x11vnc: -sleepin m-n for random sleep. More mktemp and mkstemp

protections. SSL_INIT_TIMEOUT=n env. var.  Fix macosx console
X call bug.  Synchronize other projects sources.

26 files changed, 2032 insertions, 1389 deletions

diff --git a/classes/ssl/SignedUltraViewerSSL.jar b/classes/ssl/SignedUltraViewerSSL.jar
index 33d35a6..d7d3405 100644
--- a/classes/ssl/SignedUltraViewerSSL.jar
+++ b/classes/ssl/SignedUltraViewerSSL.jar
diff --git a/classes/ssl/SignedVncViewer.jar b/classes/ssl/SignedVncViewer.jar
index bdb2d8f..d1cb6db 100644
--- a/classes/ssl/SignedVncViewer.jar
+++ b/classes/ssl/SignedVncViewer.jar
diff --git a/classes/ssl/UltraViewerSSL.jar b/classes/ssl/UltraViewerSSL.jar
index b31d41a..6081788 100644
--- a/classes/ssl/UltraViewerSSL.jar
+++ b/classes/ssl/UltraViewerSSL.jar
diff --git a/classes/ssl/VncViewer.jar b/classes/ssl/VncViewer.jar
index 599fc17..e070806 100644
--- a/classes/ssl/VncViewer.jar
+++ b/classes/ssl/VncViewer.jar
diff --git a/classes/ssl/ss_vncviewer b/classes/ssl/ss_vncviewer
index d12f5ce..9b456b2 100755
--- a/classes/ssl/ss_vncviewer
+++ b/classes/ssl/ss_vncviewer
@@ -39,7 +39,8 @@
 #         and then a 2nd CONNECT to the destination VNC server.)
 #
 #         Use socks://host:port, socks4://host:port, or socks5://host,port
-#         to force usage of a SOCKS proxy.  Also repeater://host:port.
+#         to force usage of a SOCKS proxy.  Also repeater://host:port and
+#         sslrepeater://host:port.
 #
 # -showcert  Only fetch the certificate using the 'openssl s_client'
 #            command (openssl(1) must in installed).
@@ -284,6 +285,19 @@ fi
 orig="$1"
 shift
 
+# set up special case of ultravnc single click III mode:
+if echo "$proxy" | egrep "^sslrepeater://" > /dev/null; then
+	pstr=`echo "$proxy" | sed -e 's,sslrepeater://,,'`
+	pstr1=`echo "$pstr" | sed -e 's/+.*$//'`
+	pstr2=`echo "$pstr" | sed -e 's/^[^+]*+//'`
+	SSVNC_REPEATER="SCIII=$pstr2"; export SSVNC_REPEATER
+	orig=$pstr1
+	echo
+	echo "reset: SSVNC_REPEATER=$SSVNC_REPEATER orig=$orig proxy=''"
+	proxy=""
+fi
+
+
 # check -ssh and -mycert/-verify conflict:
 if [ "X$use_ssh" = "X1" -a "X$use_sshssl" = "X" ]; then
 	if [ "X$mycert" != "X" -o "X$verify" != "X" ]; then
@@ -322,6 +336,14 @@ elif echo "$orig" | grep '^vnc+ssh://' > /dev/null; then
 	use_ssh=1
 fi
 
+if [ "X$SSVNC_ULTRA_DSM" != "X" ]; then
+        verify=""
+        mycert=""
+        use_ssh=""
+        use_sshssl=""
+        direct_connect=1
+fi
+
 # (possibly) tell the vncviewer to only listen on lo: 
 if [ "X$reverse" != "X" -a "X$direct_connect" = "X" ]; then
 	VNCVIEWER_LISTEN_LOCALHOST=1
@@ -472,6 +494,14 @@ final() {
 		kill -KILL "$stunnel_pid" 2>/dev/null
 		stunnel_pid=""
 	fi
+	if [ "X$dsm_pid" != "X" ]; then
+		echo "Terminating background ultravnc_dsm_helper process"
+		echo kill -TERM "$dsm_pid"
+		kill -TERM "$dsm_pid" 2>/dev/null
+		sleep 1
+		kill -KILL "$dsm_pid" 2>/dev/null
+		stunnel_pid=""
+	fi
 	if [ "X$tail_pid" != "X" ]; then
 		kill -TERM $tail_pid
 	fi
@@ -517,6 +547,19 @@ fi
 # a portable, but not absolutely safe, tmp file creator
 mytmp() {
 	tf=$1
+	if type mktemp > /dev/null 2>&1; then
+		# if we have mktemp(1), use it:
+		tf2="$tf.XXXXXX"
+		tf2=`mktemp "$tf2"`
+		if [ "X$tf2" != "X" -a -f "$tf2" ]; then
+			if [ "X$DEBUG_MKTEMP" != "X" ]; then
+				echo "mytmp-mktemp: $tf2" 1>&2
+			fi
+			echo "$tf2"
+			return
+		fi
+	fi
+	# fallback to multiple cmds:
 	rm -rf "$tf" || exit 1
 	if [ -d "$tf" ]; then
 		echo "tmp file $tf still exists as a directory."
@@ -531,6 +574,10 @@ mytmp() {
 	touch "$tf" || exit 1
 	chmod 600 "$tf" || exit 1
 	rchk
+	if [ "X$DEBUG_MKTEMP" != "X" ]; then
+		echo "mytmp-touch: $tf" 1>&2
+	fi
+	echo "$tf"
 }
 
 # trick for the undocumented rsh://host:port method.
@@ -1099,8 +1146,8 @@ Kecho sproxy1_host=$sproxy1_host
 Kecho sproxy1_port=$sproxy1_port
 Kecho sproxy1_user=$sproxy1_user
 
-		ptmp="/tmp/ss_vncviewer${RANDOM}.$$.pl"
-		mytmp "$ptmp"
+		ptmp="/tmp/ss_vncviewer_ssh${RANDOM}.$$.pl"
+		ptmp=`mytmp "$ptmp"`
 		PPROXY_REMOVE=1; export PPROXY_REMOVE
 		proxy=$pproxy
 		port_save=$port
@@ -1241,8 +1288,8 @@ Kecho proxy=$proxy
 		rc=$?
 
 	elif [ "X$getport" != "X" ]; then
-		tport=/tmp/tport${RANDOM}.$$
-		mytmp $tport
+		tport=/tmp/ss_vncviewer_tport${RANDOM}.$$
+		tport=`mytmp "$tport"`
 
 		if [ "X$rsh" != "X1" ]; then
 			if echo "$ssh_cmd" | grep -w sudo > /dev/null; then
@@ -1441,7 +1488,7 @@ fi
 ptmp=""
 if [ "X$proxy" != "X" ]; then
 	ptmp="/tmp/ss_vncviewer${RANDOM}.$$.pl"
-	mytmp "$ptmp"
+	ptmp=`mytmp "$ptmp"`
 	PPROXY_REMOVE=1; export PPROXY_REMOVE
 	pcode "$ptmp"
 	if [ "X$showcert" != "X1" -a "X$direct_connect" = "X" ]; then
@@ -1484,7 +1531,14 @@ if [ "X$showcert" = "X1" ]; then
 fi
 
 if [ "X$direct_connect" != "X" ]; then
-	if [ "X$getport" = "X" ]; then
+	if [ "X$SSVNC_ULTRA_DSM" != "X" ]; then
+		SSVNC_NO_ENC_WARN=1
+		echo ""
+		echo "Using UltraVNC DSM Plugin key for encryption:"
+		echo ""
+		echo "  $SSVNC_ULTRA_DSM PORT HOST:PORT"
+		echo ""
+	elif [ "X$getport" = "X" ]; then
 		echo ""
 		echo "Running viewer for direct connection:"
 		echo ""
@@ -1508,9 +1562,22 @@ if [ "X$direct_connect" != "X" ]; then
 	fi
 	echo ""
 	if [ "X$ptmp" != "X" ]; then
-		PPROXY_LISTEN=$use
-		export PPROXY_LISTEN
+		if [ "X$reverse" = "X" ]; then
+			PPROXY_LISTEN=$use
+			export PPROXY_LISTEN
+		else
+			PPROXY_REVERSE="localhost:$use"
+			export PPROXY_REVERSE
+			pps=3
+			if [ "X$SSVNC_EXTRA_SLEEP" != "X" ]; then
+				pps=`expr $pps + $SSVNC_EXTRA_SLEEP`
+			fi
+			PPROXY_SLEEP=$pps; export PPROXY_SLEEP;
+			PPROXY_KILLPID=+1; export PPROXY_KILLPID;
+		fi
+
 		$ptmp &
+
 		if [ "X$reverse" = "X" ]; then
 			#sleep 2
 			#echo T sleep 1
@@ -1518,29 +1585,52 @@ if [ "X$direct_connect" != "X" ]; then
 		fi
 		host="localhost"
 		disp="$N"
+		port=`expr $disp + 5900`
 	fi
 	if [ "X$SSVNC_EXTRA_SLEEP" != "X" ]; then
 		echo "T sleep $SSVNC_EXTRA_SLEEP"
 		sleep $SSVNC_EXTRA_SLEEP
 	fi
 	if [ "X$reverse" = "X" ]; then
-		echo "$VNCVIEWERCMD" "$@" $host:$disp
+		hostdisp="$host:$disp"
+		if [ "X$SSVNC_ULTRA_DSM" != "X" ]; then
+			hostdisp="exec=$SSVNC_ULTRA_DSM 0 $host:$port"
+		fi
+		echo "$VNCVIEWERCMD" "$@" "$hostdisp"
 		trap "final" 0 2 15
 		echo ""
-		$VNCVIEWERCMD "$@" $host:$disp
+		$VNCVIEWERCMD "$@" "$hostdisp"
 		if [ $? != 0 ]; then
 			echo "vncviewer command failed: $?"
 			if [ "X$secondtry" = "X1" ]; then
 				sleep 2
-				$VNCVIEWERCMD "$@" $host:$disp
+				$VNCVIEWERCMD "$@" "$hostdisp"
 			fi
 		fi
 	else
 		echo ""
 		echo "NOTE: Press Ctrl-C to terminate viewer LISTEN mode."
 		echo ""
-		echo "$VNCVIEWERCMD" "$@" -listen $disp
 		trap "final" 0 2 15
+		if [ "X$SSVNC_ULTRA_DSM" != "X" ]; then
+			echo "NOTE: The ultravnc_dsm_helper only runs once.  So after the first LISTEN"
+			echo "      ends, you will have to Press Ctrl-C and restart for a new connection."
+			echo ""
+			dport=`expr 5500 + $disp`
+			cmd="$SSVNC_ULTRA_DSM $dport localhost:$use"
+			echo "Running:"
+			echo
+			echo "$cmd &"
+			echo
+			$cmd &
+			dsm_pid=$!
+			sleep 2
+			disp=$use
+			if [ $disp -ge 5500 ]; then
+				disp=`expr $disp - 5500`
+			fi
+		fi
+		echo "$VNCVIEWERCMD" "$@" -listen $disp
 		echo ""
 		$VNCVIEWERCMD "$@" -listen $disp
 	fi
@@ -1548,12 +1638,13 @@ if [ "X$direct_connect" != "X" ]; then
 fi
 
 tmp_cfg=/tmp/ss_vncviewer${RANDOM}.$$
-mytmp "$tmp_cfg"
+tmp_cfg=`mytmp "$tmp_cfg"`
 
 # make_tcert is no longer invoked via the ssvnc gui (Listen mode).
 # make_tcert is for testing only now via -mycert BUILTIN
 make_tcert() {
-	tcert="/tmp/tcert${RANDOM}.$$"
+	tcert="/tmp/ss_vnc_viewer_tcert${RANDOM}.$$"
+	tcert=`mytmp "$tcert"`
 	cat > $tcert <<END
 -----BEGIN RSA PRIVATE KEY-----
 MIIEowIBAAKCAQEAvkfXxb0wcxgrjV2ziFikjII+ze8iKcTBt47L0GM/c21efelN
@@ -1617,7 +1708,7 @@ fi
 
 if [ "X$reverse" = "X" ]; then
 
-	if echo "$proxy" | grep repeater:// > /dev/null; then
+	if echo "$proxy" | grep "^repeater://" > /dev/null; then
 		if [ "X$cert" = "XBUILTIN" ]; then
 			ttcert=`make_tcert`
 			cert="cert = $ttcert"
diff --git a/classes/ssl/ultravnc-102-JavaViewer-ssl-etc.patch b/classes/ssl/ultravnc-102-JavaViewer-ssl-etc.patch
index c463916..b2ba9c5 100644
--- a/classes/ssl/ultravnc-102-JavaViewer-ssl-etc.patch
+++ b/classes/ssl/ultravnc-102-JavaViewer-ssl-etc.patch
@@ -121,7 +121,7 @@ diff -Naur JavaViewer.orig/ButtonPanel.java JavaViewer/ButtonPanel.java
  }
 diff -Naur JavaViewer.orig/FTPFrame.java JavaViewer/FTPFrame.java
 --- JavaViewer.orig/FTPFrame.java	2005-03-15 23:53:14.000000000 -0500
-+++ JavaViewer/FTPFrame.java	2008-08-31 14:46:16.000000000 -0400
++++ JavaViewer/FTPFrame.java	2008-09-07 21:12:11.000000000 -0400
 @@ -24,8 +24,13 @@
  import java.io.*;
  import java.util.ArrayList;
@@ -283,11 +283,11 @@ diff -Naur JavaViewer.orig/FTPFrame.java JavaViewer/FTPFrame.java
 +				}
 +			}
 +		} else {
-+			if (C_drive > 0) {
++			if (C_drive >= 0) {
 +				remoteDrivesComboBox.setSelectedIndex(C_drive);
  				bFound = true;
 +System.out.println("ComboBox: C_drive index: " + C_drive);
-+			} else if (O_drive > 0) {
++			} else if (O_drive >= 0) {
 +				remoteDrivesComboBox.setSelectedIndex(O_drive);
 +				bFound = true;
 +System.out.println("ComboBox: Other_drive index: " + O_drive);
@@ -1593,7 +1593,7 @@ diff -Naur JavaViewer.orig/OptionsFrame.java JavaViewer/OptionsFrame.java
      choices[shareDesktopIndex].select("Yes");
 diff -Naur JavaViewer.orig/RfbProto.java JavaViewer/RfbProto.java
 --- JavaViewer.orig/RfbProto.java	2006-05-24 15:14:40.000000000 -0400
-+++ JavaViewer/RfbProto.java	2008-09-06 21:36:14.000000000 -0400
++++ JavaViewer/RfbProto.java	2008-09-14 10:50:33.000000000 -0400
 @@ -31,6 +31,7 @@
  import java.net.Socket;
  import java.util.*;
@@ -1738,7 +1738,7 @@ diff -Naur JavaViewer.orig/RfbProto.java JavaViewer/RfbProto.java
  		if (contentParam == rfbADrivesList)
  		{
  			readFTPMsgDriveList();
-@@ -688,11 +737,11 @@
+@@ -688,21 +737,31 @@
  
  	// Internally used. Write an Rfb message to the server
  	void writeRfbFileTransferMsg(
@@ -1755,7 +1755,16 @@ diff -Naur JavaViewer.orig/RfbProto.java JavaViewer/RfbProto.java
  	{
  		byte b[] = new byte[12];
  
-@@ -702,7 +751,10 @@
++		if (viewer.dsmActive) {
++			// need to send the rfbFileTransfer msg type twice for the plugin...
++			byte b2[] = new byte[1];
++			b2[0] = (byte) rfbFileTransfer;
++			os.write(b2);
++		}
++
+ 		b[0] = (byte) rfbFileTransfer;
+ 		b[1] = (byte) contentType;
+ 		b[2] = (byte) contentParam;
  
  		byte by = 0;
  		long c = 0;
@@ -1767,7 +1776,7 @@ diff -Naur JavaViewer.orig/RfbProto.java JavaViewer/RfbProto.java
  		c = size & 0xFF000000;
  		by = (byte) (c >>> 24);
  		b[4] = by;
-@@ -729,6 +781,8 @@
+@@ -729,6 +788,8 @@
  		by = (byte) c;
  		b[11] = by;
  		os.write(b);
@@ -1776,7 +1785,7 @@ diff -Naur JavaViewer.orig/RfbProto.java JavaViewer/RfbProto.java
  		
  
  		if (text != null)
-@@ -746,12 +800,12 @@
+@@ -746,12 +807,12 @@
  
  	//Internally used. Write an rfb message to the server for sending files ONLY 
  	int writeRfbFileTransferMsgForSendFile(
@@ -1795,7 +1804,7 @@ diff -Naur JavaViewer.orig/RfbProto.java JavaViewer/RfbProto.java
  	{
  		File f = new File(source);
  		fis = new FileInputStream(f);
-@@ -768,50 +822,47 @@
+@@ -768,50 +829,47 @@
  	
  		while (bytesRead!=-1)
  		{
@@ -1887,7 +1896,7 @@ diff -Naur JavaViewer.orig/RfbProto.java JavaViewer/RfbProto.java
  		}
  		
  		writeRfbFileTransferMsg(fError ? rfbAbortFileTransfer : rfbEndOfFile, 0, 0, 0, null);
-@@ -831,24 +882,30 @@
+@@ -831,24 +889,30 @@
  			{
  				System.out.print((char) is.readUnsignedByte());
  			}
@@ -1926,7 +1935,7 @@ diff -Naur JavaViewer.orig/RfbProto.java JavaViewer/RfbProto.java
  			}
  			viewer.ftp.historyComboBox.setSelectedIndex(0);
  			viewer.ftp.enableButtons();
-@@ -907,7 +964,7 @@
+@@ -907,7 +971,7 @@
  	//Handles acknowledgement that the file has been deleted on the server
  	void deleteRemoteFileFeedback() throws IOException
  	{
@@ -1935,7 +1944,7 @@ diff -Naur JavaViewer.orig/RfbProto.java JavaViewer/RfbProto.java
  		int length = is.readInt();
  		String f = "";
  		for (int i = 0; i < length; i++)
-@@ -916,7 +973,11 @@
+@@ -916,7 +980,11 @@
  		}
  		
  		viewer.ftp.refreshRemoteLocation();	
@@ -1948,7 +1957,7 @@ diff -Naur JavaViewer.orig/RfbProto.java JavaViewer/RfbProto.java
  		viewer.ftp.historyComboBox.setSelectedIndex(0);
  	}
  
