 +					SendFramebufferUpdateRequest(0, 0, 1, 1, False);
 +					return;
@@ -15376,7 +15627,9 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/sockets.c vnc_unixsrc/vncview
 +					if (db) fprintf(stderr, "\n");
 +					bytes += rn;
 +					last_filexfer = time(NULL);
-+					//fprintf(stderr, "last_filexfer-2b: %d\n", last_filexfer);
++#if 0
++					fprintf(stderr, "last_filexfer-2b: %d\n", last_filexfer);
++#endif
 +
 +					if (0) {
 +						/* WE TRY TO FIX THIS IN THE JAVA NOW */
@@ -15395,7 +15648,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/sockets.c vnc_unixsrc/vncview
 +					igot = 1;
 +				}
 +#else
-+				// not working, not always 7 msg type.	
++				/* not working, not always 7 msg type.	*/
 +				rn = read(n, hdr, 12);
 +				if (db) fprintf(stderr, "filexfer read %d.\n", rn);
 +				if (rn == 0) {
@@ -15440,8 +15693,10 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/sockets.c vnc_unixsrc/vncview
 +				if (ok) {
 +					grace++;
 +					bytes0 = bytes;
-+					//fprintf(stderr, "grace: %d\n", grace);
-+					// forgot that this is about...
++#if 0
++					fprintf(stderr, "grace: %d\n", grace);
++					/* forgot that this is about... */
++#endif
 +					usleep(10 * 1000);
 +					continue;
 +				}
@@ -15451,9 +15706,13 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/sockets.c vnc_unixsrc/vncview
 +	}
 +	if (igot) {
 +		last_filexfer = time(NULL);
-+		//fprintf(stderr, "last_filexfer-2c: %d\n", last_filexfer);
++#if 0
++		fprintf(stderr, "last_filexfer-2c: %d\n", last_filexfer);
++#endif
 +	}
-+//fprintf(stderr, "Out CheckFileXfer\n");
++#if 0
++fprintf(stderr, "Out CheckFileXfer\n");
++#endif
 +	return;
 +}
 +
@@ -15492,7 +15751,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/sockets.c vnc_unixsrc/vncview
 +	if (buf[0] != '\0') {
 +		SendTextChat(buf);
 +	}
-+	if (igot >= 0) printChat("Send: ");
++	if (igot >= 0) printChat("Send: ", False);
 +}
 +
 +static time_t time_mark;
@@ -15503,7 +15762,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/sockets.c vnc_unixsrc/vncview
 +
 +void ProcessXtEvents()
 +{
-+	int y, db = 0;
++	int db = 0;
 +	static int dyn = -1;
 +	static int chat_was_active = 0;
 +	int check_chat = 0;
@@ -15523,7 +15782,9 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/sockets.c vnc_unixsrc/vncview
 +		}
 +	}
 +
-+	//if (0) fprintf(stderr, "ProcessXtEvents: %d  %.4f\n", skip_XtUpdateAll, dnow() - start_time);
++#if 0
++	if (0) fprintf(stderr, "ProcessXtEvents: %d  %.4f\n", skip_XtUpdateAll, dnow() - start_time);
++#endif
 +
 +	if (skip_XtUpdateAll) {
 +		return;
@@ -15536,7 +15797,6 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/sockets.c vnc_unixsrc/vncview
 +		static double last_check = 0.0;
 +		double now = dnow();
 +		if (now > last_check + 0.75) {
-+			//fprintf(stderr, "cwa\n");
 +			check_chat = 1;
 +			last_check = now;
 +		}
@@ -15599,28 +15859,36 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/sockets.c vnc_unixsrc/vncview
  Bool
  ReadFromRFBServer(char *out, unsigned int n)
  {
-+//	double start = dnow(), dn = n;
++#if 0
++	double start = dnow(), dn = n;
++#endif
    if (n <= buffered) {
      memcpy(out, bufoutptr, n);
      bufoutptr += n;
      buffered -= n;
-+//fprintf(stderr, "R0: %06d\n", (int) dn);
++#if 0
++fprintf(stderr, "R0: %06d\n", (int) dn);
++#endif
      return True;
    }
  
-@@ -119,6 +470,7 @@
+@@ -119,6 +492,9 @@
      memcpy(out, bufoutptr, n);
      bufoutptr += n;
      buffered -= n;
-+//fprintf(stderr, "R1: %06d %06d %10.2f KB/sec\n", (int) dn, buffered+n, 1e-3 * (buffered+n)/(dnow() - start));
++#if 0
++fprintf(stderr, "R1: %06d %06d %10.2f KB/sec\n", (int) dn, buffered+n, 1e-3 * (buffered+n)/(dnow() - start));
++#endif
      return True;
  
    } else {
-@@ -146,11 +498,14 @@
+@@ -146,11 +522,16 @@
        n -= i;
      }
  
-+//fprintf(stderr, "R2: %06d %06d %10.2f KB/sec\n", (int) dn, (int) dn, 1e-3 * (dn)/(dnow() - start));
++#if 0
++fprintf(stderr, "R2: %06d %06d %10.2f KB/sec\n", (int) dn, (int) dn, 1e-3 * (dn)/(dnow() - start));
++#endif
      return True;
    }
  }
@@ -15631,7 +15899,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/sockets.c vnc_unixsrc/vncview
  /*
   * Write an exact number of bytes, and don't return until you've sent them.
   */
-@@ -158,37 +513,81 @@
+@@ -158,37 +539,81 @@
  Bool
  WriteExact(int sock, char *buf, int n)
  {
@@ -15742,7 +16010,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/sockets.c vnc_unixsrc/vncview
  }
  
  
-@@ -203,6 +602,8 @@
+@@ -203,6 +628,8 @@
    struct sockaddr_in addr;
    int one = 1;
  
@@ -15751,7 +16019,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/sockets.c vnc_unixsrc/vncview
    addr.sin_family = AF_INET;
    addr.sin_port = htons(port);
    addr.sin_addr.s_addr = host;
-@@ -232,7 +633,22 @@
+@@ -232,7 +659,22 @@
    return sock;
  }
  
@@ -15774,7 +16042,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/sockets.c vnc_unixsrc/vncview
  
  /*
   * FindFreeTcpPort tries to find unused TCP port in the range
-@@ -245,6 +661,8 @@
+@@ -245,6 +687,8 @@
    int sock, port;
    struct sockaddr_in addr;
  
@@ -15783,7 +16051,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/sockets.c vnc_unixsrc/vncview
    addr.sin_family = AF_INET;
    addr.sin_addr.s_addr = INADDR_ANY;
  
-@@ -272,6 +690,8 @@
+@@ -272,6 +716,8 @@
   * ListenAtTcpPort starts listening at the given TCP port.
   */
  