-@@ -926,12 +987,7 @@
+@@ -926,12 +994,7 @@
  		try
  		{
  			String temp = text;
@@ -1962,7 +1971,7 @@ diff -Naur JavaViewer.orig/RfbProto.java JavaViewer/RfbProto.java
  		}
  		catch (IOException e)
  		{
-@@ -943,7 +999,7 @@
+@@ -943,7 +1006,7 @@
  	// Handles acknowledgement that the directory has been created on the server
  	void createRemoteDirectoryFeedback() throws IOException
  	{
@@ -1971,7 +1980,7 @@ diff -Naur JavaViewer.orig/RfbProto.java JavaViewer/RfbProto.java
  		int length = is.readInt();
  		String f="";
  		for (int i = 0; i < length; i++)
-@@ -951,7 +1007,11 @@
+@@ -951,7 +1014,11 @@
  			f += (char)is.readUnsignedByte();
  		}
  		viewer.ftp.refreshRemoteLocation();	
@@ -1984,7 +1993,7 @@ diff -Naur JavaViewer.orig/RfbProto.java JavaViewer/RfbProto.java
  		viewer.ftp.historyComboBox.setSelectedIndex(0);
  	}
  
-@@ -961,12 +1021,7 @@
+@@ -961,12 +1028,7 @@
  		try
  		{
  			String temp = text;
@@ -1998,7 +2007,7 @@ diff -Naur JavaViewer.orig/RfbProto.java JavaViewer/RfbProto.java
  		}
  		catch (IOException e)
  		{
-@@ -979,15 +1034,13 @@
+@@ -979,15 +1041,13 @@
  	{
  		try
  		{
@@ -2018,7 +2027,7 @@ diff -Naur JavaViewer.orig/RfbProto.java JavaViewer/RfbProto.java
  		}
  		catch (IOException e)
  		{
-@@ -1004,6 +1057,9 @@
+@@ -1004,6 +1064,9 @@
  		viewer.ftp.disableButtons();
  		int size = is.readInt();
  		int length = is.readInt();
@@ -2028,7 +2037,7 @@ diff -Naur JavaViewer.orig/RfbProto.java JavaViewer/RfbProto.java
  		
  		String tempName = "";
  		for (int i = 0; i < length; i++)
-@@ -1011,6 +1067,15 @@
+@@ -1011,6 +1074,15 @@
  			tempName += (char) is.readUnsignedByte();
  		}
  
@@ -2044,7 +2053,7 @@ diff -Naur JavaViewer.orig/RfbProto.java JavaViewer/RfbProto.java
  		// sf@2004 - Read the high part of file size (not yet in rfbFileTransferMsg for 
  		// backward compatibility reasons...)
  		int sizeH = is.readInt();
-@@ -1021,7 +1086,16 @@
+@@ -1021,7 +1093,16 @@
  		fileSize=0;
  		fileChunkCounter = 0;
  		String fileName = receivePath;
@@ -2062,7 +2071,7 @@ diff -Naur JavaViewer.orig/RfbProto.java JavaViewer/RfbProto.java
  		writeRfbFileTransferMsg(rfbFileHeader, 0, 0, 0, null);
  	}
  
-@@ -1085,7 +1159,13 @@
+@@ -1085,7 +1166,13 @@
  			fAbort = false;
  			fFileReceptionError = true;
  			writeRfbFileTransferMsg(rfbAbortFileTransfer, 0, 0, 0, null);
@@ -2077,7 +2086,7 @@ diff -Naur JavaViewer.orig/RfbProto.java JavaViewer/RfbProto.java
  		}
  		// sf@2004 - For old FT protocole only
  		/*
-@@ -1104,7 +1184,7 @@
+@@ -1104,7 +1191,7 @@
  		int length = is.readInt();
  		fileSize=0;
  		fos.close();
@@ -2086,7 +2095,7 @@ diff -Naur JavaViewer.orig/RfbProto.java JavaViewer/RfbProto.java
  		viewer.ftp.refreshLocalLocation();
  		if (fReceptionOk && !fFileReceptionError)
  		{
-@@ -1132,12 +1212,7 @@
+@@ -1132,12 +1219,7 @@
  		try
  		{
  			String temp = text;
@@ -2100,7 +2109,7 @@ diff -Naur JavaViewer.orig/RfbProto.java JavaViewer/RfbProto.java
  		}
  		catch (IOException e)
  		{
-@@ -1197,11 +1272,80 @@
+@@ -1197,11 +1279,80 @@
  					str += temp;
  				}
  			}
@@ -2181,7 +2190,7 @@ diff -Naur JavaViewer.orig/RfbProto.java JavaViewer/RfbProto.java
  	//Internally used to receive directory content from server
  	//Here, the server sends one file/directory with it's attributes
  	void readFTPMsgDirectoryListContent() throws IOException
-@@ -1217,17 +1361,25 @@
+@@ -1217,17 +1368,25 @@
  			dwReserved0,
  			dwReserved1;
  		long ftCreationTime, ftLastAccessTime, ftLastWriteTime;
@@ -2210,7 +2219,7 @@ diff -Naur JavaViewer.orig/RfbProto.java JavaViewer/RfbProto.java
  		length -= 8;
  		nFileSizeHigh = is.readInt();
  		length -= 4;
-@@ -1253,7 +1405,9 @@
+@@ -1253,7 +1412,9 @@
  			cAlternateFileName = (char) is.readUnsignedByte();
  			length--;
  		}
@@ -2221,7 +2230,7 @@ diff -Naur JavaViewer.orig/RfbProto.java JavaViewer/RfbProto.java
  			|| dwFileAttributes == 369098752
  			|| dwFileAttributes == 285212672 
  			|| dwFileAttributes == 271056896
-@@ -1263,11 +1417,74 @@
+@@ -1263,11 +1424,74 @@
  			|| dwFileAttributes == 369623040)
  		{
  			fileName = " [" + fileName + "]";
@@ -2301,7 +2310,7 @@ diff -Naur JavaViewer.orig/RfbProto.java JavaViewer/RfbProto.java
  		}
  	
  		// a.add(fileName);
-@@ -1282,14 +1499,31 @@
+@@ -1282,14 +1506,31 @@
  
  		// sf@2004
  		a.clear();
@@ -2336,7 +2345,7 @@ diff -Naur JavaViewer.orig/RfbProto.java JavaViewer/RfbProto.java
  	}
  
  	//Internally used to signify the drive requested is not ready
-@@ -1299,6 +1533,8 @@
+@@ -1299,6 +1540,8 @@
  		System.out.println("Remote Drive unavailable");
  		viewer.ftp.connectionStatus.setText(" > WARNING - Remote Drive unavailable (possibly restricted access or media not present)");
  		viewer.ftp.remoteStatus.setText("WARNING: Remote Drive unavailable");
@@ -2345,7 +2354,7 @@ diff -Naur JavaViewer.orig/RfbProto.java JavaViewer/RfbProto.java
  	}
  
  	//Call this method to request the list of drives on the server.
-@@ -1306,12 +1542,11 @@
+@@ -1306,12 +1549,11 @@
  	{
  		try
  		{
@@ -2363,7 +2372,7 @@ diff -Naur JavaViewer.orig/RfbProto.java JavaViewer/RfbProto.java
  		}
  		catch (IOException e)
  		{
-@@ -1355,21 +1590,21 @@
+@@ -1355,21 +1597,21 @@
  		int h,
  		boolean incremental)
  		throws IOException {
@@ -3983,7 +3992,7 @@ diff -Naur JavaViewer.orig/VncCanvas.java JavaViewer/VncCanvas.java
  						result = 0; // Transparent pixel
 diff -Naur JavaViewer.orig/VncViewer.java JavaViewer/VncViewer.java
 --- JavaViewer.orig/VncViewer.java	2006-05-24 15:14:40.000000000 -0400
-+++ JavaViewer/VncViewer.java	2008-08-27 10:46:27.000000000 -0400
++++ JavaViewer/VncViewer.java	2008-09-14 10:36:37.000000000 -0400
 @@ -80,11 +80,11 @@
    GridBagLayout gridbag;
    ButtonPanel buttonPanel;
@@ -4007,7 +4016,7 @@ diff -Naur JavaViewer.orig/VncViewer.java JavaViewer/VncViewer.java
    String passwordParam;
    String encPasswordParam;
    boolean showControls;
-@@ -115,28 +115,66 @@
+@@ -115,28 +115,67 @@
    int i;
    // mslogon support 2 end
  
@@ -4027,6 +4036,7 @@ diff -Naur JavaViewer.orig/VncViewer.java JavaViewer/VncViewer.java
 +boolean delayAuthPanel;
 +boolean ftpOnly;
 +boolean graftFtp;
++boolean dsmActive;
 +
 +boolean gotAuth;
 +int authGot;
@@ -4080,7 +4090,7 @@ diff -Naur JavaViewer.orig/VncViewer.java JavaViewer/VncViewer.java
      // authenticator = new AuthPanel(false);   // mslogon support : go to connectAndAuthenticate()
      if (RecordingFrame.checkSecurity())
        rec = new RecordingFrame(this);
-@@ -147,10 +185,11 @@
+@@ -147,10 +186,11 @@
      cursorUpdatesDef = null;
      eightBitColorsDef = null;
  
@@ -4094,7 +4104,7 @@ diff -Naur JavaViewer.orig/VncViewer.java JavaViewer/VncViewer.java
      rfbThread = new Thread(this);
      rfbThread.start();
    }
-@@ -186,6 +225,30 @@
+@@ -186,6 +226,30 @@
        gbc.weightx = 1.0;
        gbc.weighty = 1.0;
  
@@ -4125,7 +4135,7 @@ diff -Naur JavaViewer.orig/VncViewer.java JavaViewer/VncViewer.java
  	// Add ScrollPanel to applet mode
  
  	// Create a panel which itself is resizeable and can hold
-@@ -286,6 +349,24 @@
+@@ -286,6 +350,24 @@
  
    void connectAndAuthenticate() throws Exception {
  
@@ -4150,7 +4160,7 @@ diff -Naur JavaViewer.orig/VncViewer.java JavaViewer/VncViewer.java
      // If "ENCPASSWORD" parameter is set, decrypt the password into
      // the passwordParam string.
  
-@@ -336,7 +417,22 @@
+@@ -336,7 +418,22 @@
      //
  
      
@@ -4174,7 +4184,7 @@ diff -Naur JavaViewer.orig/VncViewer.java JavaViewer/VncViewer.java
  
      authenticator = new AuthPanel(mslogon);
      
-@@ -390,6 +486,10 @@
+@@ -390,6 +487,10 @@
  	break;
        //mslogon support end
  
@@ -4185,7 +4195,7 @@ diff -Naur JavaViewer.orig/VncViewer.java JavaViewer/VncViewer.java
        // Retry on authentication failure.
        authenticator.retry();
      }
-@@ -405,9 +505,11 @@
+@@ -405,9 +506,11 @@
  
    void prologueDetectAuthProtocol() throws Exception {
  
@@ -4199,7 +4209,7 @@ diff -Naur JavaViewer.orig/VncViewer.java JavaViewer/VncViewer.java
  
      System.out.println("RFB server supports protocol version " +
  		       rfb.serverMajor + "." + rfb.serverMinor);
-@@ -431,16 +533,36 @@
+@@ -431,16 +534,36 @@
  
    boolean tryAuthenticate(String us, String pw) throws Exception {
      
@@ -4242,7 +4252,7 @@ diff -Naur JavaViewer.orig/VncViewer.java JavaViewer/VncViewer.java
  
      switch (authScheme) {
  
-@@ -629,6 +751,10 @@
+@@ -629,6 +752,10 @@
  
    void doProtocolInitialisation() throws IOException {
  
@@ -4253,7 +4263,7 @@ diff -Naur JavaViewer.orig/VncViewer.java JavaViewer/VncViewer.java
      rfb.writeClientInit();
  
      rfb.readServerInit();
-@@ -775,8 +901,25 @@
+@@ -775,8 +902,25 @@
        }
      }
  
@@ -4281,7 +4291,7 @@ diff -Naur JavaViewer.orig/VncViewer.java JavaViewer/VncViewer.java
  
      if (inAnApplet) {
        str = readParameter("Open New Window", false);
-@@ -804,6 +947,90 @@
+@@ -804,6 +948,95 @@
      deferScreenUpdates = readIntParameter("Defer screen updates", 20);
      deferCursorUpdates = readIntParameter("Defer cursor updates", 10);
      deferUpdateRequests = readIntParameter("Defer update requests", 50);
@@ -4363,6 +4373,11 @@ diff -Naur JavaViewer.orig/VncViewer.java JavaViewer/VncViewer.java
 +    if (str != null && str.equalsIgnoreCase("Yes")) {
 +	graftFtp = true;
 +    }
++    dsmActive = false;
++    str = readParameter("dsmActive", false);
++    if (str != null && str.equalsIgnoreCase("Yes")) {
++	dsmActive = true;
++    }
 +    delayAuthPanel = false;
 +    str = readParameter("delayAuthPanel", false);
 +    if (str != null && str.equalsIgnoreCase("Yes")) {
diff --git a/x11vnc/ChangeLog b/x11vnc/ChangeLog
index 2581442..ca77aea 100644
--- a/x11vnc/ChangeLog
+++ b/x11vnc/ChangeLog
@@ -1,3 +1,8 @@
+2008-09-14  Karl Runge <runge@karlrunge.com>
+	* x11vnc: -sleepin m-n for random sleep. More mktemp and mkstemp
+	  protections. SSL_INIT_TIMEOUT=n env. var.  Fix macosx console
+	  X call bug.  Synchronize other projects sources.
+
 2008-09-06  Karl Runge <runge@karlrunge.com>
 	* x11vnc: kill gui_pid on exit in -connect/-connect_or_exit mode.
 	  -grablocal n experiment (not compiled by default).  -macuskbd
diff --git a/x11vnc/README b/x11vnc/README
index 5fdba0c..dbbf5d0 100644
--- a/x11vnc/README
+++ b/x11vnc/README
@@ -1,5 +1,5 @@
 
-x11vnc README file                         Date: Sat Sep  6 21:54:38 EDT 2008
+x11vnc README file                         Date: Sun Sep 14 15:20:38 EDT 2008
 
 The following information is taken from these URLs:
 
@@ -6044,6 +6044,11 @@ EndSection
    [780]-debug_keyboard option prints out much info for every keystroke
    and so can be useful debugging things.
 
+   Note that one user had a strange setup and none of the above helped.
+   His solution was to disable all of the above and use [781]-nomodtweak.
+   This is the simplest form of keystroke insertion and it actually
+   solved the problem. Try it if the other options don't help.
+
 
    Q-84: When I try to type a "<" (i.e. less than) instead I get ">"
    (i.e. greater than)! Strangely, typing ">" works OK!!
@@ -6053,9 +6058,9 @@ EndSection
    (e.g. pc105 in the XF86Config file when it should be something else,
    say pc104).
 
-   Short Cut: Try the [781]-xkb or [782]-sloppy_keys options and see if
+   Short Cut: Try the [782]-xkb or [783]-sloppy_keys options and see if
    that helps the situation. The discussion below is a bit outdated (e.g.
-   [783]-modtweak is now the default) but it is useful reference for
+   [784]-modtweak is now the default) but it is useful reference for
    various tricks and so is kept.
 
 
@@ -6098,17 +6103,17 @@ EndSection
    -remap less-comma
 
    These are convenient in that they do not modify the actual X server
-   settings. The former ([784]-modtweak) is a mode that monitors the
+   settings. The former ([785]-modtweak) is a mode that monitors the
    state of the Shift and AltGr modifiers and tries to deduce the correct
    keycode sequence to send. Since Jul/2004 -modtweak is now the default.
-   The latter ([785]-remap less-comma) is an immediate remapping of the
+   The latter ([786]-remap less-comma) is an immediate remapping of the
    keysym less to the keysym comma when it comes in from a client (so
    when Shift is down the comma press will yield "<").
 
-   See also the [786]FAQ about the -xkb option as a possible workaround
+   See also the [787]FAQ about the -xkb option as a possible workaround
    using the XKEYBOARD extension.
 
-   Note that the [787]-debug_keyboard option prints out much info for
+   Note that the [788]-debug_keyboard option prints out much info for
    every keystroke to aid debugging keyboard problems.
 
 
@@ -6116,7 +6121,7 @@ EndSection
    less than) instead I get "<," (i.e. an extra comma).
 
    This is likely because you press "Shift" then "<" but then released
-   the Shift key before releasing the "<". Because of a [788]keymapping
+   the Shift key before releasing the "<". Because of a [789]keymapping
    ambiguity the last event "< up" is interpreted as "," because that key
    unshifted is the comma.
 
@@ -6124,9 +6129,9 @@ EndSection
    characters: in general it can happen whenever the Shift key is
    released early.
 
-   This should not happen in [789]-xkb mode, because it works hard to
+   This should not happen in [790]-xkb mode, because it works hard to
    resolve the ambiguities. If you do not want to use -xkb, try the
-   option [790]-sloppy_keys to attempt a similar type of algorithm.
+   option [791]-sloppy_keys to attempt a similar type of algorithm.
 
    One user had this problem for Italian and German keyboards with the
    key containing ":" and "." When he typed ":" he would get an extra "."
@@ -6154,7 +6159,7 @@ EndSection
    In both cases no AltGr is sent to the VNC server, but we know AltGr is
    needed on the physical international keyboard to type a "@".
 
-   This all worked fine with x11vnc running with the [791]-modtweak
+   This all worked fine with x11vnc running with the [792]-modtweak
    option (it figures out how to adjust the Modifier keys (Shift or
    AltGr) to get the "@"). However it fails under recent versions of
    XFree86 (and the X.org fork). These run the XKEYBOARD extension by
@@ -6171,7 +6176,7 @@ EndSection
      * there is a new option -xkb to use the XKEYBOARD extension API to
        do the Modifier key tweaking.
 
-   The [792]-xkb option seems to fix all of the missing keys: "@", "<",
+   The [793]-xkb option seems to fix all of the missing keys: "@", "<",
    ">", etc.: it is recommended that you try it if you have this sort of
    problem. Let us know if there are any remaining problems (see the next
    paragraph for some known problems). If you specify the -debug_keyboard
@@ -6179,7 +6184,7 @@ EndSection
    debugging output (send it along with any problems you report).
 
    Update: as of Jun/2005 x11vnc will try to automatically enable
-   [793]-xkb if it appears that would be beneficial (e.g. if it sees any
+   [794]-xkb if it appears that would be beneficial (e.g. if it sees any
    of "@", "<", ">", "[" and similar keys are mapped in a way that needs
    the -xkb to access them). To disable this automatic check use -noxkb.
 
@@ -6194,7 +6199,7 @@ EndSection
        was attached to keycode 93 (no physical key generates this
        keycode) while ISO_Level3_Shift was attached to keycode 113. The
        keycode skipping option was used to disable the ghost key:
-       [794]-skip_keycodes 93
+       [795]-skip_keycodes 93
      * In implementing -xkb we noticed that some characters were still
        not getting through, e.g. "~" and "^". This is not really an
        XKEYBOARD problem. What was happening was the VNC viewer was
@@ -6212,16 +6217,16 @@ EndSection
        What to do? In general the VNC protocol has not really solved this
        problem: what should be done if the VNC viewer sends a keysym not
        recognized by the VNC server side? Workarounds can possibly be
-       created using the [795]-remap x11vnc option:
+       created using the [796]-remap x11vnc option:
   -remap asciitilde-dead_tilde,asciicircum-dead_circumflex
        etc. Use -remap filename if the list is long. Please send us your
        workarounds for this problem on your keyboard. Perhaps we can have
        x11vnc adjust automatically at some point. Also see the
-       [796]-add_keysyms option in the next paragraph.
-       Update: for convenience "[797]-remap DEAD" does many of these
+       [797]-add_keysyms option in the next paragraph.
+       Update: for convenience "[798]-remap DEAD" does many of these
        mappings at once.
-     * To complement the above workaround using the [798]-remap, an
-       option [799]-add_keysyms was added. This option instructs x11vnc
+     * To complement the above workaround using the [799]-remap, an
+       option [800]-add_keysyms was added. This option instructs x11vnc
        to bind any unknown Keysyms coming in from VNC viewers to unused
        Keycodes in the X server. This modifies the global state of the X
        server. When x11vnc exits it removes the extra keymappings it
@@ -6240,7 +6245,7 @@ EndSection
 
    Short answer: disable key autorepeating by running the command "xset r
    off" on the Xserver where x11vnc is run (restore via "xset r on") or
-   use the new (Jul/2004) [800]-norepeat x11vnc option. You will still
+   use the new (Jul/2004) [801]-norepeat x11vnc option. You will still
    have autorepeating because that is taken care of on your VNC viewer
    side.
 
@@ -6264,7 +6269,7 @@ EndSection
    off", does the problem go away?
 
    The workaround is to manually apply "xset r off" and "xset r on" as
-   needed, or to use the [801]-norepeat (which has since Dec/2004 been
+   needed, or to use the [802]-norepeat (which has since Dec/2004 been
    made the default). Note that with X server autorepeat turned off the
    VNC viewer side of the connection will (nearly always) do its own
    autorepeating so there is no big loss here, unless someone is also
@@ -6275,7 +6280,7 @@ EndSection
    keystrokes!!
 
    Are you using x11vnc to log in to an X session via display manager?
-   (as described in [802]this FAQ) If so, x11vnc is starting before your
+   (as described in [803]this FAQ) If so, x11vnc is starting before your
    session and it disables autorepeat when you connect, but then after
    you log in your session startup (GNOME, KDE, ...) could be resetting
    the autorepeat to be on. Or it could be something inside your desktop
@@ -6323,11 +6328,11 @@ EndSection
    pressed one. You need to do this for both the left and right Shift,
    Alt, Control, etc. keys to be sure.
 
-   You can also use the [803]-clear_mods option to try to clear all of
+   You can also use the [804]-clear_mods option to try to clear all of
    the modifier keys at x11vnc startup. You will still have to be careful
    that you do not leave the modifier key pressed down during your
    session. It is difficult to prevent this problem from occurring (short
-   of using [804]-remap to prevent sending all of the problem modifier
+   of using [805]-remap to prevent sending all of the problem modifier
    keys, which would make the destkop pretty unusable).
 
    During a session these x11vnc remote control commands can also help:
@@ -6340,16 +6345,16 @@ EndSection
    Num_Lock down. When these are locked on the remote side it can
    sometimes lead to strange desktop behavior (e.g. cannot drag or click
    on windows). As above you may not notice this because the lock isn't
-   down on the local (Viewer) side. See [805]this FAQ on lock keys
-   problem. These options may help avoid the problem: [806]-skip_lockkeys
-   and [807]-capslock. See also [808]-clear_all.
+   down on the local (Viewer) side. See [806]this FAQ on lock keys
+   problem. These options may help avoid the problem: [807]-skip_lockkeys
+   and [808]-capslock. See also [809]-clear_all.
 
 
    Q-90: The machine where I run x11vnc has an AltGr key, but the local
    machine where I run the VNC viewer does not. Is there a way I can map
    a local unused key to send an AltGr? How about a Compose key as well?
 
-   Something like "[809]-remap Super_R-Mode_switch" x11vnc option may
+   Something like "[810]-remap Super_R-Mode_switch" x11vnc option may
    work. Note that Super_R is the "Right Windoze(tm) Flaggie" key; you
    may want to choose another. The -debug_keyboard option comes in handy
    in finding keysym names (so does xev(1)).
@@ -6372,7 +6377,7 @@ EndSection
 
    Since xmodmap(1) modifies the X server mappings you may not want to do
    this (because it affects local work on that machine). Something like
-   the [810]-remap Alt_L-Meta_L to x11vnc may be sufficient for ones
+   the [811]-remap Alt_L-Meta_L to x11vnc may be sufficient for ones
    needs, and does not modify the X server environment. Note that you
    cannot send Alt_L in this case, maybe -remap Super_L-Meta_L would be a
    better choice if the Super_L key is typically unused in Unix.
@@ -6392,7 +6397,7 @@ EndSection
    and similar triple mappings (with two in the AltGr/Mode_switch group)
    of a keysum to a single keycode.
 
-   Use the [811]-nomodtweak option as a workaround. You can also use
+   Use the [812]-nomodtweak option as a workaround. You can also use
    xmodmap to correct these mappings in the server, e.g.:
   xmodmap -e "keycode 47 = 3 numbersign"
 
@@ -6406,7 +6411,7 @@ EndSection
 
    This can be done directly in some X servers using AccessX and
    Pointer_EnableKeys, but is a bit awkward. It may be more convenient to
-   have x11vnc do the remapping. This can be done via the [812]-remap
+   have x11vnc do the remapping. This can be done via the [813]-remap
    option using the fake "keysyms" Button1, Button2, etc. as the "to"
    keys (i.e. the ones after the "-")
 
@@ -6415,7 +6420,7 @@ EndSection
    button "paste" because (using XFree86/Xorg Emulate3Buttons) you have
    to click both buttons on the touch pad at the same time. This
    remapping:
-  [813]-remap Super_R-Button2
+  [814]-remap Super_R-Button2
 
    maps the Super_R "flag" key press to the Button2 click, thereby making
    X pasting a bit easier.
@@ -6434,13 +6439,13 @@ EndSection
    Caps_Lock in the viewer your local machine goes into the Caps_Lock on
    state and sends keysym "A" say when you press "a". x11vnc will then
    fake things up so that Shift is held down to generate "A". The
-   [814]-skip_lockkeys option should help to accomplish this. For finer
-   grain control use something like: "[815]-remap Caps_Lock-None".
+   [815]-skip_lockkeys option should help to accomplish this. For finer
+   grain control use something like: "[816]-remap Caps_Lock-None".
 
-   Also try the [816]-nomodtweak and [817]-capslock options.
+   Also try the [817]-nomodtweak and [818]-capslock options.
 
    Another useful option that turns off any Lock keys on the remote side
-   at startup and end is the [818]-clear_all option. During a session you
+   at startup and end is the [819]-clear_all option. During a session you
    can run these remote control commands to modify the Lock keys:
    x11vnc -R clear_locks
    x11vnc -R clear_all
@@ -6469,7 +6474,7 @@ EndSection
    There may also be scaling viewers out there (e.g. TightVNC or UltraVNC
    on Windows) that automatically shrink or expand the remote framebuffer
    to fit the local display. Especially for hand-held devices. See also
-   [819]the next FAQ on x11vnc scaling.
+   [820]the next FAQ on x11vnc scaling.
 
 
    Q-96: Does x11vnc support server-side framebuffer scaling? (E.g. to
@@ -6477,7 +6482,7 @@ EndSection
 
    As of Jun/2004 x11vnc provides basic server-side scaling. It is a
    global scaling of the desktop, not a per-client setting. To enable it
-   use the "[820]-scale fraction" option. "fraction" can either be a
+   use the "[821]-scale fraction" option. "fraction" can either be a
    floating point number (e.g. -scale 0.5) or the alternative m/n
    fraction notation (e.g. -scale 3/4). Note that if fraction is greater
    than one the display is magnified.
@@ -6502,7 +6507,7 @@ EndSection
 
    One can also use the ":nb" with an integer scale factor (say "-scale
    2:nb") to use x11vnc as a screen magnifier for vision impaired
-   [821]applications. Since with integer scale factors the framebuffers
+   [822]applications. Since with integer scale factors the framebuffers
    become huge and scaling operations time consuming, be sure to use
    ":nb" for the fastest response.
 
@@ -6528,7 +6533,7 @@ EndSection
    If one desires per-client scaling for something like 1:1 from a
    workstation and 1:2 from a smaller device (e.g. handheld), currently
    the only option is to run two (or more) x11vnc processes with
-   different scalings listening on separate ports ([822]-rfbport option,
+   different scalings listening on separate ports ([823]-rfbport option,
    etc.).
 
    Update: As of May/2006 x11vnc also supports the UltraVNC server-side
@@ -6538,8 +6543,8 @@ EndSection
    "-rfbversion 3.6" for this to be recognized by UltraVNC viewers.
 
    BTW, whenever you run two or more x11vnc's on the same X display and
-   use the [823]GUI, then to avoid all of the x11vnc's simultaneously
-   answering the gui you will need to use something like [824]"-connect
+   use the [824]GUI, then to avoid all of the x11vnc's simultaneously
+   answering the gui you will need to use something like [825]"-connect
    file1 -gui ..." with different connect files for each x11vnc you want
    to control via the gui (or remote-control). The "-connect file1" usage
    gives separate communication channels between a x11vnc process and the
@@ -6548,7 +6553,7 @@ EndSection
 
    Update: As of Mar/2005 x11vnc now scales the mouse cursor with the
    same scale factor as the screen. If you don't want that, use the
-   [825]"-scale_cursor frac" option to set the cursor scaling to a
+   [826]"-scale_cursor frac" option to set the cursor scaling to a
    different factor (e.g. use "-scale_cursor 1" to keep the cursor at its
    natural unscaled size).
 
@@ -6576,21 +6581,21 @@ EndSection
    screen is not rectangular (e.g. 1280x1024 and 1024x768 monitors joined
    together), then there will be "non-existent" areas on the screen. The
    X server will return "garbage" image data for these areas and so they
-   may be distracting to the viewer. The [826]-blackout x11vnc option
+   may be distracting to the viewer. The [827]-blackout x11vnc option
    allows you to blacken-out rectangles by manually specifying their
    WxH+X+Y geometries. If your system has the libXinerama library, the
-   [827]-xinerama x11vnc option can be used to have it automatically
+   [828]-xinerama x11vnc option can be used to have it automatically
    determine the rectangles to be blackened out. (Note on 8bpp
    PseudoColor displays the fill color may not be black). Update:
-   [828]-xinerama is now on by default.
+   [829]-xinerama is now on by default.
 
    Some users have reported that the mouse does not behave properly for
    their Xinerama display: i.e. the mouse cannot be moved to all regions
-   of the large display. If this happens try using the [829]-xwarppointer
+   of the large display. If this happens try using the [830]-xwarppointer
    option. This instructs x11vnc to fake mouse pointer motions using the
    XWarpPointer function instead of the XTestFakeMotionEvent XTEST
    function. (This may be due to a bug in the X server for XTEST when
-   Xinerama is enabled). Update: As of Dec/2006 [830]-xwarppointer will
+   Xinerama is enabled). Update: As of Dec/2006 [831]-xwarppointer will
    be applied automatically if Xinerama is detected. To disable use:
    -noxwarppointer
 
@@ -6613,23 +6618,23 @@ EndSection
    Note: if you are running on Solaris 8 or earlier you can easily hit up
    against the maximum of 6 shm segments per process (for Xsun in this
    case) from running multiple x11vnc processes. You should modify
-   /etc/system as mentioned in another [831]FAQ to increase the limit. It
-   is probably also a good idea to run with the [832]-onetile option in
+   /etc/system as mentioned in another [832]FAQ to increase the limit. It
+   is probably also a good idea to run with the [833]-onetile option in
    this case (to limit each x11vnc to 3 shm segments), or even
-   [833]-noshm to use no shm segments.
+   [834]-noshm to use no shm segments.
 
 
    Q-99: Can x11vnc show only a portion of the display? (E.g. for a
    special purpose application or a very large screen).
 
-   As of Mar/2005 x11vnc has the "[834]-clip WxH+X+Y" option to select a
+   As of Mar/2005 x11vnc has the "[835]-clip WxH+X+Y" option to select a
    rectangle of width W, height H and offset (X, Y). Thus the VNC screen
    will be the clipped sub-region of the display and be only WxH in size.
-   One user used -clip to split up a large [835]Xinerama screen into two
+   One user used -clip to split up a large [836]Xinerama screen into two
    more managable smaller screens.
 
    This also works to view a sub-region of a single application window if
-   the [836]-id or [837]-sid options are used. The offset is measured
+   the [837]-id or [838]-sid options are used. The offset is measured
    from the upper left corner of the selected window.
 
 
@@ -6638,7 +6643,7 @@ EndSection
    just seems to crash.
 
    As of Dec/2004 x11vnc supports XRANDR. You enable it with the
-   [838]-xrandr option to make x11vnc monitor XRANDR events and also trap
+   [839]-xrandr option to make x11vnc monitor XRANDR events and also trap
    X server errors if the screen change occurred in the middle of an X
    call like XGetImage. Once it traps the screen change it will create a
    new framebuffer using the new screen.
@@ -6648,9 +6653,9 @@ EndSection
    then the viewer will automatically resize. Otherwise, the new
    framebuffer is fit as best as possible into the original viewer size
    (portions of the screen may be clipped, unused, etc). For these
-   viewers you can try the [839]-padgeom option to make the region big
+   viewers you can try the [840]-padgeom option to make the region big
    enough to hold all resizes and rotations. We have fixed this problem
-   for the TightVNC Viewer on Unix: [840]SSVNC
+   for the TightVNC Viewer on Unix: [841]SSVNC
 
    If you specify "-xrandr newfbsize" then vnc viewers that do not
    support NewFBSize will be disconnected before the resize. If you
@@ -6662,7 +6667,7 @@ EndSection
    reflect the screen that the VNC viewers see? (e.g. for a handheld
    whose screen is rotated 90 degrees).
 
-   As of Jul/2006 there is the [841]-rotate option allow this. E.g's:
+   As of Jul/2006 there is the [842]-rotate option allow this. E.g's:
    "-rotate +90", "-rotate -90", "-rotate x", etc.
 
 
@@ -6727,13 +6732,13 @@ EndSection
 
    This may be a bug in kdesktop_lock. For now the only workaround is to
    disable the screensaver. You can try using another one such as
-   straight xscreensaver (see the instructions [842]here for how to
+   straight xscreensaver (see the instructions [843]here for how to
    disable kdesktop_lock). If you have more info on this or see it
    outside of KDE please let us know.
 
    Update: It appears this is due to kdesktop_lock enabling the screen
    saver when the Monitor is in DPMS low-power state (e.g. standby,
-   suspend, or off). In Nov/2006 the x11vnc [843]-nodpms option was added
+   suspend, or off). In Nov/2006 the x11vnc [844]-nodpms option was added
    as a workaround. Normally it is a good thing that the monitor powers
    down (since x11vnc can still poll the framebuffer in this state), but
    if you experience the kdesktop_lock problem you can specify the
@@ -6749,16 +6754,16 @@ EndSection
 
    This appears to be because the 3D OpenGL/GLX hardware screen updates
    do not get reported via the XDAMAGE mechanism. So this is a bug in
-   [844]beryl or XDAMAGE/Xorg or the (possibly 3rd party) video card
+   [845]beryl or XDAMAGE/Xorg or the (possibly 3rd party) video card
    driver.
 
-   As a workaround apply the [845]-noxdamage option. As of Feb/2007
+   As a workaround apply the [846]-noxdamage option. As of Feb/2007
    x11vnc will try to autodetect the problem and disable XDAMAGE if is
    appears to be missing a lot of updates. But if you know you are using
-   beryl you might as well always supply -noxdamage. Thanks to [846]this
+   beryl you might as well always supply -noxdamage. Thanks to [847]this
    user who reported the problem and discovered the workaround.
 
-   A developer for [847]MiniMyth reports that the 'alphapulse' tag of the
+   A developer for [848]MiniMyth reports that the 'alphapulse' tag of the
    theme G.A.N.T. can also cause problems, and should be avoided when
    using VNC.
 
@@ -6778,9 +6783,9 @@ EndSection
      * Fullscreen mode
 
    The way VMWare does Fullscreen mode on Linux is to display the Guest
-   desktop in a separate Virtual Console (e.g. VC 8) (see [848]this FAQ
+   desktop in a separate Virtual Console (e.g. VC 8) (see [849]this FAQ
    on VC's for background). Unfortunately, this Fullscreen VC is not an X
-   server. So x11vnc cannot access it (however, [849]see this discussion
+   server. So x11vnc cannot access it (however, [850]see this discussion
    of -rawfb for a possible workaround). x11vnc works fine with "Normal X
    application window" and "Quick-Switch mode" because these use X.
 
@@ -6801,13 +6806,13 @@ EndSection
    improve response. One can also cut the display depth (e.g. to 16bpp)
    in this 2nd X session to improve video performance. This 2nd X session
    emulates Fullscreen mode to some degree and can be viewed via x11vnc
-   as long as the VMWare X session [850]is in the active VC.
+   as long as the VMWare X session [851]is in the active VC.
 
    Also note that with a little bit of playing with "xwininfo -all
    -children" output one can extract the (non-toplevel) window-id of the
    of the Guest desktop only when VMWare is running as a normal X
    application. Then one can export just the guest desktop (i.e. without
-   the VMWare menu buttons) by use of the [851]-id windowid option. The
+   the VMWare menu buttons) by use of the [852]-id windowid option. The
    caveats are the X session VMWare is in must be in the active VC and
    the window must be fully visible, so this mode is not terribly
    convenient, but could be useful in some circumstances (e.g. running
@@ -6823,10 +6828,10 @@ EndSection
    controlled) via VNC with x11vnc?
 