@@ -15792,7 +16060,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/sockets.c vnc_unixsrc/vncview
  int
  ListenAtTcpPort(int port)
  {
-@@ -279,10 +699,16 @@
+@@ -279,10 +725,16 @@
    struct sockaddr_in addr;
    int one = 1;
  
@@ -15809,7 +16077,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/sockets.c vnc_unixsrc/vncview
    sock = socket(AF_INET, SOCK_STREAM, 0);
    if (sock < 0) {
      fprintf(stderr,programName);
-@@ -305,7 +731,7 @@
+@@ -305,7 +757,7 @@
      return -1;
    }
  
@@ -15818,7 +16086,16 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/sockets.c vnc_unixsrc/vncview
      fprintf(stderr,programName);
      perror(": ListenAtTcpPort: listen");
      close(sock);
-@@ -392,6 +818,42 @@
+@@ -379,7 +831,7 @@
+ 
+   *addr = inet_addr(str);
+ 
+-  if (*addr != -1)
++  if (*addr != (unsigned int) -1)
+     return True;
+ 
+   hp = gethostbyname(str);
+@@ -392,6 +844,42 @@
    return False;
  }
  
@@ -15913,8 +16190,16 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/tmake vnc_unixsrc/vncviewer/t
 +ldd   vncviewer
 diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/tunnel.c vnc_unixsrc/vncviewer/tunnel.c
 --- vnc_unixsrc.orig/vncviewer/tunnel.c	2003-07-31 04:03:49.000000000 -0400
-+++ vnc_unixsrc/vncviewer/tunnel.c	2007-05-08 21:28:01.000000000 -0400
-@@ -132,6 +132,7 @@
++++ vnc_unixsrc/vncviewer/tunnel.c	2010-02-25 23:39:24.000000000 -0500
+@@ -100,7 +100,6 @@
+ 		  int *pargc, char **argv, int tunnelArgIndex)
+ {
+   char *pdisplay;
+-  int port;
+ 
+   if (tunnelArgIndex >= *pargc - 1)
+     usage();
+@@ -132,6 +131,7 @@
  {
    char *colonPos;
    int len, portOffset;
@@ -15922,8 +16207,12 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/tunnel.c vnc_unixsrc/vncviewe
  
    if (tunnelArgIndex >= *pargc - 2)
      usage();
-@@ -153,7 +154,14 @@
-     if (!len || strspn(colonPos, "-0123456789") != len) {
+@@ -150,10 +150,17 @@
+       len--;
+       portOffset = 0;
+     }
+-    if (!len || strspn(colonPos, "-0123456789") != len) {
++    if (!len || (int) strspn(colonPos, "-0123456789") != len) {
        usage();
      }
 +#if 0
@@ -17616,20 +17905,22 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer._man vnc_unixsrc/vn
 +Karl J. Runge <runge@karlrunge.com>
 diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.c vnc_unixsrc/vncviewer/vncviewer.c
 --- vnc_unixsrc.orig/vncviewer/vncviewer.c	2004-01-13 09:22:05.000000000 -0500
-+++ vnc_unixsrc/vncviewer/vncviewer.c	2009-11-24 19:41:33.000000000 -0500
-@@ -22,6 +22,7 @@
++++ vnc_unixsrc/vncviewer/vncviewer.c	2010-03-06 14:43:29.000000000 -0500
+@@ -22,6 +22,8 @@
   */
  
  #include "vncviewer.h"
++#include <ctype.h>
 +#include <X11/Xaw/Toggle.h>
  
  char *programName;
  XtAppContext appContext;
-@@ -29,11 +30,258 @@
+@@ -29,11 +31,258 @@
  
  Widget toplevel;
  
 +extern void raiseme(int force);
++extern void CreateChat(void);
 +
 +void set_sbwidth(int sbw) {
 +	char *q, *p, t[5];
@@ -17668,9 +17959,8 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.c vnc_unixsrc/vncvi
 +}
 +
 +void min_title(void) {
-+	char *q, *p;
-+	int i, k, N = 4;
-+	int db = 0;
++	char *q;
++	int k;
 +
 +	k = 0;
 +	while (fallback_resources[k] != NULL) {
@@ -17886,7 +18176,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.c vnc_unixsrc/vncvi
  
    /* The -listen option is used to make us a daemon process which listens for
       incoming connections from servers, rather than actively connecting to a
-@@ -45,89 +293,1667 @@
+@@ -45,89 +294,1744 @@
       listenForIncomingConnections() returns, setting the listenSpecified
       flag. */
  