    As of Apr/2005 there is support for this. Two options were added:
-   "[852]-rawfb string" (to indicate the raw frame buffer device, file,
-   etc. and its parameters) and "[853]-pipeinput command" (to provide an
+   "[853]-rawfb string" (to indicate the raw frame buffer device, file,
+   etc. and its parameters) and "[854]-pipeinput command" (to provide an
    external program that will inject or otherwise process mouse and
-   keystroke input). Some useful [854]-pipeinput schemes, VID, CONSOLE,
+   keystroke input). Some useful [855]-pipeinput schemes, VID, CONSOLE,
    and UINPUT, have since been built into x11vnc for convenience.
 
    This non-X mode for x11vnc is somewhat experimental because it is so
@@ -6864,9 +6869,9 @@ EndSection
    access method). Only use file if map isn't working. BTW, "mmap" is an
    alias for "map" and if you do not supply a type and the file exists,
    map is assumed (see the -help output and below for some exceptions to
-   this). The "snap:" setting applies the [855]-snapfb option with
+   this). The "snap:" setting applies the [856]-snapfb option with
    "file:" type reading (this is useful for exporting webcams or TV tuner
-   video; see [856]the next FAQ for more info).
+   video; see [857]the next FAQ for more info).
 
    Also, if the string is of the form "setup:cmd" then cmd is run and the
    first line of its output retrieved and used as the rawfb string. This
@@ -6910,7 +6915,7 @@ EndSection
    screen to either shm or a mapped file. The format of these is XWD and
    so the initial header should be skipped. BTW, since XWD is not
    strictly RGB the view will only be approximate, but usable. Of course
-   for the case of Xvfb x11vnc can poll it much better via the [857]X
+   for the case of Xvfb x11vnc can poll it much better via the [858]X
    API, but you get the idea.
 
    By default in -rawfb mode x11vnc will actually close any X display it
@@ -6939,13 +6944,13 @@ EndSection
    tty1-tty6), or X graphical display (usually starting at tty7). In
    addition to the text console other graphical ones may be viewed and
    interacted with as well, e.g. DirectFB or SVGAlib apps, VMWare non-X
-   fullscreen, or [858]Qt-embedded apps (PDAs/Handhelds). By default the
+   fullscreen, or [859]Qt-embedded apps (PDAs/Handhelds). By default the
    pipeinput mechanisms UINPUT and CONSOLE (keystrokes only) are
    automatically attempted in this mode under "-rawfb console".
 
    The Video4Linux Capture device, /dev/video0, etc is either a Webcam or
    a TV capture device and needs to have its driver enabled in the
-   kernel. See [859]this FAQ for details. If specified via "-rawfb Video"
+   kernel. See [860]this FAQ for details. If specified via "-rawfb Video"
    then the pipeinput method "VID" is applied (it lets you change video
    parameters dynamically via keystrokes).
 
@@ -6953,10 +6958,10 @@ EndSection
    also useful in testing.
 
 
-   All of the above [860]-rawfb options are just for viewing the raw
+   All of the above [861]-rawfb options are just for viewing the raw
    framebuffer (although some of the aliases do imply keystroke and mouse
    pipeinput methods). That may be enough for certain applications of
-   this feature (e.g. suppose a [861]video camera mapped its framebuffer
+   this feature (e.g. suppose a [862]video camera mapped its framebuffer
    into memory and you just wanted to look at it via VNC).
    To handle the pointer and keyboard input from the viewer users the
    "-pipeinput cmd" option was added to indicate a helper program to
@@ -6994,7 +6999,7 @@ EndSection
    keystrokes into the Linux console (e.g. the virtual consoles:
    /dev/tty1, /dev/tty2, etc) in x11vnc/misc/vcinject.pl. It is based on
    the vncterm/LinuxVNC.c program also in the libvncserver CVS. So to
-   view and interact with VC #2 (assuming it is the [862]active VC) one
+   view and interact with VC #2 (assuming it is the [863]active VC) one
    can run something like:
   x11vnc -rawfb map:/dev/fb0@1024x768x16 -pipeinput './vcinject.pl 2'
 
@@ -7049,7 +7054,7 @@ EndSection
    better to use the more accurate and faster LinuxVNC program. The
    advantage x11vnc -rawfb might have is that it can allow interaction
    with a non-text application, e.g. one based on SVGAlib or
-   [863]Qt-embedded Also, for example the [864]VMWare Fullscreen mode is
+   [864]Qt-embedded Also, for example the [865]VMWare Fullscreen mode is
    actually viewable under -rawfb and can be interacted with if uinput is
    enabled.
 
@@ -7069,9 +7074,9 @@ EndSection
    Q-109: Can I export via VNC a Webcam or TV tuner framebuffer using
    x11vnc?
 
-   Yes, this is possible to some degree with the [865]-rawfb option.
+   Yes, this is possible to some degree with the [866]-rawfb option.
    There is no X11 involved: snapshots from the video capture device are
-   used for the screen image data. See the [866]previous FAQ on -rawfb
+   used for the screen image data. See the [867]previous FAQ on -rawfb
    for background. For best results, use x11vnc version 0.8.1 or later.
 
    Roughly, one would do something like this:
@@ -7083,7 +7088,7 @@ EndSection
    snapshot to a file that you point -rawfb to; ask me if it is not clear
    what to do).
 
-   The "snap:" enforces [867]-snapfb mode which appears to be necessary.
+   The "snap:" enforces [868]-snapfb mode which appears to be necessary.
    The read pointer for video capture devices cannot be repositioned
    (which would be needed for scanline polling), but you can read a full
    frame of data from the device.
@@ -7105,7 +7110,7 @@ EndSection
 
    Many video4linux drivers tend to set the framebuffer to be 24bpp (as
    opposed to 32bpp). Since this can cause problems with VNC viewers,
-   etc, the [868]-24to32 option will be automatically imposed when in
+   etc, the [869]-24to32 option will be automatically imposed when in
    24bpp.
 
    Note that by its very nature, video capture involves rapid change in
@@ -7113,7 +7118,7 @@ EndSection
    wavering in brightness is always happening. This can lead to much
    network bandwidth consumption for the VNC traffic and also local CPU
    and I/O resource usage. You may want to experiment with "dialing down"
-   the framerate via the [869]-wait, [870]-slow_fb, or [871]-defer
+   the framerate via the [870]-wait, [871]-slow_fb, or [872]-defer
    options. Decreasing the window size and bpp also helps.
 
 
@@ -7202,7 +7207,7 @@ EndSection
          format to HI240, RGB565, RGB24, RGB32, RGB555, and
          GREY respectively. See -rawfb video for details.
 
-   See also the [872]-freqtab option to supply your own xawtv channel to
+   See also the [873]-freqtab option to supply your own xawtv channel to
    frequency mappings for your country (only ntsc-cable-us is built into
    x11vnc).
 
@@ -7211,7 +7216,7 @@ EndSection
    running on my handheld or PC using the Linux console framebuffer (i.e.
    not X11)?
 
-   Yes, the basic method for this is the [873]-rawfb scheme where the
+   Yes, the basic method for this is the [874]-rawfb scheme where the
    Linux console framebuffer (usually /dev/fb0) is polled and the uinput
    driver is used to inject keystrokes and mouse input. Often you will
    just have to type:
@@ -7224,7 +7229,7 @@ EndSection
   x11vnc -rawfb /dev/fb0@640x480x16
 
    Also, to force usage of the uinput injection method use "-pipeinput
-   UINPUT". See the [874]-pipeinput description for tunable parameters,
+   UINPUT". See the [875]-pipeinput description for tunable parameters,
    etc.
 
    One problem with the x11vnc uinput scheme is that it cannot guess the
@@ -7240,7 +7245,7 @@ EndSection
    Even with the correct acceleration setting there is still some drift
    (probably because of the mouse threshold where the acceleration kicks
    in) and so x11vnc needs to reposition the cursor from 0,0 about 5
-   times a second. See the [875]-pipeinput UINPUT option for tuning
+   times a second. See the [876]-pipeinput UINPUT option for tuning
    parameters that can be set (there are some experimental thresh=N
    tuning parameters as well)
 
@@ -7275,7 +7280,7 @@ EndSection
    Q-111: Now that non-X11 devices can be exported via VNC using x11vnc,
    can I build it with no dependencies on X11 header files and libraries?
 
-   Yes, as of Jul/2006 x11vnc enables building for [876]-rawfb only
+   Yes, as of Jul/2006 x11vnc enables building for [877]-rawfb only
    support. Just do something like when building:
   ./configure --without-x    (plus any other flags)
   make
@@ -7291,11 +7296,11 @@ EndSection
 
    Yes, since Nov/2006 in the development tree (x11vnc-0.8.4 tarball)
    there is support for native Mac OS X Aqua/Quartz displays using the
-   [877]-rawfb mechanism described above. The mouse and keyboard input is
+   [878]-rawfb mechanism described above. The mouse and keyboard input is
    achieved via Mac OS X API's.
 
-   So you can use x11vnc as an alternative to [878]OSXvnc (aka Vine
-   Server), or [879]Apple Remote Desktop (ARD). Perhaps there is some
+   So you can use x11vnc as an alternative to [879]OSXvnc (aka Vine
+   Server), or [880]Apple Remote Desktop (ARD). Perhaps there is some
    x11vnc feature you'd like to use on Mac OS X, etc. For a number of
    activities (e.g. window drags) it seems to be faster than OSXvnc.
 
@@ -7305,7 +7310,7 @@ EndSection
    (XDarwin) running on Mac OS X (people often install this software to
    display remote X11 apps on their Mac OS X system, or use some old
    favorites locally such as xterm). However in this case x11vnc will
-   only work reasonably in single window [880]-id windowid mode (and the
+   only work reasonably in single window [881]-id windowid mode (and the
    window may need to have mouse focus).
 
    If you do not have the DISPLAY env. variable set, x11vnc will assume
@@ -7323,9 +7328,9 @@ EndSection
    ./configure --without-x
    make
 
-   Win2VNC/x2vnc:  One handy use is to use the [881]-nofb mode to
+   Win2VNC/x2vnc:  One handy use is to use the [882]-nofb mode to
    redirect mouse and keyboard input to a nearby Mac (i.e. one to the
-   side of your desk) via [882]x2vnc or Win2VNC. See [883]this FAQ for
+   side of your desk) via [883]x2vnc or Win2VNC. See [884]this FAQ for
    more info.
 
    Options:  Here are the Mac OS X specific x11vnc options:
@@ -7399,13 +7404,13 @@ rm -f $tmp
    performance for the case of a large number of simultaneous VNC viewers
    (e.g. classroom broadcasting or a large demo)?
 
-   Yes, as of Feb/2007 there is the "[884]-reflect host:N" option to
+   Yes, as of Feb/2007 there is the "[885]-reflect host:N" option to
    connect to the VNC server "host:N" (either another x11vnc or any other
    VNC server) and re-export it. VNC viewers then connect to the
    x11vnc(s) running -reflect.
 
    The -reflect option is the same as: "-rawfb vnc:host:N". See the
-   [885]-rawfb description under "VNC HOST" for more details.
+   [886]-rawfb description under "VNC HOST" for more details.
 
    You can replace "host:N" with "listen" or "listen:port" for reverse
    connections.
@@ -7466,18 +7471,18 @@ rm -f $tmp
    re-exports via VNC to its clients C). However, CopyRect and
    CursorShape encodings are preserved in the reflection and that helps.
    Dragging windows with the mouse can be a problem (especially if S is
-   not doing wireframing somehow, consider [886]-nodragging if the
+   not doing wireframing somehow, consider [887]-nodragging if the
    problem is severe) For a really fast reflector/repeater it would have
    to be implemented from scratch with performance in mind. See these
    other projects:
-    [887]http://sourceforge.net/projects/vnc-reflector/,
-    [888]http://www.tightvnc.com/projector/                (closed source?),
+    [888]http://sourceforge.net/projects/vnc-reflector/,
+    [889]http://www.tightvnc.com/projector/                (closed source?),
 
 
    Automation via Reverse Connections:   Instead of having the R's
    connect directly to S and then the C's connect directly to the R they
    should use, some convenience can be achieved by using reverse
-   connections (the x11vnc "[889]"-connect host1,host2,..." option).
+   connections (the x11vnc "[890]"-connect host1,host2,..." option).
    Suppose all the clients "C" are started up in Listen mode:
     client1>  vncviewer -listen
     client2>  vncviewer -listen
@@ -7528,7 +7533,7 @@ rm -f $tmp
    If the Solaris install is an older X-based one, there will be a menu
    for you to get a terminal window. From that window you might be able
    to retrieve x11vnc.static via wget, scp, or ftp. Remember to do "chmod
-   755 ./x11vnc.static" and then find the -auth file as in [890]this FAQ.
+   755 ./x11vnc.static" and then find the -auth file as in [891]this FAQ.
 
    If it is a Linux install that uses an X server (e.g. SuSE and probably
    Fedora), then you can often get a shell by pressing Ctrl-Alt-F2 or
@@ -7537,7 +7542,7 @@ rm -f $tmp
    wget http://192.168.0.22/x11vnc.static
    chmod 755 ./x11vnc.static
 
-   Find the name of the auth file as in [891]this FAQ. (maybe run "ps
+   Find the name of the auth file as in [892]this FAQ. (maybe run "ps
    wwwwaux | grep auth"). Then run it like this:
    ./x11vnc.static -forever -nopw -display :0 -auth /tmp/wherever/the/authfile
 
@@ -7584,11 +7589,11 @@ rm -f $tmp
    As of Jan/2004 x11vnc supports the "CutText" part of the rfb protocol.
    Furthermore, x11vnc is able to hold the PRIMARY and CLIPBOARD
    selection (Xvnc does not seem to do this). If you don't want the
-   Clipboard/Selection exchanged use the [892]-nosel option. If you don't
+   Clipboard/Selection exchanged use the [893]-nosel option. If you don't
    want the PRIMARY selection to be polled for changes use the
-   [893]-noprimary option. (with a similar thing for CLIPBOARD). You can
-   also fine-tune it a bit with the [894]-seldir dir option and also
-   [895]-input.
+   [894]-noprimary option. (with a similar thing for CLIPBOARD). You can
+   also fine-tune it a bit with the [895]-seldir dir option and also
+   [896]-input.
 
    You may need to watch out for desktop utilities such as KDE's
    "Klipper" that do odd things with the selection, clipboard, and
@@ -7600,7 +7605,7 @@ rm -f $tmp
 
    Yes, it is possible with a number of tools that record VNC and
    transform it to swf format or others. One such popular tool is
-   [896]pyvnc2swf. There are a number of [897]tutorials on how to do
+   [897]pyvnc2swf. There are a number of [898]tutorials on how to do
    this. Another option is to use the vnc2mpg that comes in the
    LibVNCServer package.
    An important thing to remember when doing this is that tuning
@@ -7615,11 +7620,11 @@ rm -f $tmp
    (and Windows viewers only support filetransfer it appears... but they
    do work to some degree under Wine on Linux).
 
-   The [898]SSVNC Unix VNC viewer supports UltraVNC file transfer by use
+   The [899]SSVNC Unix VNC viewer supports UltraVNC file transfer by use
    of a Java helper program.
 
    TightVNC file transfer is off by default, if you want to enable it use
-   the [899]-tightfilexfer option.
+   the [900]-tightfilexfer option.
 
    UltraVNC file transfer is off by default, to enable it use something
    like "-rfbversion 3.6 -permitfiletransfer"
@@ -7642,7 +7647,7 @@ rm -f $tmp
    IMPORTANT: please understand if -ultrafilexfer or -tightfilexfer is
    specified and you run x11vnc as root for, say, inetd or display
    manager (gdm, kdm, ...) access and you do not have it switch users via
-   the [900]-users option, then VNC Viewers that connect are able to do
+   the [901]-users option, then VNC Viewers that connect are able to do
    filetransfer reads and writes as *root*.
 
    The UltraVNC and TightVNC settings can be toggled on and off inside
@@ -7661,7 +7666,7 @@ rm -f $tmp
    these extensions you will need to supply this option to x11vnc:
    -rfbversion 3.6
 
-   Or use [901]-ultrafilexfer which is an alias for the above option and
+   Or use [902]-ultrafilexfer which is an alias for the above option and
    "-permitfiletransfer". UltraVNC evidently treats any other RFB version
    number as non-UltraVNC.
 
@@ -7673,14 +7678,14 @@ rm -f $tmp
      * 1/n Server Scaling
      * rfbEncodingUltra compression encoding
 
-   The [902]SSVNC Unix VNC viewer supports these UltraVNC extensions.
+   The [903]SSVNC Unix VNC viewer supports these UltraVNC extensions.
 
-   To disable SingleWindow and ServerInput use [903]-noultraext (the
+   To disable SingleWindow and ServerInput use [904]-noultraext (the
    others are managed by LibVNCServer). See this option too:
-   [904]-noserverdpms.
+   [905]-noserverdpms.
 
-   Also, the [905]UltraVNC repeater proxy is supported for use with
-   reverse connections: "[906]-connect repeater://host:port+ID:NNNN". Use
+   Also, the [906]UltraVNC repeater proxy is supported for use with
+   reverse connections: "[907]-connect repeater://host:port+ID:NNNN". Use
    it for both plaintext and SSL connections. This mode can send any
    string before switching to the VNC protocol, and so could be used with
    other proxy/gateway tools.
@@ -7691,12 +7696,12 @@ rm -f $tmp
    reverse vnc connection from their Unix desktop to a helpdesk
    operator's VNC Viewer.
 
-   Yes, UltraVNC's [907]Single Click (SC) mode can be done fairly well on
+   Yes, UltraVNC's [908]Single Click (SC) mode can be done fairly well on
    Unix.
 
    We use the term "helpdesk" below, but it could be any sort of remote
    assistance you want to set up, e.g. something for Unix-using friends
-   or family to use. This includes [908]Mac OS X.
+   or family to use. This includes [909]Mac OS X.
 
    Assume you create a helpdesk directory "hd" on your website:
    http://www.mysite.com/hd (any website that you can upload files to
@@ -7752,7 +7757,7 @@ chmod 755 ./x11vnc                  # platform, use $webhost/`uname`/x11vnc
    So I guess this is about 3-4 clicks (start a terminal and paste) and
    pressing "Enter" instead of "single click"...
 
-   See [909]this page for some variations on this method, e.g. how to add
+   See [910]this page for some variations on this method, e.g. how to add
    a password, SSL Certificates, etc.
 
 
@@ -7764,11 +7769,11 @@ chmod 755 ./x11vnc                  # platform, use $webhost/`uname`/x11vnc
 
    A bit of obscurity security could be put in with a -passwd, -rfbauth
    options, etc. (note that x11vnc will require a password even for
-   reverse connections). More info [910]here.
+   reverse connections). More info [911]here.
 
 
    Firewalls: If the helpdesk (you) with the vncviewer is behind a
-   NAT/Firewall/Router the [911]router will have to be configured to
+   NAT/Firewall/Router the [912]router will have to be configured to
    redirect a port (i.e. 5500 or maybe different one if you like) to the
    vncviewer machine. If the vncviewer machine also has its own
    host-level firewall, you will have to open up the port there as well.
@@ -7778,7 +7783,7 @@ chmod 755 ./x11vnc                  # platform, use $webhost/`uname`/x11vnc
    configuring a router to do a port redirection (i.e. on your side, the
    HelpDesk). To avoid modifying either firewall/router, one would need
    some public (IP address reachable on the internet) redirection/proxy
-   service. Perhaps such a thing exists. [912]http://sc.uvnc.com provides
+   service. Perhaps such a thing exists. [913]http://sc.uvnc.com provides
    this service for their UltraVNC Single Click users.
 
 
@@ -7814,7 +7819,7 @@ chmod 755 ./x11vnc                  # platform, use $webhost/`uname`/x11vnc
 
    As of Apr/2007 x11vnc supports reverse connections in SSL and so we
    can do this. On the Helpdesk side (Viewer) you will need STUNNEL or
-   better use the [913]Enhanced TightVNC Viewer (SSVNC) package we
+   better use the [914]Enhanced TightVNC Viewer (SSVNC) package we
    provide that automates all of the SSL for you.
 
    To do this create a file named "vncs" in the website "hd" directory
@@ -7844,11 +7849,11 @@ chmod 755 ./x11vnc                  # platform, use $webhost/`uname`/x11vnc
 
    with the hostnames or IP addresses customized to your case.
 
-   The only change from the "vnc" above is the addition of the [914]-ssl
+   The only change from the "vnc" above is the addition of the [915]-ssl
    option to x11vnc. This will create a temporary SSL cert: openssl(1)
    will need to be installed on the user's end. A fixed SSL cert file
    could be used to avoid this (and provide some authentication; more
-   info [915]here.)
+   info [916]here.)
 
    The naive user will be doing this:
    wget -qO - http://www.mysite.com/hd/vncs | sh -
@@ -7857,7 +7862,7 @@ chmod 755 ./x11vnc                  # platform, use $webhost/`uname`/x11vnc
 
    But before that, the helpdesk operator needs to have "vncviewer
    -listen" running as before, however he needs an SSL tunnel at his end.
-   The easiest way to do this is use [916]Enhanced TightVNC Viewer
+   The easiest way to do this is use [917]Enhanced TightVNC Viewer
    (SSVNC). Start it, and select Options -> 'Reverse VNC Connection
    (-listen)'. Then UN-select 'Verify All Certs' (this can be enabled
    later if you want; you'll need the x11vnc SSL certificate), and click
@@ -7887,7 +7892,7 @@ connect = localhost:5501
 
    answer the prompts with whatever you want; you can take the default
    for all of them if you like. The openssl(1) package must be installed.
-   See [917]this link and [918]this one too for more info on SSL certs.
+   See [918]this link and [919]this one too for more info on SSL certs.
    This creates $HOME/.vnc/certs/server-self:mystunnel.pem, then you
    would change the "stunnel.cfg" to look something like:
 foreground = yes
@@ -7908,7 +7913,7 @@ connect = localhost:5501
    then all bets are off!.
 
    More SSL variations and info about certificates can be found
-   [919]here.
+   [920]here.
 
 
    OpenSSL libssl.so.0.9.7 problems:
@@ -7918,7 +7923,7 @@ connect = localhost:5501
    distros are currently a bit of a mess regarding which version of
    libssl is installed.
 
-   You will find the [920]details here.
+   You will find the [921]details here.
 
 
    Q-120: Can I (temporarily) mount my local (viewer-side) Windows/Samba
@@ -7927,7 +7932,7 @@ connect = localhost:5501
    You will have to use an external network redirection for this.
    Filesystem mounting is not part of the VNC protocol.
 
-   We show a simple [921]Samba example here.
+   We show a simple [922]Samba example here.
 
    First you will need a tunnel to redirect the SMB requests from the
    remote machine to the one you sitting at. We use an ssh tunnel:
@@ -7967,7 +7972,7 @@ d,ip=127.0.0.1,port=1139
   far-away> smbumount /home/fred/smb-haystack-pub
 
    At some point we hope to fold some automation for SMB ssh redir setup
-   into the [922]Enhanced TightVNC Viewer (SSVNC) package we provide (as
+   into the [923]Enhanced TightVNC Viewer (SSVNC) package we provide (as
    of Sep 2006 it is there for testing).
 
 
@@ -7977,7 +7982,7 @@ d,ip=127.0.0.1,port=1139
    You will have to use an external network redirection for this.
    Printing is not part of the VNC protocol.
 
-   We show a simple Unix to Unix [923]CUPS example here. Non-CUPS port
+   We show a simple Unix to Unix [924]CUPS example here. Non-CUPS port
    redirections (e.g. LPD) should also be possible, but may be a bit more
    tricky. If you are viewing on Windows SMB and don't have a local cups
    server it may be trickier still (see below).
@@ -8049,7 +8054,7 @@ d,ip=127.0.0.1,port=1139
    "localhost".
 
    At some point we hope to fold some automation for CUPS ssh redir setup
-   into the [924]Enhanced TightVNC Viewer (SSVNC) package we provide (as
+   into the [925]Enhanced TightVNC Viewer (SSVNC) package we provide (as
    of Sep 2006 it is there for testing).
 
 
@@ -8150,7 +8155,7 @@ or:
        the applications will fail to run because LD_PRELOAD will point to
        libraries of the wrong wordsize.
      * At some point we hope to fold some automation for esd or artsd ssh
-       redir setup into the [925]Enhanced TightVNC Viewer (SSVNC) package
+       redir setup into the [926]Enhanced TightVNC Viewer (SSVNC) package
        we provide (as of Sep/2006 it is there for testing).
 
 
@@ -8162,14 +8167,14 @@ or:
    in Solaris, see Xserver(1) for how to turn it on via +kb), and so you
    won't hear them if the extension is not present.
 
-   If you don't want to hear the beeps use the [926]-nobell option. If
+   If you don't want to hear the beeps use the [927]-nobell option. If
    you want to hear the audio from the remote applications, consider
-   trying a [927]redirector such as esd.
+   trying a [928]redirector such as esd.
 
 
    Q-124: Does x11vnc work with IPv6?
 
-   Currently the only way to do this is via [928]inetd. You configure
+   Currently the only way to do this is via [929]inetd. You configure
    x11vnc to be run from inetd or xinetd and instruct it to listen on an
    IPv6 address. For xinetd the setting "flags = IPv6" will be needed.
 
@@ -8178,7 +8183,7 @@ or:
    connection). Some sort of ipv4-to-ipv6 redirector tool (perhaps even a
    perl script) could be useful to avoid this.
 
-   Also note that not all VNC Viewers are [929]IPv6 enabled, so a
+   Also note that not all VNC Viewers are [930]IPv6 enabled, so a
    redirector could even be needed on the client side.
 
 
@@ -8977,155 +8982,156 @@ References
  778. http://www.karlrunge.com/x11vnc/index.html#faq-greaterless
  779. http://www.karlrunge.com/x11vnc/index.html#faq-xkbmodtweak
  780. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-debug_keyboard
- 781. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xkb
- 782. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sloppy_keys
- 783. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-modtweak
+ 781. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-modtweak
+ 782. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xkb
+ 783. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sloppy_keys
  784. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-modtweak
- 785. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-remap
- 786. http://www.karlrunge.com/x11vnc/index.html#faq-xkbmodtweak
- 787. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-debug_keyboard
- 788. http://www.karlrunge.com/x11vnc/index.html#faq-greaterless
- 789. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xkb
- 790. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sloppy_keys
- 791. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-modtweak
- 792. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xkb
+ 785. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-modtweak
+ 786. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-remap
+ 787. http://www.karlrunge.com/x11vnc/index.html#faq-xkbmodtweak
+ 788. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-debug_keyboard
+ 789. http://www.karlrunge.com/x11vnc/index.html#faq-greaterless
+ 790. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xkb
+ 791. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sloppy_keys
+ 792. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-modtweak
  793. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xkb
- 794. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-skip_keycodes
- 795. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-remap
- 796. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-add_keysyms
- 797. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-remap
+ 794. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xkb
+ 795. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-skip_keycodes
+ 796. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-remap
+ 797. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-add_keysyms
  798. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-remap
- 799. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-add_keysyms
- 800. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-norepeat
+ 799. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-remap
+ 800. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-add_keysyms
  801. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-norepeat
- 802. http://www.karlrunge.com/x11vnc/index.html#faq-display-manager
- 803. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-clear_mods
- 804. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-remap
- 805. http://www.karlrunge.com/x11vnc/index.html#faq-remap-capslock
- 806. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-skip_lockkeys
- 807. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-capslock
- 808. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-clear_all
- 809. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-remap
+ 802. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-norepeat
+ 803. http://www.karlrunge.com/x11vnc/index.html#faq-display-manager
+ 804. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-clear_mods
+ 805. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-remap
+ 806. http://www.karlrunge.com/x11vnc/index.html#faq-remap-capslock
+ 807. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-skip_lockkeys
+ 808. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-capslock
+ 809. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-clear_all
  810. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-remap
- 811. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nomodtweak
- 812. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-remap
+ 811. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-remap
+ 812. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nomodtweak
  813. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-remap
- 814. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-skip_lockkeys
- 815. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-remap
- 816. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nomodtweak
- 817. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-capslock
- 818. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-clear_all
- 819. http://www.karlrunge.com/x11vnc/index.html#faq-scaling
- 820. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-scale
- 821. http://people.pwf.cam.ac.uk/ssb22/setup/vnc-magnification.html
- 822. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rfbport
- 823. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-gui
- 824. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-connect
- 825. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-scale_cursor
- 826. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-blackout
- 827. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xinerama
+ 814. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-remap
+ 815. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-skip_lockkeys
+ 816. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-remap
+ 817. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nomodtweak
+ 818. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-capslock
+ 819. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-clear_all
+ 820. http://www.karlrunge.com/x11vnc/index.html#faq-scaling
+ 821. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-scale
+ 822. http://people.pwf.cam.ac.uk/ssb22/setup/vnc-magnification.html
+ 823. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rfbport
+ 824. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-gui
+ 825. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-connect
+ 826. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-scale_cursor
+ 827. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-blackout
  828. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xinerama
- 829. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xwarppointer
+ 829. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xinerama
  830. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xwarppointer
- 831. http://www.karlrunge.com/x11vnc/index.html#faq-solshm
- 832. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-onetile
- 833. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-noshm
- 834. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-clip
- 835. http://www.karlrunge.com/x11vnc/index.html#faq-xinerama
- 836. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-id
+ 831. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xwarppointer
+ 832. http://www.karlrunge.com/x11vnc/index.html#faq-solshm
+ 833. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-onetile
+ 834. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-noshm
+ 835. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-clip
+ 836. http://www.karlrunge.com/x11vnc/index.html#faq-xinerama
  837. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-id
- 838. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xrandr
- 839. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-padgeom
- 840. http://www.karlrunge.com/x11vnc/ssvnc.html
- 841. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rotate
- 842. http://www.jwz.org/xscreensaver/man1.html
- 843. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nodpms
- 844. http://www.beryl-project.org/
- 845. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-noxdamage
- 846. http://www.dslinux.org/blogs/pepsiman/?p=73
- 847. http://linpvr.org/minimyth/
- 848. http://www.karlrunge.com/x11vnc/index.html#faq-linuxvc
- 849. http://www.karlrunge.com/x11vnc/index.html#faq-rawfb
- 850. http://www.karlrunge.com/x11vnc/index.html#faq-linuxvc
- 851. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-id
- 852. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rawfb
- 853. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-pipeinput
+ 838. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-id
+ 839. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xrandr
+ 840. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-padgeom
+ 841. http://www.karlrunge.com/x11vnc/ssvnc.html
+ 842. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rotate
+ 843. http://www.jwz.org/xscreensaver/man1.html
+ 844. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nodpms
+ 845. http://www.beryl-project.org/
+ 846. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-noxdamage
+ 847. http://www.dslinux.org/blogs/pepsiman/?p=73
+ 848. http://linpvr.org/minimyth/
+ 849. http://www.karlrunge.com/x11vnc/index.html#faq-linuxvc
+ 850. http://www.karlrunge.com/x11vnc/index.html#faq-rawfb
+ 851. http://www.karlrunge.com/x11vnc/index.html#faq-linuxvc
+ 852. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-id
+ 853. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rawfb
  854. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-pipeinput
- 855. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-snapfb
- 856. http://www.karlrunge.com/x11vnc/index.html#faq-video
- 857. http://www.karlrunge.com/x11vnc/index.html#faq-xvfb
- 858. http://www.karlrunge.com/x11vnc/index.html#faq-qt-embedded
- 859. http://www.karlrunge.com/x11vnc/index.html#faq-video
- 860. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rawfb
- 861. http://www.karlrunge.com/x11vnc/index.html#faq-video
- 862. http://www.karlrunge.com/x11vnc/index.html#faq-linuxvc
- 863. http://www.karlrunge.com/x11vnc/index.html#faq-qt-embedded
- 864. http://www.karlrunge.com/x11vnc/index.html#faq-vmware
- 865. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rawfb
- 866. http://www.karlrunge.com/x11vnc/index.html#faq-rawfb
- 867. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-snapfb
- 868. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-24to32
- 869. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-wait
- 870. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-slow_fb
- 871. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-defer
- 872. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-freqtab
- 873. http://www.karlrunge.com/x11vnc/index.html#faq-rawfb
- 874. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-pipeinput
+ 855. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-pipeinput
+ 856. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-snapfb
+ 857. http://www.karlrunge.com/x11vnc/index.html#faq-video
+ 858. http://www.karlrunge.com/x11vnc/index.html#faq-xvfb
+ 859. http://www.karlrunge.com/x11vnc/index.html#faq-qt-embedded
+ 860. http://www.karlrunge.com/x11vnc/index.html#faq-video
+ 861. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rawfb
+ 862. http://www.karlrunge.com/x11vnc/index.html#faq-video
+ 863. http://www.karlrunge.com/x11vnc/index.html#faq-linuxvc
+ 864. http://www.karlrunge.com/x11vnc/index.html#faq-qt-embedded
+ 865. http://www.karlrunge.com/x11vnc/index.html#faq-vmware
+ 866. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rawfb
+ 867. http://www.karlrunge.com/x11vnc/index.html#faq-rawfb
+ 868. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-snapfb
+ 869. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-24to32
+ 870. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-wait
+ 871. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-slow_fb
+ 872. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-defer
+ 873. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-freqtab
+ 874. http://www.karlrunge.com/x11vnc/index.html#faq-rawfb
  875. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-pipeinput
- 876. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rawfb
+ 876. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-pipeinput
  877. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rawfb
- 878. http://www.redstonesoftware.com/vnc.html
- 879. http://www.apple.com/remotedesktop/
- 880. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-id
+ 878. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rawfb
+ 879. http://www.redstonesoftware.com/vnc.html
+ 880. http://www.apple.com/remotedesktop/
  881. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-id
- 882. http://fredrik.hubbe.net/x2vnc.html
- 883. http://www.karlrunge.com/x11vnc/index.html#faq-win2vnc
- 884. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-reflect
- 885. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rawfb
- 886. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nodragging
- 887. http://sourceforge.net/projects/vnc-reflector/
- 888. http://www.tightvnc.com/projector/
- 889. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-connect
- 890. http://www.karlrunge.com/x11vnc/index.html#faq-display-manager
+ 882. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-id
+ 883. http://fredrik.hubbe.net/x2vnc.html
+ 884. http://www.karlrunge.com/x11vnc/index.html#faq-win2vnc
+ 885. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-reflect
+ 886. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rawfb
+ 887. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nodragging
+ 888. http://sourceforge.net/projects/vnc-reflector/
+ 889. http://www.tightvnc.com/projector/
+ 890. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-connect
  891. http://www.karlrunge.com/x11vnc/index.html#faq-display-manager
- 892. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nosel
- 893. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-noprimary
- 894. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-seldir
- 895. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-input
- 896. http://www.unixuser.org/~euske/vnc2swf/
- 897. http://wolphination.com/linux/2006/06/30/how-to-record-videos-of-your-desktop/
- 898. http://www.karlrunge.com/x11vnc/ssvnc.html
- 899. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-tightfilexfer
- 900. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-users
- 901. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ultrafilexfer
- 902. http://www.karlrunge.com/x11vnc/ssvnc.html
- 903. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-noultraext
- 904. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-noserverdpms
- 905. http://www.uvnc.com/addons/repeater.html
- 906. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-connect
- 907. http://www.uvnc.com/addons/singleclick.html
- 908. http://www.karlrunge.com/x11vnc/index.html#faq-macosx
- 909. http://www.karlrunge.com/x11vnc/single-click.html
+ 892. http://www.karlrunge.com/x11vnc/index.html#faq-display-manager
+ 893. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nosel
+ 894. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-noprimary
+ 895. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-seldir
+ 896. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-input
+ 897. http://www.unixuser.org/~euske/vnc2swf/
+ 898. http://wolphination.com/linux/2006/06/30/how-to-record-videos-of-your-desktop/
+ 899. http://www.karlrunge.com/x11vnc/ssvnc.html
+ 900. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-tightfilexfer
+ 901. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-users
+ 902. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ultrafilexfer
+ 903. http://www.karlrunge.com/x11vnc/ssvnc.html
+ 904. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-noultraext
+ 905. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-noserverdpms
+ 906. http://www.uvnc.com/addons/repeater.html
+ 907. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-connect
+ 908. http://www.uvnc.com/addons/singleclick.html
+ 909. http://www.karlrunge.com/x11vnc/index.html#faq-macosx
  910. http://www.karlrunge.com/x11vnc/single-click.html
- 911. http://www.karlrunge.com/x11vnc/index.html#firewalls
- 912. http://sc.uvnc.com/
- 913. http://www.karlrunge.com/x11vnc/ssvnc.html
- 914. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl
- 915. http://www.karlrunge.com/x11vnc/single-click.html
- 916. http://www.karlrunge.com/x11vnc/ssvnc.html
- 917. http://www.karlrunge.com/x11vnc/single-click.html
- 918. http://www.karlrunge.com/x11vnc/ssl.html
- 919. http://www.karlrunge.com/x11vnc/single-click.html
- 920. http://www.karlrunge.com/x11vnc/single-click.html#libssl-problems
- 921. http://www.samba.org/
- 922. http://www.karlrunge.com/x11vnc/ssvnc.html
- 923. http://www.cups.org/
- 924. http://www.karlrunge.com/x11vnc/ssvnc.html
+ 911. http://www.karlrunge.com/x11vnc/single-click.html
+ 912. http://www.karlrunge.com/x11vnc/index.html#firewalls
+ 913. http://sc.uvnc.com/
+ 914. http://www.karlrunge.com/x11vnc/ssvnc.html
+ 915. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl
+ 916. http://www.karlrunge.com/x11vnc/single-click.html
+ 917. http://www.karlrunge.com/x11vnc/ssvnc.html
+ 918. http://www.karlrunge.com/x11vnc/single-click.html
+ 919. http://www.karlrunge.com/x11vnc/ssl.html
+ 920. http://www.karlrunge.com/x11vnc/single-click.html
+ 921. http://www.karlrunge.com/x11vnc/single-click.html#libssl-problems
+ 922. http://www.samba.org/
+ 923. http://www.karlrunge.com/x11vnc/ssvnc.html
+ 924. http://www.cups.org/
  925. http://www.karlrunge.com/x11vnc/ssvnc.html
- 926. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nobell
- 927. http://www.karlrunge.com/x11vnc/index.html#faq-sound
- 928. http://www.karlrunge.com/x11vnc/index.html#faq-inetd
- 929. http://jungla.dit.upm.es/~acosta/paginas/vncIPv6.html
+ 926. http://www.karlrunge.com/x11vnc/ssvnc.html
+ 927. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nobell
+ 928. http://www.karlrunge.com/x11vnc/index.html#faq-sound
+ 929. http://www.karlrunge.com/x11vnc/index.html#faq-inetd
+ 930. http://jungla.dit.upm.es/~acosta/paginas/vncIPv6.html
 	