@@ -18073,7 +18363,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.c vnc_unixsrc/vncvi
 +						tmp[i] = '\0';
 +					}
 +					for (i=0; i<250; i++) {
-+						if (i >= strlen(appData.repeaterUltra)) {
++						if (i >= (int) strlen(appData.repeaterUltra)) {
 +							break;
 +						}
 +						tmp[i] = appData.repeaterUltra[i];
@@ -18187,7 +18477,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.c vnc_unixsrc/vncvi
 +
 +int do_format_change = 0;
 +int do_cursor_change = 0;
-+int do_fb_update = 0.0;
++double do_fb_update = 0.0;
 +static void schedule_format_change(void) {
 +	do_format_change = 1;
 +	do_cursor_change = 0;
@@ -18240,6 +18530,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.c vnc_unixsrc/vncvi
 +		fprintf(stderr, "8bpp: on (%d colors)\n", appDataNew.useBGR233);
 +	}
 +	schedule_format_change();
++	if (w || ev || params || num_params) {}
 +}
 +
 +
@@ -18260,6 +18551,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.c vnc_unixsrc/vncvi
 +		fprintf(stderr, "16bpp: on\n");
 +	}
 +	schedule_format_change();
++	if (w || ev || params || num_params) {}
 +}
 +
 +void
@@ -18287,6 +18579,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.c vnc_unixsrc/vncvi
 +		}
 +	}
 +	schedule_format_change();
++	if (w || ev || params || num_params) {}
 +}
 +
 +void
@@ -18300,6 +18593,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.c vnc_unixsrc/vncvi
 +	fprintf(stderr, "ToggleXGrab, current=%d\n", appData.grabAll);
 +	/* always ungrab to be sure, fullscreen will handle the rest */
 +	XUngrabServer(dpy);
++	if (w || ev || params || num_params) {}
 +}
 +
 +void
@@ -18310,6 +18604,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.c vnc_unixsrc/vncvi
 +	} else {
 +		appData.escapeActive = True;
 +	}
++	if (w || ev || params || num_params) {}
 +}
 +
 +/*
@@ -18332,6 +18627,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.c vnc_unixsrc/vncvi
 +		appDataNew.useBGR565 = False;
 +		schedule_format_change();
 +	}
++	if (w || ev || params || num_params) {}
 +}
 +
 +void
@@ -18346,6 +18642,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.c vnc_unixsrc/vncvi
 +		appDataNew.useBGR565 = False;
 +		schedule_format_change();
 +	}
++	if (w || ev || params || num_params) {}
 +}
 +
 +void
@@ -18360,6 +18657,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.c vnc_unixsrc/vncvi
 +		appDataNew.useBGR565 = False;
 +		schedule_format_change();
 +	}
++	if (w || ev || params || num_params) {}
 +}
 +
 +void
@@ -18375,6 +18673,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.c vnc_unixsrc/vncvi
 +		fprintf(stderr, "greyscale: on\n");
 +	}
 +	schedule_format_change();
++	if (w || ev || params || num_params) {}
 +}
 +
 +/*
@@ -18393,6 +18692,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.c vnc_unixsrc/vncvi
 +		fprintf(stderr, "JPEG: on\n");
 +	}
 +	schedule_format_change();
++	if (w || ev || params || num_params) {}
 +}
 +
 +/*
@@ -18450,6 +18750,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.c vnc_unixsrc/vncvi
 +		first = 0;
 +	}
 +	schedule_format_change();
++	if (w || ev || params || num_params) {}
 +}
 +
 +void
@@ -18480,6 +18781,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.c vnc_unixsrc/vncvi
 +		}
 +	}
 +	schedule_format_change();
++	if (w || ev || params || num_params) {}
 +}
 +
 +void
@@ -18526,6 +18828,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.c vnc_unixsrc/vncvi
 +		first = 0;
 +	}
 +	schedule_format_change();
++	if (w || ev || params || num_params) {}
 +}
 +
 +void scale_check_zrle(void) {
@@ -18538,7 +18841,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.c vnc_unixsrc/vncvi
 +		return;
 +	}
 +	if (!usingZRLE && !usingHextile) {
-+		Widget w;
++		Widget w = 0;
 +		fprintf(stderr, "\nSwitching to faster ZRLE encoding in client-side scaling mode.\n");
 +		fprintf(stderr, "Switch back to Tight via the Popup menu if you prefer it.\n\n");
 +		ToggleTightZRLE(w, NULL, NULL, NULL);
@@ -18560,6 +18863,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.c vnc_unixsrc/vncvi
 +		fprintf(stderr, "viewonly: on\n");
 +	}
 +	Xcursors(1);
++	if (w || ev || params || num_params) {}
 +}
 +
 +void
@@ -18579,6 +18883,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.c vnc_unixsrc/vncvi
 +	} else {
 +		do_cursor_change = -1;
 +	}
++	if (w || ev || params || num_params) {}
 +}
 +
 +void
@@ -18591,6 +18896,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.c vnc_unixsrc/vncvi
 +		appData.useCursorAlpha = True;
 +		fprintf(stderr, "useCursorAlpha: on\n");
 +	}
++	if (w || ev || params || num_params) {}
 +}
 +
 +void
@@ -18606,6 +18912,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.c vnc_unixsrc/vncvi
 +	}
 +	schedule_format_change();
 +	do_cursor_change = 1;
++	if (w || ev || params || num_params) {}
 +}
 +
 +void
@@ -18618,6 +18925,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.c vnc_unixsrc/vncvi
 +		appData.useBell = True;
 +		fprintf(stderr, "useBell: on\n");
 +	}
++	if (w || ev || params || num_params) {}
 +}
 +
 +void
@@ -18632,6 +18940,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.c vnc_unixsrc/vncvi
 +		fprintf(stderr, "useRawLocal: on\n");
 +	}
 +	schedule_format_change();
++	if (w || ev || params || num_params) {}
 +}
 +
 +void
@@ -18646,6 +18955,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.c vnc_unixsrc/vncvi
 +		fprintf(stderr, "serverInput: on\n");
 +		SendServerInput(False);
 +	}
++	if (w || ev || params || num_params) {}
 +}
 +
 +void
@@ -18659,6 +18969,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.c vnc_unixsrc/vncvi
 +		fprintf(stderr, "pipeline-update: on\n");
 +	}
 +	/* XXX request one to be sure? */
++	if (w || ev || params || num_params) {}
 +}
 +
 +void
@@ -18671,6 +18982,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.c vnc_unixsrc/vncvi
 +		appData.sendClipboard = True;
 +		fprintf(stderr, "Send CLIPBOARD Selection: on (do not send PRIMARY)\n");
 +	}
++	if (w || ev || params || num_params) {}
 +}
 +
 +void
@@ -18683,6 +18995,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.c vnc_unixsrc/vncvi
 +		appData.sendAlways = True;
 +		fprintf(stderr, "Send Selection Always: on\n");
 +	}
++	if (w || ev || params || num_params) {}
 +}
 +
 +
@@ -18708,11 +19021,17 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.c vnc_unixsrc/vncvi
 +			XDefineCursor(dpy, desktopWin, bogoCursor);
 +		}
 +	}
++	if (w || ev || params || num_params) {}
 +}
 +
 +void raiseme(int force);
 +void AppendChatInput(char *);
 +
++extern void ShowChat(Widget w, XEvent *event, String *params, Cardinal *num_params);
++extern void ShowFile(Widget w, XEvent *event, String *params, Cardinal *num_params);
++extern Bool SendTextChatFinished(void);
++
++
 +void printChat(char *str, Bool raise) {
 +	if (appData.termChat) {
 +		if (raise) {
@@ -18721,7 +19040,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.c vnc_unixsrc/vncvi
 +		fprintf(stderr, str);
 +	} else {
 +		if (raise) {
-+			ShowChat();
++			ShowChat(0, 0, 0, 0);
 +		}
 +		AppendChatInput(str);
 +	}
@@ -18737,7 +19056,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.c vnc_unixsrc/vncvi
 +		HideChat(0, NULL, NULL, NULL);
 +		appData.chatActive= False;
 +	} else {
-+		ShowChat();
++		ShowChat(0, 0, 0, 0);
 +		SendTextChatOpen();
 +		if (appData.termChat) {
 +			printChat("\n*SentOpen*\n\nSend: ", True);
@@ -18746,6 +19065,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.c vnc_unixsrc/vncvi
 +		}
 +		appData.chatActive = True;
 +	}
++	if (w || ev || params || num_params) {}
 +}
 +
 +extern int filexfer_sock;
@@ -18760,8 +19080,10 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.c vnc_unixsrc/vncvi
 +{
 +	static double last_start = 0.0;
 +	if (appData.fileActive) {
-+		//HideFile(w, ev, params, num_params);
-+		//appData.fileActive = False;
++#if 0
++		HideFile(w, ev, params, num_params);
++		appData.fileActive = False;
++#endif
 +#ifndef KILLJAVA
 +		if (filexfer_sock >= 0) {
 +			close(filexfer_sock);
@@ -18788,9 +19110,11 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.c vnc_unixsrc/vncvi
 +		appData.fileActive = True;
 +		last_start = dnow();
 +	}
++	if (w || ev || params || num_params) {}
 +}
 +
 +static int fooHandler(Display *dpy, XErrorEvent *error) {
++	if (dpy || error) {}
 +	return 0;
 +}
 +
@@ -18844,6 +19168,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.c vnc_unixsrc/vncvi
 +		n = atoi(s);
 +		set_server_scale(n);
 +	}
++	if (w || ev || params || num_params) {}
 +}
 +
 +void set_server_quality(int n) {
@@ -18878,6 +19203,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.c vnc_unixsrc/vncvi
 +		n = atoi(s);
 +		set_server_quality(n);
 +	}
++	if (w || ev || params || num_params) {}
 +}
 +
 +void set_server_compress(int n) {
@@ -18912,9 +19238,11 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.c vnc_unixsrc/vncvi
 +		n = atoi(s);
 +		set_server_compress(n);
 +	}
++	if (w || ev || params || num_params) {}
 +}
 +
 +extern void rescale_image(void);
++extern void get_scale_values(double *fx, double *fy);
 +
 +void
 +SetScale(Widget w, XEvent *ev, String *params, Cardinal *num_params)
@@ -18922,8 +19250,10 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.c vnc_unixsrc/vncvi
 +	char *s;
 +	s = DoScaleDialog();
 +	if (s[0] != '\0') {
++#if 0
 +		int w = si.framebufferWidth;
 +		int h = si.framebufferHeight;
++#endif
 +		double fx, fy;
 +		int fs = 0;
 +		if (appData.scale != NULL && !strcmp(s, appData.scale)) {
@@ -18956,6 +19286,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.c vnc_unixsrc/vncvi
 +			FullScreenOn();
 +		}
 +	}
++	if (w || ev || params || num_params) {}
 +}
 +
 +void
@@ -18967,6 +19298,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.c vnc_unixsrc/vncvi
 +	if (s[0] != '\0') {
 +		appData.escapeKeys = strdup(s);
 +	}
++	if (w || ev || params || num_params) {}
 +}
 +
 +void set_ycrop(int n) {
@@ -19001,6 +19333,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.c vnc_unixsrc/vncvi
 +		n = atoi(s);
 +		set_ycrop(n);
 +	}
++	if (w || ev || params || num_params) {}
 +}
 +
 +void set_scbar(int n) {
@@ -19035,6 +19368,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.c vnc_unixsrc/vncvi
 +		n = atoi(s);
 +		set_scbar(n);
 +	}
++	if (w || ev || params || num_params) {}
 +}
 +
 +void
@@ -19044,6 +19378,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.c vnc_unixsrc/vncvi
 +		int n = atoi(params[0]);
 +		set_server_scale(n);
 +	}
++	if (w || ev || params || num_params) {}
 +}
 +
 +void UpdateQual(void) {
@@ -19158,6 +19493,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.c vnc_unixsrc/vncvi
 +			LosslessRefresh();
 +		}
 +	}
++	if (w || ev || params || num_params) {}
 +}
 +
 +void
@@ -19167,6 +19503,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.c vnc_unixsrc/vncvi
 +		int n = atoi(params[0]);
 +		set_server_quality(n);
 +	}
++	if (w || ev || params || num_params) {}
 +}
 +
 +void
@@ -19176,6 +19513,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.c vnc_unixsrc/vncvi
 +		int n = atoi(params[0]);
 +		set_server_compress(n);
 +	}
++	if (w || ev || params || num_params) {}
 +}
 +
 +void
@@ -19225,6 +19563,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.c vnc_unixsrc/vncvi
 +	} else {
 +		XtVaSetValues(w, XtNstate, False, NULL);
 +	}
++	if (w || ev || params || num_params) {}
 +}
 +
 +void
@@ -19235,6 +19574,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.c vnc_unixsrc/vncvi
 +	} else {
 +		XtVaSetValues(w, XtNstate, True, NULL);
 +	}
++	if (w || ev || params || num_params) {}
 +}
 +
 +void
@@ -19248,6 +19588,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.c vnc_unixsrc/vncvi
 +			XtVaSetValues(w, XtNstate, False, NULL);
 +		}
 +	}
++	if (w || ev || params || num_params) {}
 +}
 +
 +void
@@ -19261,6 +19602,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.c vnc_unixsrc/vncvi
 +			XtVaSetValues(w, XtNstate, False, NULL);
 +		}
 +	}
++	if (w || ev || params || num_params) {}
 +}
 +
 +void
@@ -19274,6 +19616,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.c vnc_unixsrc/vncvi
 +			XtVaSetValues(w, XtNstate, False, NULL);
 +		}
 +	}
++	if (w || ev || params || num_params) {}
 +}
 +
 +void
@@ -19290,6 +19633,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.c vnc_unixsrc/vncvi
 +	} else {
 +		XtVaSetValues(w, XtNstate, False, NULL);
 +	}
++	if (w || ev || params || num_params) {}
 +}
 +
 +void
@@ -19306,6 +19650,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.c vnc_unixsrc/vncvi
 +	} else {
 +		XtVaSetValues(w, XtNstate, False, NULL);
 +	}
++	if (w || ev || params || num_params) {}
 +}
 +
 +void
@@ -19322,6 +19667,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.c vnc_unixsrc/vncvi
 +			XtVaSetValues(b16, XtNstate, False, NULL);
 +		}
 +	}
++	if (w || ev || params || num_params) {}
 +}
 +
 +void
@@ -19332,6 +19678,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.c vnc_unixsrc/vncvi
 +	} else {
 +		XtVaSetValues(w, XtNstate, False, NULL);
 +	}
++	if (w || ev || params || num_params) {}
 +}
 +
 +void
@@ -19342,6 +19689,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.c vnc_unixsrc/vncvi
 +	} else {
 +		XtVaSetValues(w, XtNstate, False, NULL);
 +	}
++	if (w || ev || params || num_params) {}
 +}
 +
 +void
@@ -19358,6 +19706,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.c vnc_unixsrc/vncvi
 +	} else {
 +		XtVaSetValues(w, XtNstate, False, NULL);
 +	}
++	if (w || ev || params || num_params) {}
 +}
 +
 +void
@@ -19374,6 +19723,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.c vnc_unixsrc/vncvi
 +	} else {
 +		XtVaSetValues(w, XtNstate, False, NULL);
 +	}
++	if (w || ev || params || num_params) {}
 +}
 +
 +void
@@ -19390,6 +19740,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.c vnc_unixsrc/vncvi
 +	} else {
 +		XtVaSetValues(w, XtNstate, False, NULL);
 +	}
++	if (w || ev || params || num_params) {}
 +}
 +
 +void
@@ -19400,9 +19751,10 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.c vnc_unixsrc/vncvi
 +	} else {
 +		XtVaSetValues(w, XtNstate, False, NULL);
 +	}
++	if (w || ev || params || num_params) {}
 +}
 +
-+static init_state(void) {
++static void init_state(void) {
 +	static int first = 1;
 +	if (first && appData.encodingsString) {
 +		char *t, *z, *y, *h;
@@ -19447,6 +19799,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.c vnc_unixsrc/vncvi
 +	} else {
 +		XtVaSetValues(w, XtNstate, False, NULL);
 +	}
++	if (w || ev || params || num_params) {}
 +}
 +
 +void
@@ -19458,6 +19811,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.c vnc_unixsrc/vncvi
 +	} else {
 +		XtVaSetValues(w, XtNstate, False, NULL);
 +	}
++	if (w || ev || params || num_params) {}
 +}
 +
 +void
@@ -19469,6 +19823,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.c vnc_unixsrc/vncvi
 +	} else {
 +		XtVaSetValues(w, XtNstate, False, NULL);
 +	}
++	if (w || ev || params || num_params) {}
 +}
 +
 +void
@@ -19479,6 +19834,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.c vnc_unixsrc/vncvi
 +	} else {
 +		XtVaSetValues(w, XtNstate, False, NULL);
 +	}
++	if (w || ev || params || num_params) {}
 +}
 +
 +void
@@ -19489,6 +19845,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.c vnc_unixsrc/vncvi
 +	} else {
 +		XtVaSetValues(w, XtNstate, False, NULL);
 +	}
++	if (w || ev || params || num_params) {}
 +}
 +
 +void
@@ -19499,6 +19856,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.c vnc_unixsrc/vncvi
 +	} else {
 +		XtVaSetValues(w, XtNstate, False, NULL);
 +	}
++	if (w || ev || params || num_params) {}
 +}
 +
 +void
@@ -19509,6 +19867,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.c vnc_unixsrc/vncvi
 +	} else {
 +		XtVaSetValues(w, XtNstate, True, NULL);
 +	}
++	if (w || ev || params || num_params) {}
 +}
 +
 +void
@@ -19519,6 +19878,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.c vnc_unixsrc/vncvi
 +	} else {
 +		XtVaSetValues(w, XtNstate, False, NULL);
 +	}
++	if (w || ev || params || num_params) {}
 +}
 +
 +void
@@ -19529,6 +19889,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.c vnc_unixsrc/vncvi
 +	} else {
 +		XtVaSetValues(w, XtNstate, False, NULL);
 +	}
++	if (w || ev || params || num_params) {}
 +}
 +
 +void
@@ -19539,6 +19900,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.c vnc_unixsrc/vncvi
 +	} else {
 +		XtVaSetValues(w, XtNstate, True, NULL);
 +	}
++	if (w || ev || params || num_params) {}
 +}
 +
 +void
@@ -19549,6 +19911,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.c vnc_unixsrc/vncvi
 +	} else {
 +		XtVaSetValues(w, XtNstate, True, NULL);
 +	}
++	if (w || ev || params || num_params) {}
 +}
 +
 +void
@@ -19559,6 +19922,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.c vnc_unixsrc/vncvi
 +	} else {
 +		XtVaSetValues(w, XtNstate, True, NULL);
 +	}
++	if (w || ev || params || num_params) {}
 +}
 +
 +void
@@ -19569,6 +19933,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.c vnc_unixsrc/vncvi
 +	} else {
 +		XtVaSetValues(w, XtNstate, False, NULL);
 +	}
++	if (w || ev || params || num_params) {}
 +}
 +
 +void
@@ -19579,6 +19944,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.c vnc_unixsrc/vncvi
 +	} else {
 +		XtVaSetValues(w, XtNstate, False, NULL);
 +	}
++	if (w || ev || params || num_params) {}
 +}
 +
 +void
@@ -19589,10 +19955,11 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.c vnc_unixsrc/vncvi
 +	} else {
 +		XtVaSetValues(w, XtNstate, False, NULL);
 +	}
++	if (w || ev || params || num_params) {}
  }
 diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.h vnc_unixsrc/vncviewer/vncviewer.h
 --- vnc_unixsrc.orig/vncviewer/vncviewer.h	2004-03-11 13:14:40.000000000 -0500
-+++ vnc_unixsrc/vncviewer/vncviewer.h	2009-11-28 00:45:15.000000000 -0500
++++ vnc_unixsrc/vncviewer/vncviewer.h	2010-02-25 21:53:14.000000000 -0500
 @@ -28,6 +28,7 @@
  #include <string.h>
  #include <sys/time.h>
@@ -19616,7 +19983,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.h vnc_unixsrc/vncvi
  