 =======================================================================
 http://www.karlrunge.com/x11vnc/chainingssh.html:
@@ -10939,12 +10945,12 @@ Enhanced TightVNC Viewer   (SSVNC:   SSL/SSH VNC viewer)
 
    The package provides a GUI for Windows, Mac OS X, and Unix that
    automatically starts up an STUNNEL SSL tunnel for SSL or ssh for SSH
-   connections to [5]x11vnc or any other VNC server, and then launches
+   connections to [5]x11vnc (or any other VNC server), and then launches
    the VNC Viewer to use the encrypted tunnel.
 
    SSL encrypted VNC connections to any VNC Server will work if they are
-   running an SSL tunnel, such as STUNNEL, at their end. SSVNC can be
-   used to perform SSH tunnelled connections to any VNC Server.
+   running an SSL tunnel, such as STUNNEL, at their end; and SSH tunnels
+   will work to any VNC Server host running sshd that you can log into.
 
    The Enhanced TightVNC Viewer package started as a project to add some
    patches to the long neglected Unix TightVNC Viewer. However, now the
@@ -10964,7 +10970,9 @@ Enhanced TightVNC Viewer   (SSVNC:   SSL/SSH VNC viewer)
    [8]USB memory stick / flash drive for secure VNC viewing from almost
    any machine, Unix, Mac OS X, and Windows (and if you create a
    directory named "Home" in the toplevel ssvnc directory on the drive
-   your VNC profiles and certs will be kept there as well).
+   your VNC profiles and certs will be kept there as well). For Unix,
+   there is also a [9]conventional source tarball to build and install in
+   the normal way and not use a pre-built bundle.
 
      _________________________________________________________________
 
@@ -10975,11 +10983,11 @@ Enhanced TightVNC Viewer   (SSVNC:   SSL/SSH VNC viewer)
    then those keys are likely extremely weak and can be easily cracked.
    The certificate files should be deleted and recreated on a non-Debian
    system or an updated one. See
-   [9]http://www.debian.org/security/2008/dsa-1571 for details. The same
+   [10]http://www.debian.org/security/2008/dsa-1571 for details. The same
    applies to SSH keys.
 
    Please read this information on using SSVNC on workstations with
-   [10]Untrusted Local Users.
+   [11]Untrusted Local Users.
 
      _________________________________________________________________
 
@@ -10991,7 +10999,7 @@ Enhanced TightVNC Viewer   (SSVNC:   SSL/SSH VNC viewer)
      * Ability to Save and Load VNC profiles for different hosts.
      * Create or Import SSL Certificates and Private Keys.
      * Reverse (viewer listening) VNC connections via SSL and SSH.
-     * Support for Web [11]Proxies, SOCKS Proxies, and the [12]UltraVNC
+     * Support for Web [12]Proxies, SOCKS Proxies, and the [13]UltraVNC
        repeater proxy (e.g. repeater://host:port+ID:1234). Multiple
        proxies may be chained together (3 max).
      * Support for SSH Gateway connections and non-standard SSH ports.
@@ -11007,20 +11015,20 @@ Enhanced TightVNC Viewer   (SSVNC:   SSL/SSH VNC viewer)
      * Support for native MacOS X usage with bundled Chicken of the VNC
        viewer (the Unix X11 viewer is also provided for MacOS X, and is
        better IMHO).
-     * [13]Dynamic VNC Server Port determination and redirection (using
+     * [14]Dynamic VNC Server Port determination and redirection (using
        ssh's builtin SOCKS proxy, ssh -D) for servers like x11vnc that
        print out PORT= at startup.
      * Unix Username and Password entry for use with "x11vnc -unixpw"
        type login dialogs.
-     * Simplified mode launched by command "[14]sshvnc" that is SSH Only.
-     * Simplified mode launched by command "[15]tsvnc" that provides a
+     * Simplified mode launched by command "[15]sshvnc" that is SSH Only.
+     * Simplified mode launched by command "[16]tsvnc" that provides a
        VNC "Terminal Services" mode (uses x11vnc on the remote side).
 
-   [16]Unix TightVNC Viewer improvements (these only apply to the Unix
+   [17]Unix TightVNC Viewer improvements (these only apply to the Unix
    VNC viewer):
      * rfbNewFBSize VNC support (dynamic screen resizing)
      * ZRLE VNC encoding support (RealVNC's encoding)
-     * Cursor [17]alphablending with x11vnc at 32bpp (-alpha option)
+     * Cursor [18]alphablending with x11vnc at 32bpp (-alpha option)
      * Option "-unixpw ..." for use with "x11vnc -unixpw" type login
        dialogs.
      * Support for UltraVNC extensions: 1/n Server side scaling, Text
@@ -11029,10 +11037,12 @@ Enhanced TightVNC Viewer   (SSVNC:   SSL/SSH VNC viewer)
      * UltraVNC File Transfer via an auxiliary Java helper program (java
        must be in $PATH). Note that x11vnc supports UltraVNC file
        transfer.
-     * Connection support for the [18]UltraVNC repeater proxy (-repeater
+     * Connection support for the [19]UltraVNC repeater proxy (-repeater
        option).
-     * Support for UltraVNC [19]Single Click operation. (both
+     * Support for UltraVNC [20]Single Click operation. (both
        unencrypted: SC I, and SSL encrypted: SC III)
+     * Support for UltraVNC [21]DSM Encryption Plugin mode. (ARC4 and
+       AESV2, but not MSRC4 yet)
      * Instead of hostname:display one can also supply "exec=command
        args..." to connect the viewer to the stdio of an external command
        (e.g. stunnel or socat) rather than using a TCP/IP socket. Unix
@@ -11041,14 +11051,14 @@ Enhanced TightVNC Viewer   (SSVNC:   SSL/SSH VNC viewer)
        (-use64/-bgr222, -use8/-bgr111)
      * Medium color mode: 16bpp mode on a 32bpp Viewer display
        (-16bpp/-bgr565)
-     * For use with x11vnc's [20]client-side caching -ncache method use
+     * For use with x11vnc's [22]client-side caching -ncache method use
        the cropping option -ycrop n. This will "hide" the large pixel
        buffer cache below the actual display. Set to the actual height or
        use -1 for autodetection (also, tall screens, H > 2*W, are
        autodetected by default).
      * Scrollbar width setting: -sbwidth n, the default is very thin, 2
        pixels, for less distracting -ycrop usage.
-     * Improvements to the [21]Popup menu, all of these can now be
+     * Improvements to the [23]Popup menu, all of these can now be
        changed dynamically via the menu: ViewOnly, Toggle Bell,
        CursorShape updates, X11 Cursor, Cursor Alphablending, Toggle
        Tight/ZRLE, Toggle JPEG, FullColor/16bpp/8bpp (256/64/8 colors),
@@ -11075,6 +11085,8 @@ Enhanced TightVNC Viewer   (SSVNC:   SSL/SSH VNC viewer)
    These are all self-contained in the bundle directory: they will not be
    installed on your system. Just un-zip or un-tar the file you
    downloaded and run the frontend ssvnc straight from its directory.
+   Alternatively, on Unix you can use the [24]conventional source
+   tarball.
 
    Here is the Quick Start info from the README for how to do that:
 Quick Start:
@@ -11181,6 +11193,9 @@ Windows:
 
      _________________________________________________________________
 
+   You can read all of the SSVNC GUI's [25]Online Help Text here.
+     _________________________________________________________________
+
    The bundle unpacks a directory/folder named: ssvnc. It contains these
    programs to launch the GUI:
         Windows/ssvnc.exe        for Windows
@@ -11190,14 +11205,14 @@ Windows:
    (the Mac OS X and Unix launchers are simply links to the bin
    directory). See the README for more information.
 
-   The [22]SSH-Only mode launcher program has name sshvnc. The
-   [23]Terminal Services mode launcher program (assumes x11vnc 0.8.4 or
+   The [26]SSH-Only mode launcher program has name sshvnc. The
+   [27]Terminal Services mode launcher program (assumes x11vnc 0.8.4 or
    later and Xvfb installed on the server machine) has name tsvnc.
 
    The Viewer SSL support is done via a wrapper script (bin/ssvnc_cmd
    that calls bin/util/ss_vncviewer) that starts up the STUNNEL tunnel
    first and then starts the TightVNC viewer pointed at that tunnel. The
-   bin/ssvnc program is a GUI front-end to that script. See [24]this FAQ
+   bin/ssvnc program is a GUI front-end to that script. See [28]this FAQ
    for more details on SSL tunnelling. In SSH connection mode, the
    wrappers start up SSH appropriately.
 
@@ -11244,7 +11259,7 @@ start \ssvnc\Windows\ssvnc.exe
    switch from the regular SSVNC mode, click "Terminal Services" under
    Options.
 
-   This mode requires [25]x11vnc (0.9.3 or later) installed on the remote
+   This mode requires [29]x11vnc (0.9.3 or later) installed on the remote
    machine to find, create, and manage the user sessions. SSH is used to
    create the encrypted and authenticated tunnel. The Xvfb (virtual
    framebuffer X server) program must also be installed on the remote
@@ -11262,7 +11277,7 @@ start \ssvnc\Windows\ssvnc.exe
    press "Connect").
 
    Normally the Terminal Services sessions created are virtual (RAM-only)
-   ones (e.g. Xvfb, [26]Xdummy, or Xvnc), however a nice feature is if
+   ones (e.g. Xvfb, [30]Xdummy, or Xvnc), however a nice feature is if
    you have a regular X session (i.e displaying on the physical hardware)
    on the remote machine that you are ALREADY logged into, then the
    x11vnc run from tsvnc will find it for you as well.
@@ -11283,7 +11298,7 @@ start \ssvnc\Windows\ssvnc.exe
    Proxies: Web proxies, SOCKS proxies, and the UltraVNC repeater proxy
    are supported to allow the SSVNC connection to go through the proxy to
    the otherwise unreachable VNC Server. SSH gateway machines can be used
-   in the same way. Read [27]more about SSVNC proxy support here.
+   in the same way. Read [31]more about SSVNC proxy support here.
 
 
    Dynamic VNC Server Port determination: If you are running SSVNC on
@@ -11310,7 +11325,7 @@ or:     PORT= vncserver :4; sleep 15
    sessions if called repeatedly.
 
    If you use PORT= on Windows, a large random port is selected instead
-   and the [28]-rfbport option is passed to x11vnc (it does not work with
+   and the [32]-rfbport option is passed to x11vnc (it does not work with
    vncserver).
 
 
@@ -11321,7 +11336,7 @@ or:     PORT= vncserver :4; sleep 15
    resize when the server does (e.g. "x11vnc -R scale=3/4" remote control
    command).
 
-   The cursor alphablending is [29]described here.
+   The cursor alphablending is [33]described here.
 
    The RealVNC ZRLE encoding is supported, in addition to some low colors
    modes (16bpp and 8bpp at 256, 64, and even 8 colors, for use on very
@@ -11331,7 +11346,7 @@ or:     PORT= vncserver :4; sleep 15
    The Popup menu (F8) is enhanced with the ability to change many things
    on the fly. F9 is added as a shortcut to toggle FullScreen mode.
 
-   Client Side Caching: The x11vnc [30]client-side caching is handled
+   Client Side Caching: The x11vnc [34]client-side caching is handled
    nicely by this viewer. The very large pixel cache below the actual
    display in this caching method is distracting. Our Unix VNC viewer
    will automatically try to autodetect the actual display height if the
@@ -11344,7 +11359,7 @@ or:     PORT= vncserver :4; sleep 15
    scrollbars are set to be very thin (2 pixels) to be less distracting.
    Use the -sbwidth n to make them wider.
 
-   Probably nobody is interested in the [31]grabserver patch for old
+   Probably nobody is interested in the [35]grabserver patch for old
    window managers when the viewer is in fullscreen mode... This and some
    other unfixed bugs have been fixed in our patches (fullscreen toggle
    works with KDE, -x11cursor has been fixed, and the dot cursor has been
@@ -11395,6 +11410,9 @@ Enhanced TightVNC viewer (SSVNC) options:
 
    Note: In -listen mode set the env var. SSVNC_MULTIPLE_LISTEN=1
          to allow more than one incoming VNC server at a time.
+         This is the same as -multilisten described below.  Set
+         SSVNC_MULTIPLE_LISTEN=MAX:n to allow no more than "n"
+         simultaneous reverse connections.
 
    Note: If the host:port is specified as "exec=command args..."
          then instead of making a TCP/IP socket connection to the
@@ -11407,6 +11425,12 @@ Enhanced TightVNC viewer (SSVNC) options:
    Note: If the host:port contains a '/' it is interpreted as a
          unix-domain socket (AF_LOCAL insead of AF_INET)
 
+        -multilisten  As in -listen (reverse connection listening) except
+                    allow more than one incoming VNC server to be connected
+                    at a time.  The default for -listen of only one at a
+                    time tries to play it safe by not allowing anyone on
+                    the network to put (many) desktops on your screen over
+                    a long window of time. Use -multilisten for no limit.
 
         -use64      In -bgr233 mode, use 64 colors instead of 256.
         -bgr222     Same as -use64.
@@ -11507,9 +11531,38 @@ Enhanced TightVNC viewer (SSVNC) options:
                     using -repeater, the host:dpy on the cmdline is the repeate
 r
                     server, NOT the VNC server.  The repeater will connect you.
+
                     Example: vncviewer ... -repeater ID:3333 repeat.host:5900
                     Example: vncviewer ... -repeater vhost:0 repeat.host:5900
 
+                    Use, e.g., '-repeater SCIII=ID:3210' if the repeater is a
+                    Single Click III (SSL) repeater (repeater_SSL.exe) and you
+                    are passing the SSL part of the connection through stunnel,
+                    socat, etc. This way the magic UltraVNC string 'testB' need
+ed
+                    to work with the repeater is sent to it.
+
+     -rfbversion str Set the advertised RFB version to str. e.g.: -rfbversion 3
+.6
+                    For some servers, e.g. UltraVNC this needs to be done.
+
+     -ultradsm      UltraVNC has symmetric private encryption DSM plugins.  See
+                    http://www.uvnc.com/features/encryption.html.  It is assume
+d
+                    you are using a unix program (e.g. our ultravnc_dsm_helper)
+ to
+                    encrypt and decrypt the UltraVNC DSM stream.  IN ADDITION T
+O
+                    THAT supply -ultradsm to tell THIS viewer to modify the RFB
+                    data sent so as to work with the UltraVNC Server.  For some
+                    reason, each RFB message type must be sent twice under DSM.
+
+     -env VAR=VALUE To save writing a shell script to set environment variables
+,
+                    specify as many as you need on the command line.  For examp
+le,
+                    -env SSVNC_MULTIPLE_LISTEN=MAX:5 -env EDITOR=vi
+
      -printres      Print out the Ssvnc X resources (appdefaults) and then exit
                     You can save them to a file and customize them (e.g. the
                     keybindings and Popup menu)  Then point to the file via
@@ -11573,7 +11626,7 @@ r
      _________________________________________________________________
 
    Hopefully this tool will make it convenient for people to help test
-   and use the [32]built-in SSL support in x11vnc. Extra testing of this
+   and use the [36]built-in SSL support in x11vnc. Extra testing of this
    feature is much appreciated!! Thanks.
 