  #define FLASH_PORT_OFFSET 5400
  #define LISTEN_PORT_OFFSET 5500
-@@ -64,60 +71,126 @@
+@@ -64,60 +71,130 @@
  #define DEFAULT_VIA_CMD     \
    (DEFAULT_SSH_CMD " -f -L %L:%H:%R %G sleep 20")
  
@@ -19653,9 +20020,11 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.h vnc_unixsrc/vncvi
 -
 -  int rawDelay;
 -  int copyRectDelay;
++#if 0
 +static const char *subsampLevel2str[TVNC_SAMPOPT] = {
 +  "1X", "4X", "2X", "Gray"
 +};
++#endif
 +#ifdef TURBOVNC
 +#define rfbTightNoZlib 0x0A
 +#define rfbTurboVncVendor "TRBO"
@@ -19666,13 +20035,16 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.h vnc_unixsrc/vncvi
 +#define rfbJpegSubsamp2X           0xFFFFFD02
 +#define rfbJpegSubsampGray         0xFFFFFD03
 +#endif
++
++/* for debugging width, height, etc */
++#if 0
++#define XtVaSetValues printf("%s:%d\n", __FILE__, __LINE__); XtVaSetValues
++#endif
  
 -  Bool debug;
-+/* for debugging width, height, etc */
-+//#define XtVaSetValues printf("%s:%d\n", __FILE__, __LINE__); XtVaSetValues
  
 -  int popupButtonCount;
- 
+-
 -  int bumpScrollTime;
 -  int bumpScrollPixels;
 +/* argsresources.c */
@@ -19783,7 +20155,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.h vnc_unixsrc/vncvi
  extern int listenPort, flashPort;
  
  extern XrmOptionDescRec cmdLineOptions[];
-@@ -130,10 +203,11 @@
+@@ -130,10 +207,11 @@
  /* colour.c */
  
  extern unsigned long BGR233ToPixel[];
@@ -19796,7 +20168,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.h vnc_unixsrc/vncvi
  
  extern void SetVisualAndCmap();
  
-@@ -155,15 +229,60 @@
+@@ -155,15 +233,60 @@
  extern GC srcGC, dstGC;
  extern Dimension dpyWidth, dpyHeight;
  
@@ -19857,7 +20229,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.h vnc_unixsrc/vncvi
  extern void ServerDialogDone(Widget w, XEvent *event, String *params,
  			     Cardinal *num_params);
  extern char *DoServerDialog();
-@@ -171,6 +290,10 @@
+@@ -171,6 +294,10 @@
  			     Cardinal *num_params);
  extern char *DoPasswordDialog();
  
@@ -19868,7 +20240,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.h vnc_unixsrc/vncvi
  /* fullscreen.c */
  
  extern void ToggleFullScreen(Widget w, XEvent *event, String *params,
-@@ -181,6 +304,13 @@
+@@ -181,6 +308,13 @@
  extern void FullScreenOn();
  extern void FullScreenOff();
  
@@ -19882,7 +20254,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.h vnc_unixsrc/vncvi
  /* listen.c */
  
  extern void listenForIncomingConnections();
-@@ -196,6 +326,8 @@
+@@ -196,6 +330,8 @@
  		       Cardinal *num_params);
  extern void Quit(Widget w, XEvent *event, String *params,
  		 Cardinal *num_params);
@@ -19891,7 +20263,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.h vnc_unixsrc/vncvi
  extern void Cleanup();
  
  /* popup.c */
-@@ -207,6 +339,29 @@
+@@ -207,6 +343,29 @@
  		      Cardinal *num_params);
  extern void CreatePopup();
  
@@ -19921,7 +20293,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.h vnc_unixsrc/vncvi
  /* rfbproto.c */
  
  extern int rfbsock;
-@@ -229,8 +384,19 @@
+@@ -229,8 +388,19 @@
  extern Bool SendClientCutText(char *str, int len);
  extern Bool HandleRFBServerMessage();
  
@@ -19941,7 +20313,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.h vnc_unixsrc/vncvi
  /* selection.c */
  
  extern void InitialiseSelection();
-@@ -241,8 +407,10 @@
+@@ -241,8 +411,10 @@
  
  /* shm.c */
  
@@ -19953,7 +20325,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.h vnc_unixsrc/vncvi
  
  /* sockets.c */
  
-@@ -253,10 +421,15 @@
+@@ -253,10 +425,15 @@
  extern int FindFreeTcpPort(void);
  extern int ListenAtTcpPort(int port);
  extern int ConnectToTcpAddr(unsigned int host, int port);
@@ -19969,7 +20341,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.h vnc_unixsrc/vncvi
  extern Bool SameMachine(int sock);
  
  /* tunnel.c */
-@@ -271,3 +444,82 @@
+@@ -271,3 +448,82 @@
  extern XtAppContext appContext;
  extern Display* dpy;
  extern Widget toplevel;
@@ -20600,7 +20972,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.man vnc_unixsrc/vnc
 +Karl J. Runge <runge@karlrunge.com>
 diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/zrle.c vnc_unixsrc/vncviewer/zrle.c
 --- vnc_unixsrc.orig/vncviewer/zrle.c	2007-02-04 18:59:50.000000000 -0500
-+++ vnc_unixsrc/vncviewer/zrle.c	2009-11-19 23:34:28.000000000 -0500
++++ vnc_unixsrc/vncviewer/zrle.c	2010-02-25 23:24:28.000000000 -0500
 @@ -0,0 +1,620 @@
 +/*
 + *  Copyright (C) 2005 Johannes E. Schindelin.  All Rights Reserved.
@@ -21129,8 +21501,8 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/zrle.c vnc_unixsrc/vncviewer/
 +		}
 +
 +		zywrle_level &= 0x7F;
-+		// Reverse copy: screen to buf/ptmp:
-+		// make this CopyDataFromScreen() or something.
++		/* Reverse copy: screen to buf/ptmp: */
++		/* make this CopyDataFromScreen() or something. */
 +		if (!appData.useBGR565) {
 +			scrWidthInBytes = si.framebufferWidth * myFormat.bitsPerPixel / 8;
 +			if (scrWidthInBytes != im->bytes_per_line) scrWidthInBytes = im->bytes_per_line;
@@ -22868,7 +23240,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/zywrletemplate.c vnc_unixsrc/
 +#undef ZYWRLE_SAVE_PIXEL
 diff -Naur -X ./exclude vnc_unixsrc.orig/include/rfbproto.h vnc_unixsrc/include/rfbproto.h
 --- vnc_unixsrc.orig/include/rfbproto.h	2004-05-27 03:02:02.000000000 -0400
-+++ vnc_unixsrc/include/rfbproto.h	2008-12-07 09:35:32.000000000 -0500
++++ vnc_unixsrc/include/rfbproto.h	2010-02-25 21:54:58.000000000 -0500
 @@ -205,7 +205,22 @@
  #define rfbSecTypeInvalid 0
  #define rfbSecTypeNone 1
@@ -22896,7 +23268,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/include/rfbproto.h vnc_unixsrc/include/
  #define rfbBell 2
  #define rfbServerCutText 3
  
-+#define rfbResizeFrameBuffer 4 // Modif sf@2002
++#define rfbResizeFrameBuffer 4 /* Modif sf@2002 */
 +
 +/* http://sourceforge.net/projects/vncsessmgr */
 +#define rfbRestartConnection 82
@@ -22923,19 +23295,21 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/include/rfbproto.h vnc_unixsrc/include/
  #define rfbFileListRequest 130
  #define rfbFileDownloadRequest 131
  #define rfbFileUploadRequest 132
-@@ -435,6 +467,11 @@
+@@ -435,6 +467,13 @@
  #define rfbEncodingTight     7
  #define rfbEncodingZlibHex   8
  
 +#define rfbEncodingZRLE 16
-+// nyama/2006/08/02:new YUV-Wavlet lossy codec based on ZRLE (ZYWRLE)
++/*
++nyama/2006/08/02:new YUV-Wavlet lossy codec based on ZRLE (ZYWRLE)
++ */
 +#define rfbEncodingZYWRLE 17
 +
 +
  /* signatures for basic encoding types */
  #define sig_rfbEncodingRaw       "RAW_____"
  #define sig_rfbEncodingCopyRect  "COPYRECT"
-@@ -955,6 +992,51 @@
+@@ -955,6 +994,51 @@
  #define sz_rfbFileDownloadFailedMsg 4
  
  /*-----------------------------------------------------------------------------
@@ -22955,9 +23329,9 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/include/rfbproto.h vnc_unixsrc/include/
 +
 +typedef struct _rfbTextChatMsg {
 +    CARD8 type;                 /* always rfbTextChat */
-+    CARD8 pad1;         // Could be used later as an additionnal param
-+    CARD16 pad2;                // Could be used later as text offset, for instance
-+    CARD32 length;      // Specific values for Open, close, finished (-1, -2, -3)
++    CARD8 pad1;         /* Could be used later as an additionnal param */
++    CARD16 pad2;                /* Could be used later as text offset, for instance */
++    CARD32 length;      /* Specific values for Open, close, finished (-1, -2, -3) */
 +    /* followed by char text[length] */
 +} rfbTextChatMsg;
 +
@@ -22976,8 +23350,8 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/include/rfbproto.h vnc_unixsrc/include/
 +typedef struct _rfbResizeFrameBufferMsg {
 +    CARD8 type;                 /* always rfbResizeFrameBuffer */
 +        CARD8 pad1;
-+        CARD16 framebufferWidth;        // FrameBuffer width
-+        CARD16 framebufferHeight;       // FrameBuffer height
++        CARD16 framebufferWidth;        /* FrameBuffer width */
++        CARD16 framebufferHeight;       /* FrameBuffer height */
 +} rfbResizeFrameBufferMsg;
 +
 +#define sz_rfbResizeFrameBufferMsg 6
@@ -22987,7 +23361,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/include/rfbproto.h vnc_unixsrc/include/
   * Union of all server->client messages.
   */
  