    Please Help Test the newly added features:
@@ -11586,34 +11639,34 @@ r
    Server machine, and to mount your local Windows or Samba shares on the
    remote VNC Server machine. Basically these new features try to
    automate the tricks described here:
-    [33]http://www.karlrunge.com/x11vnc/#faq-smb-shares
-    [34]http://www.karlrunge.com/x11vnc/#faq-cups
-    [35]http://www.karlrunge.com/x11vnc/#faq-sound
+    [37]http://www.karlrunge.com/x11vnc/#faq-smb-shares
+    [38]http://www.karlrunge.com/x11vnc/#faq-cups
+    [39]http://www.karlrunge.com/x11vnc/#faq-sound
      _________________________________________________________________
 
    Downloading: This project can be downloaded here, choose the archive
    file bundle that best suits you (e.g. no source code, windows only,
    unix only, zip, tar etc):
-  [36]ssvnc_windows_only-1.0.20.zip      Windows Binaries Only.  No source incl
+  [40]ssvnc_windows_only-1.0.20.zip      Windows Binaries Only.  No source incl
 uded (~6MB)
-  [37]ssvnc_no_windows-1.0.20.tar.gz     Unix and Mac OS X Only. No Windows bin
+  [41]ssvnc_no_windows-1.0.20.tar.gz     Unix and Mac OS X Only. No Windows bin
 aries.  Source included. (~6MB)
-  [38]ssvnc_unix_only-1.0.20.tar.gz      Unix Binaries Only.     No source incl
+  [42]ssvnc_unix_only-1.0.20.tar.gz      Unix Binaries Only.     No source incl
 uded. (~3.5MB)
-  [39]ssvnc_unix_minimal-1.0.20.tar.gz   Unix Minimal.  You must supply your ow
+  [43]ssvnc_unix_minimal-1.0.20.tar.gz   Unix Minimal.  You must supply your ow
 n vncviewer and stunnel. (~0.1MB)
 
-  [40]ssvnc-1.0.20.tar.gz                All Unix, Mac OS X, and Windows binari
+  [44]ssvnc-1.0.20.tar.gz                All Unix, Mac OS X, and Windows binari
 es and source TGZ. (~11MB)
-  [41]ssvnc-1.0.20.zip                   All Unix, Mac OS X, and Windows binari
+  [45]ssvnc-1.0.20.zip                   All Unix, Mac OS X, and Windows binari
 es and source ZIP. (~11MB)
-  [42]ssvnc_all-1.0.20.zip               All Unix, Mac OS X, and Windows binari
+  [46]ssvnc_all-1.0.20.zip               All Unix, Mac OS X, and Windows binari
 es and source AND full archives in the zip dir. (~15MB)
 
    You can try for an older one by replacing, e.g. ".20" by ".19", etc.
 
    Here is a conventional source tarball:
-  [43]ssvnc-1.0.20.src.tar.gz            Conventional Source for Unix VNCviewer
+  [47]ssvnc-1.0.20.src.tar.gz            Conventional Source for Unix VNCviewer
   (~0.4MB)
 
    it will be of use to those who do not want the SSVNC
@@ -11621,7 +11674,7 @@ es and source AND full archives in the zip dir. (~15MB)
    will find this more familiar and useful to them (i.e. they run: "make
    config; make all; make install"). Note that it does not include the
    stunnel source, and so has a dependency that the system stunnel is
-   installed. Read the [44]README.src file for more information on using
+   installed. Read the [48]README.src file for more information on using
    the source tarball.
 
    Here are the corresponding development bundles:
@@ -11632,7 +11685,7 @@ es and source AND full archives in the zip dir. (~15MB)
    VNC viewer! Let us know how it went.
 
    A self-extracting and running file for the "ssvnc_unix_minimal"
-   package is here: [45]ssvnc. Save it as filename "ssvnc", type "chmod
+   package is here: [49]ssvnc. Save it as filename "ssvnc", type "chmod
    755 ./ssvnc", and then launch the GUI via typing "./ssvnc". Note that
    this "ssvnc_unix_minimal" mode requires you install the "stunnel" and
    "vncviewer" programs externally (for example, install your distros'
@@ -11673,16 +11726,16 @@ es and source AND full archives in the zip dir. (~15MB)
    redistribute the above because of cryptographic software they contain
    or for other reasons. Please check out your situation and information
    at the following and related sites:
-        [46]http://www.stunnel.org
-        [47]http://stunnel.mirt.net
-        [48]http://www.openssl.org
-        [49]http://www.chiark.greenend.org.uk/~sgtatham/putty/
-        [50]http://www.tightvnc.com
-        [51]http://www.realvnc.com
-        [52]http://sourceforge.net/projects/cotvnc/
+        [50]http://www.stunnel.org
+        [51]http://stunnel.mirt.net
+        [52]http://www.openssl.org
+        [53]http://www.chiark.greenend.org.uk/~sgtatham/putty/
+        [54]http://www.tightvnc.com
+        [55]http://www.realvnc.com
+        [56]http://sourceforge.net/projects/cotvnc/
      _________________________________________________________________
 
-   README: Here is the toplevel [53]README from the bundle.
+   README: Here is the toplevel [57]README from the bundle.
 
 References
 
@@ -11694,51 +11747,55 @@ References
    6. http://www.karlrunge.com/x11vnc/enhanced_tightvnc_viewer.html#sshvnc
    7. http://www.karlrunge.com/x11vnc/enhanced_tightvnc_viewer.html#tsvnc
    8. http://www.karlrunge.com/x11vnc/enhanced_tightvnc_viewer.html#memory-stick
-   9. http://www.debian.org/security/2008/dsa-1571
-  10. http://www.karlrunge.com/x11vnc/ssvnc_untrusted_local_users.html
-  11. http://www.karlrunge.com/x11vnc/ssvnc-proxies.html
-  12. http://www.uvnc.com/addons/repeater.html
-  13. http://www.karlrunge.com/x11vnc/enhanced_tightvnc_viewer.html#dynamic-port
-  14. http://www.karlrunge.com/x11vnc/enhanced_tightvnc_viewer.html#sshvnc
-  15. http://www.karlrunge.com/x11vnc/enhanced_tightvnc_viewer.html#tsvnc
-  16. http://www.karlrunge.com/x11vnc/enhanced_tightvnc_viewer.html#unix-patches
-  17. http://www.karlrunge.com/x11vnc/index.html#faq-xfixes-alpha-hacks
-  18. http://www.uvnc.com/addons/repeater.html
-  19. http://www.uvnc.com/addons/singleclick.html
-  20. http://www.karlrunge.com/x11vnc/index.html#faq-client-caching
-  21. http://www.karlrunge.com/x11vnc/enhanced_tightvnc_viewer.html#popup
-  22. http://www.karlrunge.com/x11vnc/enhanced_tightvnc_viewer.html#sshvnc
-  23. http://www.karlrunge.com/x11vnc/enhanced_tightvnc_viewer.html#tsvnc
-  24. http://www.karlrunge.com/x11vnc/index.html#faq-ssl-tunnel-ext
-  25. http://www.karlrunge.com/x11vnc/index.html
-  26. http://www.karlrunge.com/x11vnc/index.html#faq-xvfb
-  27. http://www.karlrunge.com/x11vnc/ssvnc-proxies.html
-  28. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rfbport
-  29. http://www.karlrunge.com/x11vnc/index.html#faq-xfixes-alpha-hacks
-  30. http://www.karlrunge.com/x11vnc/index.html#faq-client-caching
-  31. http://www.karlrunge.com/x11vnc/index.html#faq-scrollbars
-  32. http://www.karlrunge.com/x11vnc/index.html#faq-ssl-tunnel-int
-  33. http://www.karlrunge.com/x11vnc/index.html#faq-smb-shares
-  34. http://www.karlrunge.com/x11vnc/index.html#faq-cups
-  35. http://www.karlrunge.com/x11vnc/index.html#faq-sound
-  36. http://www.karlrunge.com/x11vnc/etv/ssvnc_windows_only-1.0.20.zip
-  37. http://www.karlrunge.com/x11vnc/etv/ssvnc_no_windows-1.0.20.tar.gz
-  38. http://www.karlrunge.com/x11vnc/etv/ssvnc_unix_only-1.0.20.tar.gz
-  39. http://www.karlrunge.com/x11vnc/etv/ssvnc_unix_minimal-1.0.20.tar.gz
-  40. http://www.karlrunge.com/x11vnc/etv/ssvnc-1.0.20.tar.gz
-  41. http://www.karlrunge.com/x11vnc/etv/ssvnc-1.0.20.zip
-  42. http://www.karlrunge.com/x11vnc/etv/ssvnc_all-1.0.20.zip
-  43. http://www.karlrunge.com/x11vnc/etv/ssvnc-1.0.20.src.tar.gz
-  44. http://www.karlrunge.com/x11vnc/etv/README.src.txt
-  45. http://www.karlrunge.com/x11vnc/etv/ssvnc
-  46. http://www.stunnel.org/
-  47. http://stunnel.mirt.net/
-  48. http://www.openssl.org/
-  49. http://www.chiark.greenend.org.uk/~sgtatham/putty/
-  50. http://www.tightvnc.com/
-  51. http://www.realvnc.com/
-  52. http://sourceforge.net/projects/cotvnc/
-  53. http://www.karlrunge.com/x11vnc/README.ssvnc.html
+   9. http://www.karlrunge.com/x11vnc/enhanced_tightvnc_viewer.html#source
+  10. http://www.debian.org/security/2008/dsa-1571
+  11. http://www.karlrunge.com/x11vnc/ssvnc_untrusted_local_users.html
+  12. http://www.karlrunge.com/x11vnc/ssvnc-proxies.html
+  13. http://www.uvnc.com/addons/repeater.html
+  14. http://www.karlrunge.com/x11vnc/enhanced_tightvnc_viewer.html#dynamic-port
+  15. http://www.karlrunge.com/x11vnc/enhanced_tightvnc_viewer.html#sshvnc
+  16. http://www.karlrunge.com/x11vnc/enhanced_tightvnc_viewer.html#tsvnc
+  17. http://www.karlrunge.com/x11vnc/enhanced_tightvnc_viewer.html#unix-patches
+  18. http://www.karlrunge.com/x11vnc/index.html#faq-xfixes-alpha-hacks
+  19. http://www.uvnc.com/addons/repeater.html
+  20. http://www.uvnc.com/addons/singleclick.html
+  21. http://www.uvnc.com/features/encryption.html
+  22. http://www.karlrunge.com/x11vnc/index.html#faq-client-caching
+  23. http://www.karlrunge.com/x11vnc/enhanced_tightvnc_viewer.html#popup
+  24. http://www.karlrunge.com/x11vnc/enhanced_tightvnc_viewer.html#source
+  25. http://www.karlrunge.com/x11vnc/ssvnc_help.html
+  26. http://www.karlrunge.com/x11vnc/enhanced_tightvnc_viewer.html#sshvnc
+  27. http://www.karlrunge.com/x11vnc/enhanced_tightvnc_viewer.html#tsvnc
+  28. http://www.karlrunge.com/x11vnc/index.html#faq-ssl-tunnel-ext
+  29. http://www.karlrunge.com/x11vnc/index.html
+  30. http://www.karlrunge.com/x11vnc/index.html#faq-xvfb
+  31. http://www.karlrunge.com/x11vnc/ssvnc-proxies.html
+  32. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rfbport
+  33. http://www.karlrunge.com/x11vnc/index.html#faq-xfixes-alpha-hacks
+  34. http://www.karlrunge.com/x11vnc/index.html#faq-client-caching
+  35. http://www.karlrunge.com/x11vnc/index.html#faq-scrollbars
+  36. http://www.karlrunge.com/x11vnc/index.html#faq-ssl-tunnel-int
+  37. http://www.karlrunge.com/x11vnc/index.html#faq-smb-shares
+  38. http://www.karlrunge.com/x11vnc/index.html#faq-cups
+  39. http://www.karlrunge.com/x11vnc/index.html#faq-sound
+  40. http://www.karlrunge.com/x11vnc/etv/ssvnc_windows_only-1.0.20.zip
+  41. http://www.karlrunge.com/x11vnc/etv/ssvnc_no_windows-1.0.20.tar.gz
+  42. http://www.karlrunge.com/x11vnc/etv/ssvnc_unix_only-1.0.20.tar.gz
+  43. http://www.karlrunge.com/x11vnc/etv/ssvnc_unix_minimal-1.0.20.tar.gz
+  44. http://www.karlrunge.com/x11vnc/etv/ssvnc-1.0.20.tar.gz
+  45. http://www.karlrunge.com/x11vnc/etv/ssvnc-1.0.20.zip
+  46. http://www.karlrunge.com/x11vnc/etv/ssvnc_all-1.0.20.zip
+  47. http://www.karlrunge.com/x11vnc/etv/ssvnc-1.0.20.src.tar.gz
+  48. http://www.karlrunge.com/x11vnc/etv/README.src.txt
+  49. http://www.karlrunge.com/x11vnc/etv/ssvnc
+  50. http://www.stunnel.org/
+  51. http://stunnel.mirt.net/
+  52. http://www.openssl.org/
+  53. http://www.chiark.greenend.org.uk/~sgtatham/putty/
+  54. http://www.tightvnc.com/
+  55. http://www.realvnc.com/
+  56. http://sourceforge.net/projects/cotvnc/
+  57. http://www.karlrunge.com/x11vnc/README.ssvnc.html
 	
 =======================================================================
 http://www.karlrunge.com/x11vnc/x11vnc_opts.html:
@@ -11751,7 +11808,7 @@ x11vnc: a VNC server for real X displays
    Here are all of x11vnc command line options:
 % x11vnc -opts      (see below for -help long descriptions)
 
-x11vnc: allow VNC connections to real X11 displays. 0.9.4 lastmod: 2008-09-06
+x11vnc: allow VNC connections to real X11 displays. 0.9.4 lastmod: 2008-09-14
 
 x11vnc options:
   -display disp            -auth file               -N                     
@@ -11871,7 +11928,7 @@ libvncserver-tight-extension options:
 
 % x11vnc -help
 
-x11vnc: allow VNC connections to real X11 displays. 0.9.4 lastmod: 2008-09-06
+x11vnc: allow VNC connections to real X11 displays. 0.9.4 lastmod: 2008-09-14
 
 (type "x11vnc -opts" to just list the options.)
 
@@ -12213,9 +12270,14 @@ Options:
 
 -timeout n             Exit unless a client connects within the first n seconds
                        after startup.
+
 -sleepin n             At startup sleep n seconds before proceeding (e.g. to
                        allow redirs and listening clients to start up)
 
+                       If a range is given: '-sleepin min-max', a random value
+                       between min and max is slept. E.g. '-sleepin 0-20' and
+                       '-sleepin 10-30'.  Floats are allowed too.
+
 -inetd                 Launched by inetd(8): stdio instead of listening socket.
                        Note: if you are not redirecting stderr to a log file
                        (via shell 2> or -o option) you MUST also specify the -q
@@ -13134,6 +13196,10 @@ e
                        Set to zero to poll forever.  Set to a negative value
                        to use the builtin setting.
 
+                       Note that this value does not apply to the *initial* ssl
+                       init connection.  The default timeout for that is 20sec.
+                       Use -env SSL_INIT_TIMEOUT=n to modify it.
+
 -sslnofail             Exit at the first SSL connection failure. Useful when
                        scripting SSL connections (e.g. x11vnc is started via
                        ssh) and you do not want x11vnc waiting around for more
@@ -14035,6 +14101,9 @@ t
                        where a Keysym is bound to multiple keys (e.g. "<" + ">"
                        and "," + "<" keys).  Default: -modtweak
 
+                       If you are having trouble with with keys and -xkb or
+                       -noxkb, and similar things don't help, try -nomodtweak.
+
                        On some HP-UX systems it is been noted that they have
                        an odd keymapping where a single keycode will have a
                        keysym, e.g. "#", up to three times.  You can check
diff --git a/x11vnc/gui.c b/x11vnc/gui.c
index 541af1f..940a069 100644
--- a/x11vnc/gui.c
+++ b/x11vnc/gui.c
@@ -667,24 +667,22 @@ void do_gui(char *opts, int sleep) {
 		pid_t parent = getpid();
 
 		if (icon_mode) {
-			char tf[100]; 
-			double dn = dnow();
+			char tf[] = "/tmp/x11vnc.tray.XXXXXX"; 
+			int fd;
 			struct stat sbuf;
-			/* FIXME */
-			dn = dn - ((int) dn);
-			sprintf(tf, "/tmp/x11vnc.tray%d%d", (int) (1000000*dn),
-			    (int) getpid());
-			unlink(tf);
-			/* race begins.. */
-			if (stat(tf, &sbuf) == 0) {
+
+			fd = mkstemp(tf);
+			if (fd < 0) {
 				icon_mode = 0;
 			} else {
+				close(fd);
 				icon_mode_fh = fopen(tf, "w");
 				if (! icon_mode_fh) {
 					icon_mode = 0;
 				} else {
 					chmod(tf, 0400);
 					icon_mode_file = strdup(tf);
+					rfbLog("icon_mode_file=%s\n", icon_mode_file);
 					fprintf(icon_mode_fh, "none\n");
 					fprintf(icon_mode_fh, "none\n");
 					fflush(icon_mode_fh);
diff --git a/x11vnc/help.c b/x11vnc/help.c
index e3ee93c..0e185c4 100644
--- a/x11vnc/help.c
+++ b/x11vnc/help.c
@@ -360,9 +360,14 @@ void print_help(int mode) {
 "\n"
 "-timeout n             Exit unless a client connects within the first n seconds\n"
 "                       after startup.\n"
+"\n"
 "-sleepin n             At startup sleep n seconds before proceeding (e.g. to\n"
 "                       allow redirs and listening clients to start up)\n"
 "\n"
+"                       If a range is given: '-sleepin min-max', a random value\n"
+"                       between min and max is slept. E.g. '-sleepin 0-20' and\n"
+"                       '-sleepin 10-30'.  Floats are allowed too.\n"
+"\n"
 "-inetd                 Launched by inetd(8): stdio instead of listening socket.\n"
 "                       Note: if you are not redirecting stderr to a log file\n"
 "                       (via shell 2> or -o option) you MUST also specify the -q\n"
@@ -1296,6 +1301,10 @@ void print_help(int mode) {
 "                       Set to zero to poll forever.  Set to a negative value\n"
 "                       to use the builtin setting.\n"
 "\n"
+"                       Note that this value does not apply to the *initial* ssl\n"
+"                       init connection.  The default timeout for that is 20sec.\n"
+"                       Use -env SSL_INIT_TIMEOUT=n to modify it.\n"
+"\n"
 "-sslnofail             Exit at the first SSL connection failure. Useful when\n"
 "                       scripting SSL connections (e.g. x11vnc is started via\n"
 "                       ssh) and you do not want x11vnc waiting around for more\n"
@@ -2197,6 +2206,9 @@ void print_help(int mode) {
 "                       where a Keysym is bound to multiple keys (e.g. \"<\" + \">\"\n"
 "                       and \",\" + \"<\" keys).  Default: %s\n"
 "\n"
+"                       If you are having trouble with with keys and -xkb or\n"
+"                       -noxkb, and similar things don't help, try -nomodtweak.\n"
+"\n"
 "                       On some HP-UX systems it is been noted that they have\n"
 "                       an odd keymapping where a single keycode will have a\n"
 "                       keysym, e.g. \"#\", up to three times.  You can check\n"
diff --git a/x11vnc/misc/enhanced_tightvnc_viewer/README b/x11vnc/misc/enhanced_tightvnc_viewer/README
index a6b138d..dec6269 100644
--- a/x11vnc/misc/enhanced_tightvnc_viewer/README
+++ b/x11vnc/misc/enhanced_tightvnc_viewer/README
@@ -129,6 +129,9 @@ The enhanced TightVNC viewer features are:
 	- Support for UltraVNC Single Click operation. (both unencrypted:
 	  SC I, and SSL encrypted: SC III)
 