-@@ -968,6 +1050,8 @@
+@@ -968,6 +1052,8 @@
      rfbFileDownloadDataMsg fdd;
      rfbFileUploadCancelMsg fuc;
      rfbFileDownloadFailedMsg fdf;
@@ -22996,7 +23370,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/include/rfbproto.h vnc_unixsrc/include/
  } rfbServerToClientMsg;
  
  
-@@ -1221,6 +1305,41 @@
+@@ -1221,6 +1307,41 @@
  
  #define sz_rfbFileCreateDirRequestMsg 4
  
@@ -23038,7 +23412,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/include/rfbproto.h vnc_unixsrc/include/
  /*-----------------------------------------------------------------------------
   * Union of all client->server messages.
   */
-@@ -1241,4 +1360,9 @@
+@@ -1241,4 +1362,9 @@
      rfbFileDownloadCancelMsg fdc;
      rfbFileUploadFailedMsg fuf;
      rfbFileCreateDirRequestMsg fcdr;
@@ -23063,10 +23437,33 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/include/vncauth.h vnc_unixsrc/include/v
  extern void vncEncryptBytes(unsigned char *bytes, char *passwd);
 +
 +extern void vncEncryptPasswd_MSLOGON(unsigned char *encryptedPasswd, char *passwd);
+diff -Naur -X ./exclude vnc_unixsrc.orig/libvncauth/d3des.c vnc_unixsrc/libvncauth/d3des.c
+--- vnc_unixsrc.orig/libvncauth/d3des.c	2000-06-11 08:00:53.000000000 -0400
++++ vnc_unixsrc/libvncauth/d3des.c	2010-02-25 21:49:02.000000000 -0500
+@@ -34,12 +34,15 @@
+ static void cookey(unsigned long *);
+ 
+ static unsigned long KnL[32] = { 0L };
++/* no londer used: */
++#if 0
+ static unsigned long KnR[32] = { 0L };
+ static unsigned long Kn3[32] = { 0L };
+ static unsigned char Df_Key[24] = {
+ 	0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,
+ 	0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10,
+ 	0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67 };
++#endif
+ 
+ static unsigned short bytebit[8]	= {
+ 	01, 02, 04, 010, 020, 040, 0100, 0200 };
 diff -Naur -X ./exclude vnc_unixsrc.orig/libvncauth/vncauth.c vnc_unixsrc/libvncauth/vncauth.c
 --- vnc_unixsrc.orig/libvncauth/vncauth.c	2003-03-01 11:48:06.000000000 -0500
-+++ vnc_unixsrc/libvncauth/vncauth.c	2009-04-12 22:28:08.000000000 -0400
-@@ -30,6 +30,7 @@
++++ vnc_unixsrc/libvncauth/vncauth.c	2010-02-25 21:47:25.000000000 -0500
+@@ -27,9 +27,11 @@
+ #include <sys/types.h>
+ #include <sys/stat.h>
+ #include <unistd.h>
++#include <time.h>
  #include <vncauth.h>
  #include <d3des.h>
  
@@ -23074,7 +23471,25 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/libvncauth/vncauth.c vnc_unixsrc/libvnc
  
  /*
   * Make sure we call srandom() only once.
-@@ -195,6 +196,44 @@
+@@ -45,6 +47,8 @@
+ 
+ static unsigned char s_fixedkey[8] = {23,82,107,6,35,78,88,7};
+ 
++int vncEncryptAndStorePasswd2(char *passwd, char *passwdViewOnly, char *fname);
++int vncDecryptPasswdFromFile2(char *fname, char *passwdFullControl, char *passwdViewOnly);
+ 
+ /*
+  * Encrypt a password and store it in a file.  Returns 0 if successful,
+@@ -73,7 +77,7 @@
+ vncEncryptAndStorePasswd2(char *passwd, char *passwdViewOnly, char *fname)
+ {
+     FILE *fp;
+-    int i, bytesToWrite, bytesWrote;
++    int bytesToWrite, bytesWrote;
+     unsigned char encryptedPasswd[16] = {
+ 	0,0,0,0,0,0,0,0,
+ 	0,0,0,0,0,0,0,0
+@@ -195,6 +199,44 @@
      return (i < 16) ? 1 : 2;
  }
  
@@ -23119,7 +23534,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/libvncauth/vncauth.c vnc_unixsrc/libvnc
  
  /*
   * Generate CHALLENGESIZE random bytes for use in challenge-response
-@@ -207,11 +246,13 @@
+@@ -207,11 +249,13 @@
      int i;
      unsigned int seed;
  
@@ -23138,7 +23553,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/libvncauth/vncauth.c vnc_unixsrc/libvnc
  
      for (i = 0; i < CHALLENGESIZE; i++) {
  	bytes[i] = (unsigned char)(random() & 255);    
-@@ -245,3 +286,48 @@
+@@ -245,3 +289,48 @@
  	des(bytes+i, bytes+i);
      }
  }
diff --git a/x11vnc/misc/inet6to4 b/x11vnc/misc/inet6to4
index b5c2fd1..0067a99 100755
--- a/x11vnc/misc/inet6to4
+++ b/x11vnc/misc/inet6to4
@@ -14,9 +14,10 @@
 # clients that need to connect to ipv6 servers.)  Reversing is the default
 # if this script is named 'inet4to6' (e.g. by a symlink.)
 #
-# Use Ctrl-C to stop this program.
+# Use Ctrl-C to stop this program.  You can also supply '-c n' as the
+# first option to only handle that many connections.
 #
-# You can also set env. vars INET6TO4_LOOP=1 or INET6TO4_LOOP=BG
+# Also set the env. vars INET6TO4_LOOP=1 or INET6TO4_LOOP=BG
 # to have an outer loop restarting this program (BG means do that
 # in the background), and INET6TO4_LOGFILE for a log file.
 # Also set INET6TO4_VERBOSE to verbosity level and INET6TO4_WAITTIME
@@ -42,12 +43,14 @@
 # or see <http://www.gnu.org/licenses/>.
 #-------------------------------------------------------------------------
 
+my $program = "inet6to4";
+
 # Set up logging:
 #
 if (exists $ENV{INET6TO4_LOGFILE}) {
 	close STDOUT;
 	if (!open(STDOUT, ">>$ENV{INET6TO4_LOGFILE}")) {
-	        die "inet6to4: $ENV{INET6TO4_LOGFILE} $!\n";
+	        die "$program: $ENV{INET6TO4_LOGFILE} $!\n";
 	}
 	close STDERR;
 	open(STDERR, ">&STDOUT");
@@ -98,14 +101,14 @@ sub open_pidfile {
 if (exists $ENV{INET6TO4_LOOP}) {
 	my $csl = $ENV{INET6TO4_LOOP};
 	if ($csl ne 'BG' && $csl ne '1') {
-		die "inet6to4: invalid INET6TO4_LOOP.\n";
+		die "$program: invalid INET6TO4_LOOP.\n";
 	}
 	if ($csl eq 'BG') {
 		# go into bg as "daemon":
 		setpgrp(0, 0);
 		my $pid = fork();
 		if (! defined $pid) {
-			die "inet6to4: $!\n";
+			die "$program: $!\n";
 		} elsif ($pid) {
 			wait;
 			exit 0;
@@ -126,7 +129,7 @@ if (exists $ENV{INET6TO4_LOOP}) {
 		open_pidfile();
 	}
 
-	print STDERR "inet6to4: starting service at ", scalar(localtime), " master-pid=$$\n";
+	print STDERR "$program: starting service at ", scalar(localtime), " master-pid=$$\n";
 	while (1) {
 		$looppid = fork;
 		if (! defined $looppid) {
@@ -137,7 +140,7 @@ if (exists $ENV{INET6TO4_LOOP}) {
 			exec $0, @ARGV;	
 			exit 1;
 		}
-		print STDERR "inet6to4: re-starting service at ", scalar(localtime), " master-pid=$$\n";
+		print STDERR "$program: re-starting service at ", scalar(localtime), " master-pid=$$\n";
 		sleep 1;
 	}
 	exit 0;
@@ -177,6 +180,12 @@ if (! @ARGV || $ARGV[0] =~ '^-+h') {	# -help
 	exit;
 }
 
+my $cmax = 0;
+if ($ARGV[0] eq '-c') {			# -c
+	shift;
+	$cmax = shift;
+}
+
 if ($ARGV[0] eq '-r') {			# -r
 	shift;
 	$reverse = 1;
@@ -203,24 +212,30 @@ setpgrp(0, 0);
 
 # create listening socket:
 #
+my %opts;
+$opts{Listen}    = 10;
+$opts{Proto}     = "tcp";
+$opts{ReuseAddr} = 1;
+if ($listen_port =~ /^(.*):(\d+)$/) {
+	$opts{LocalAddr} = $1;
+	$listen_port = $2;
+}
+$opts{LocalPort} = $listen_port;
+
 if (!$reverse) {
-	$listen_sock = IO::Socket::INET6->new(
-		Listen    => 10,
-		LocalPort => $listen_port,
-		Domain    => AF_INET6,
-		ReuseAddr => 1,
-		Proto     => "tcp"
-	);
+	# force ipv6 interface:
+	$opts{Domain} = AF_INET6;
+	$listen_sock = IO::Socket::INET6->new(%opts);
 } else {
-	$listen_sock = IO::Socket::INET->new(
-		Listen    => 10,
-		LocalPort => $listen_port,
-		ReuseAddr => 1,
-		Proto     => "tcp"
-	);
+	$listen_sock = IO::Socket::INET->new(%opts);
+	if (! $listen_sock && $! =~ /invalid/i) {
+		warn "$program: $!, retrying with AF_UNSPEC:\n";
+		$opts{Domain} = AF_UNSPEC;
+		$listen_sock = IO::Socket::INET6->new(%opts);
+	}
 }
 if (! $listen_sock) {
-	die "inet6to4: $!\n";
+	die "$program: $!\n";
 }
 
 # for use by the xfer helper processes' interrupt handlers:
@@ -236,6 +251,10 @@ my $conn = 0;
 #
 while (1) {
 	$conn++;
+	if ($cmax > 0 && $conn > $cmax) {
+		print STDERR "last connection ($cmax)\n" if $verbose; 
+		last;
+	}
 	print STDERR "listening for connection: $conn\n" if $verbose; 
 	my ($client, $ip) = $listen_sock->accept();
 
@@ -259,7 +278,7 @@ while (1) {
 	#
 	my $pid = fork();
 	if (! defined $pid) {
-		die "inet6to4: $!\n";
+		die "$program: $!\n";
 	} elsif ($pid) {
 		wait;
 		# to throttle runaways
@@ -286,24 +305,25 @@ sub handle_conn {
 	print STDERR "connecting to: $host:$port\n" if $verbose;
 
 	my $sock = '';
+	my %opts;
+	$opts{PeerAddr} = $host;
+	$opts{PeerPort} = $port;
+	$opts{Proto}    = "tcp";
 	if (!$reverse) {
-		$sock = IO::Socket::INET->new(
-			PeerAddr => $host,
-			PeerPort => $port,
-			Proto => "tcp"
-		);
+		$sock = IO::Socket::INET->new(%opts);
 	} else {
-		$sock = IO::Socket::INET6->new(
-			PeerAddr => $host,
-			PeerPort => $port,
-			Domain   => AF_INET6,
-			Proto => "tcp"
-		);
+		$opts{Domain} = AF_INET6;
+		$sock = IO::Socket::INET6->new(%opts);
+	}
+	if (! $sock) {
+		warn "$program: $!, retrying with AF_UNSPEC:\n";
+		$opts{Domain} = AF_UNSPEC;
+		$sock = IO::Socket::INET6->new(%opts);
 	}
 
 	if (! $sock) {
 		close $client;
-		die "inet6to4: $!\n";
+		die "$program: $!\n";
 	}
 
 	$current_fh1 = $client;
@@ -359,10 +379,10 @@ sub xfer {
 		my $len = sysread($in, $buf, 8192);
 		if (! defined($len)) {
 			next if $! =~ /^Interrupted/;
-			print STDERR "inet6to4\[$lab/$conn/$$]: $!\n";
+			print STDERR "$program\[$lab/$conn/$$]: $!\n";
 			last;
 		} elsif ($len == 0) {
-			print STDERR "inet6to4\[$lab/$conn/$$]: "
+			print STDERR "$program\[$lab/$conn/$$]: "
 			    . "Input is EOF.\n";
 			last;
 		}
@@ -378,7 +398,7 @@ sub xfer {
 		while ($len) {
 			my $written = syswrite($out, $buf, $len, $offset);
 			if (! defined $written) {
-				print STDERR "inet6to4\[$lab/$conn/$$]: "
+				print STDERR "$program\[$lab/$conn/$$]: "
 				    . "Output is EOF. $!\n";
 				$quit = 1;
 				last;