+        - Support for UltraVNC DSM Encryption Plugin mode. (ARC4 and
+          AESV2, but not MSRC4 yet)
+
 	- Instead of hostname:display one can also supply "exec=command args..."
 	  to connect the viewer to the stdio of an external command
 	  (e.g. stunnel or socat) rather than using a TCP/IP socket.
diff --git a/x11vnc/misc/enhanced_tightvnc_viewer/bin/util/ss_vncviewer b/x11vnc/misc/enhanced_tightvnc_viewer/bin/util/ss_vncviewer
index d12f5ce..9b456b2 100755
--- a/x11vnc/misc/enhanced_tightvnc_viewer/bin/util/ss_vncviewer
+++ b/x11vnc/misc/enhanced_tightvnc_viewer/bin/util/ss_vncviewer
@@ -39,7 +39,8 @@
 #         and then a 2nd CONNECT to the destination VNC server.)
 #
 #         Use socks://host:port, socks4://host:port, or socks5://host,port
-#         to force usage of a SOCKS proxy.  Also repeater://host:port.
+#         to force usage of a SOCKS proxy.  Also repeater://host:port and
+#         sslrepeater://host:port.
 #
 # -showcert  Only fetch the certificate using the 'openssl s_client'
 #            command (openssl(1) must in installed).
@@ -284,6 +285,19 @@ fi
 orig="$1"
 shift
 
+# set up special case of ultravnc single click III mode:
+if echo "$proxy" | egrep "^sslrepeater://" > /dev/null; then
+	pstr=`echo "$proxy" | sed -e 's,sslrepeater://,,'`
+	pstr1=`echo "$pstr" | sed -e 's/+.*$//'`
+	pstr2=`echo "$pstr" | sed -e 's/^[^+]*+//'`
+	SSVNC_REPEATER="SCIII=$pstr2"; export SSVNC_REPEATER
+	orig=$pstr1
+	echo
+	echo "reset: SSVNC_REPEATER=$SSVNC_REPEATER orig=$orig proxy=''"
+	proxy=""
+fi
+
+
 # check -ssh and -mycert/-verify conflict:
 if [ "X$use_ssh" = "X1" -a "X$use_sshssl" = "X" ]; then
 	if [ "X$mycert" != "X" -o "X$verify" != "X" ]; then
@@ -322,6 +336,14 @@ elif echo "$orig" | grep '^vnc+ssh://' > /dev/null; then
 	use_ssh=1
 fi
 
+if [ "X$SSVNC_ULTRA_DSM" != "X" ]; then
+        verify=""
+        mycert=""
+        use_ssh=""
+        use_sshssl=""
+        direct_connect=1
+fi
+
 # (possibly) tell the vncviewer to only listen on lo: 
 if [ "X$reverse" != "X" -a "X$direct_connect" = "X" ]; then
 	VNCVIEWER_LISTEN_LOCALHOST=1
@@ -472,6 +494,14 @@ final() {
 		kill -KILL "$stunnel_pid" 2>/dev/null
 		stunnel_pid=""
 	fi
+	if [ "X$dsm_pid" != "X" ]; then
+		echo "Terminating background ultravnc_dsm_helper process"
+		echo kill -TERM "$dsm_pid"
+		kill -TERM "$dsm_pid" 2>/dev/null
+		sleep 1
+		kill -KILL "$dsm_pid" 2>/dev/null
+		stunnel_pid=""
+	fi
 	if [ "X$tail_pid" != "X" ]; then
 		kill -TERM $tail_pid
 	fi
@@ -517,6 +547,19 @@ fi
 # a portable, but not absolutely safe, tmp file creator
 mytmp() {
 	tf=$1
+	if type mktemp > /dev/null 2>&1; then
+		# if we have mktemp(1), use it:
+		tf2="$tf.XXXXXX"
+		tf2=`mktemp "$tf2"`
+		if [ "X$tf2" != "X" -a -f "$tf2" ]; then
+			if [ "X$DEBUG_MKTEMP" != "X" ]; then
+				echo "mytmp-mktemp: $tf2" 1>&2
+			fi
+			echo "$tf2"
+			return
+		fi
+	fi
+	# fallback to multiple cmds:
 	rm -rf "$tf" || exit 1
 	if [ -d "$tf" ]; then
 		echo "tmp file $tf still exists as a directory."
@@ -531,6 +574,10 @@ mytmp() {
 	touch "$tf" || exit 1
 	chmod 600 "$tf" || exit 1
 	rchk
+	if [ "X$DEBUG_MKTEMP" != "X" ]; then
+		echo "mytmp-touch: $tf" 1>&2
+	fi
+	echo "$tf"
 }
 
 # trick for the undocumented rsh://host:port method.
@@ -1099,8 +1146,8 @@ Kecho sproxy1_host=$sproxy1_host
 Kecho sproxy1_port=$sproxy1_port
 Kecho sproxy1_user=$sproxy1_user
 
-		ptmp="/tmp/ss_vncviewer${RANDOM}.$$.pl"
-		mytmp "$ptmp"
+		ptmp="/tmp/ss_vncviewer_ssh${RANDOM}.$$.pl"
+		ptmp=`mytmp "$ptmp"`
 		PPROXY_REMOVE=1; export PPROXY_REMOVE
 		proxy=$pproxy
 		port_save=$port
@@ -1241,8 +1288,8 @@ Kecho proxy=$proxy
 		rc=$?
 
 	elif [ "X$getport" != "X" ]; then
-		tport=/tmp/tport${RANDOM}.$$
-		mytmp $tport
+		tport=/tmp/ss_vncviewer_tport${RANDOM}.$$
+		tport=`mytmp "$tport"`
 
 		if [ "X$rsh" != "X1" ]; then
 			if echo "$ssh_cmd" | grep -w sudo > /dev/null; then
@@ -1441,7 +1488,7 @@ fi
 ptmp=""
 if [ "X$proxy" != "X" ]; then
 	ptmp="/tmp/ss_vncviewer${RANDOM}.$$.pl"
-	mytmp "$ptmp"
+	ptmp=`mytmp "$ptmp"`
 	PPROXY_REMOVE=1; export PPROXY_REMOVE
 	pcode "$ptmp"
 	if [ "X$showcert" != "X1" -a "X$direct_connect" = "X" ]; then
@@ -1484,7 +1531,14 @@ if [ "X$showcert" = "X1" ]; then
 fi
 
 if [ "X$direct_connect" != "X" ]; then
-	if [ "X$getport" = "X" ]; then
+	if [ "X$SSVNC_ULTRA_DSM" != "X" ]; then
+		SSVNC_NO_ENC_WARN=1
+		echo ""
+		echo "Using UltraVNC DSM Plugin key for encryption:"
+		echo ""
+		echo "  $SSVNC_ULTRA_DSM PORT HOST:PORT"
+		echo ""
+	elif [ "X$getport" = "X" ]; then
 		echo ""
 		echo "Running viewer for direct connection:"
 		echo ""
@@ -1508,9 +1562,22 @@ if [ "X$direct_connect" != "X" ]; then
 	fi
 	echo ""
 	if [ "X$ptmp" != "X" ]; then
-		PPROXY_LISTEN=$use
-		export PPROXY_LISTEN
+		if [ "X$reverse" = "X" ]; then
+			PPROXY_LISTEN=$use
+			export PPROXY_LISTEN
+		else
+			PPROXY_REVERSE="localhost:$use"
+			export PPROXY_REVERSE
+			pps=3
+			if [ "X$SSVNC_EXTRA_SLEEP" != "X" ]; then
+				pps=`expr $pps + $SSVNC_EXTRA_SLEEP`
+			fi
+			PPROXY_SLEEP=$pps; export PPROXY_SLEEP;
+			PPROXY_KILLPID=+1; export PPROXY_KILLPID;
+		fi
+
 		$ptmp &
+
 		if [ "X$reverse" = "X" ]; then
 			#sleep 2
 			#echo T sleep 1
@@ -1518,29 +1585,52 @@ if [ "X$direct_connect" != "X" ]; then
 		fi
 		host="localhost"
 		disp="$N"
+		port=`expr $disp + 5900`
 	fi
 	if [ "X$SSVNC_EXTRA_SLEEP" != "X" ]; then
 		echo "T sleep $SSVNC_EXTRA_SLEEP"
 		sleep $SSVNC_EXTRA_SLEEP
 	fi
 	if [ "X$reverse" = "X" ]; then
-		echo "$VNCVIEWERCMD" "$@" $host:$disp
+		hostdisp="$host:$disp"
+		if [ "X$SSVNC_ULTRA_DSM" != "X" ]; then
+			hostdisp="exec=$SSVNC_ULTRA_DSM 0 $host:$port"
+		fi
+		echo "$VNCVIEWERCMD" "$@" "$hostdisp"
 		trap "final" 0 2 15
 		echo ""
-		$VNCVIEWERCMD "$@" $host:$disp
+		$VNCVIEWERCMD "$@" "$hostdisp"
 		if [ $? != 0 ]; then
 			echo "vncviewer command failed: $?"
 			if [ "X$secondtry" = "X1" ]; then
 				sleep 2
-				$VNCVIEWERCMD "$@" $host:$disp
+				$VNCVIEWERCMD "$@" "$hostdisp"
 			fi
 		fi
 	else
 		echo ""
 		echo "NOTE: Press Ctrl-C to terminate viewer LISTEN mode."
 		echo ""
-		echo "$VNCVIEWERCMD" "$@" -listen $disp
 		trap "final" 0 2 15
+		if [ "X$SSVNC_ULTRA_DSM" != "X" ]; then
+			echo "NOTE: The ultravnc_dsm_helper only runs once.  So after the first LISTEN"
+			echo "      ends, you will have to Press Ctrl-C and restart for a new connection."
+			echo ""
+			dport=`expr 5500 + $disp`
+			cmd="$SSVNC_ULTRA_DSM $dport localhost:$use"
+			echo "Running:"
+			echo
+			echo "$cmd &"
+			echo
+			$cmd &
+			dsm_pid=$!
+			sleep 2
+			disp=$use
+			if [ $disp -ge 5500 ]; then
+				disp=`expr $disp - 5500`
+			fi
+		fi
+		echo "$VNCVIEWERCMD" "$@" -listen $disp
 		echo ""
 		$VNCVIEWERCMD "$@" -listen $disp
 	fi
@@ -1548,12 +1638,13 @@ if [ "X$direct_connect" != "X" ]; then
 fi
 
 tmp_cfg=/tmp/ss_vncviewer${RANDOM}.$$
-mytmp "$tmp_cfg"
+tmp_cfg=`mytmp "$tmp_cfg"`
 
 # make_tcert is no longer invoked via the ssvnc gui (Listen mode).
 # make_tcert is for testing only now via -mycert BUILTIN
 make_tcert() {
-	tcert="/tmp/tcert${RANDOM}.$$"
+	tcert="/tmp/ss_vnc_viewer_tcert${RANDOM}.$$"
+	tcert=`mytmp "$tcert"`
 	cat > $tcert <<END
 -----BEGIN RSA PRIVATE KEY-----
 MIIEowIBAAKCAQEAvkfXxb0wcxgrjV2ziFikjII+ze8iKcTBt47L0GM/c21efelN
@@ -1617,7 +1708,7 @@ fi
 
 if [ "X$reverse" = "X" ]; then
 
-	if echo "$proxy" | grep repeater:// > /dev/null; then
+	if echo "$proxy" | grep "^repeater://" > /dev/null; then
 		if [ "X$cert" = "XBUILTIN" ]; then
 			ttcert=`make_tcert`
 			cert="cert = $ttcert"
diff --git a/x11vnc/misc/enhanced_tightvnc_viewer/bin/util/ssvnc.tcl b/x11vnc/misc/enhanced_tightvnc_viewer/bin/util/ssvnc.tcl
index 3e296c6..4ba5a86 100755
--- a/x11vnc/misc/enhanced_tightvnc_viewer/bin/util/ssvnc.tcl
+++ b/x11vnc/misc/enhanced_tightvnc_viewer/bin/util/ssvnc.tcl
@@ -356,14 +356,15 @@ proc help {} {
     started directed to the local port of the SSL tunnel which, in turn,
     encrypts and redirects the connection to the remote VNC server.
 
-    The remote VNC server MUST support an initial SSL handshake before
-    using the VNC protocol (i.e. VNC is tunnelled through the SSL channel
-    after it is established).  "x11vnc -ssl ..."  does this, and any VNC
-    server can be made to do this by using, e.g., STUNNEL on the remote side.
+    The remote VNC server **MUST** support an initial SSL handshake
+    before using the VNC protocol (i.e. VNC is tunnelled through the SSL
+    channel after it is established).  "x11vnc -ssl ..."  does this,
+    and any VNC server can be made to do this by using, e.g., STUNNEL
+    or socat on the remote side.
 
     Automatic SSH tunnels are described below.
 
-    See tip 5) below for how to disable encryption.
+    See Tip 5) below for how to disable encryption.
 
 
     Port numbers:
@@ -395,16 +396,18 @@ proc help {} {
     and so the first time you connect to a new server you may need to
     follow a few dialogs to inspect and save the server certificate.
     See the "Certs... -> Help" for information on how to manage certificates.
+
     "Verify All Certs" is on by default.
 
     However, "Fetch Cert" and "Verify All Certs" are currently disabled
     in the rare "SSH + SSL" usage mode (e.g. SSH is used to enter a
     firewall gateway, and then SSL is tunneled through that to reach
-    the workstation).  You are always free to use a "ServerCert" (under
-    "Certs...")  to authenticate SSL Servers against.
+    the workstation).  This is to avoid having to SSH in twice.  You are
+    always free to use a "ServerCert" ("Certs..." button) to authenticate
+    SSL Servers against.
 
 
- Windows STUNNEL:
+ Windows STUNNEL problems:
 
     Note that on Windows when the Viewer connection is finished you
     will be prompted if you want SSVNC to try to kill the STUNNEL process
@@ -423,8 +426,8 @@ proc help {} {
 
  VNC Password:
 
-    On Unix or MacOSX IF there is a VNC password for the server you
-    can enter it in the "VNC Password:" entry box.  
+    On Unix or MacOSX *IF* there is a VNC password for the server you
+    can enter it in the "VNC Password:" entry box.
 
     This is *REQUIRED* on MacOSX when Chicken of the VNC is used.
 
@@ -462,7 +465,7 @@ proc help {} {
     local users (not just the user running SSVNC.)
 
     If the untrusted local user tries to connect to these ports, he may
-    succeed in varying degrees to gain access to the remote machine.
+    succeed by varying degrees to gain access to the remote machine.
     We now list some safeguards one can put in place to try to make this
     more difficult to acheive.
 
@@ -519,11 +522,12 @@ proc help {} {
 
  SSH:
 
-    Click on "Use SSH" if you want to use an *SSH* tunnel instead of SSL
-    (then the VNC Server does not need to speak SSL or use STUNNEL).
+    Click on "Use SSH" if you want to use an *SSH* tunnel instead of
+    SSL (then the VNC Server does not need to speak SSL or use STUNNEL
+    or socat).
 
     You will need to be able to login to your account on the remote host
-    via SSH (e.g. via password or ssh-agent).
+    via SSH (e.g. via password, ssh keys, or ssh-agent).
 
     Specify the SSH hostname and VNC display in the VNC Host:Display entry.
     Use something like:
@@ -531,7 +535,7 @@ proc help {} {
            username@far-away.east:0
 
     if your remote username is different from the one on the local viewer
-    machine.  On Windows you MUST supply the "username@" part.
+    machine.  On Windows you *MUST* supply the "username@" part.
 
     "SSH + SSL" is similar but its use is more rare because it requires 2
     encrypted tunnels to reach the VNC server. See the Help under Options
@@ -548,7 +552,7 @@ proc help {} {
     In SSH or SSH + SSL mode you can also specify a remote command
     to run on the remote ssh host in the "Remote SSH Command" entry.
     The default is just to sleep a bit (e.g. sleep 30) to make sure
-    the port tunnels are established.  Alternatively you could have the
+    the tunnel ports are established.  Alternatively you could have the
     remote command start the VNC server, e.g.
 
          x11vnc -display :0 -rfbport 5900 -localhost -nopw
@@ -587,10 +591,56 @@ proc help {} {
     see the Tips 5 and 9 below for more about the URL-like syntax.
 
 
+ SSL Certificates:
+
+    If you want to use a SSL Certificate (PEM) file to authenticate
+    yourself to the VNC server ("MyCert") and/or to verify the identity
+    of the VNC Server ("ServerCert" or "CertsDir") select the certificate
+    file by clicking the "Certs ..." button before connecting.
+
+    Certificate verification is needed to prevent Man-In-The-Middle
+    attacks; if it is not done then only passive network sniffing attacks
+    are prevented.  See the x11vnc documentation:
+
+           http://www.karlrunge.com/x11vnc/ssl.html
+
+    for how to create and use PEM SSL certificate files.  An easy way is:
+
+           x11vnc -ssl SAVE ...
+
+    where it will print out its automatically generated certificate to
+    the screen and that can be safely copied to the viewer side.
+
+    You can also use the "Create Certificate" feature of this program
+    under "Certs ...".  Just click on it and follow the instructions in
+    the dialog.  Then copy the cert file to the VNC Server and specify
+    the other one in the "Certs ..." dialog.
+
+    Alternatively you can use the "Import Certificate" action to paste
+    in a certificate or read one in from a file.  Or you can use the
+    "Fetch Cert" button on the main panel.  If "Verify All Certs" is
+    checked, you will be forced to check Certs of any new servers the
+    first time you connect.
+
+    Note that "Verify All Certs" is on by default so that users who do
+    not understand the SSL Man-In-The-Middle problem will not be left
+    completely vulnerable to it (everyone still must make the effort to
+    verify new certificates by an external method to be completely safe).
+
+    To have "Verify All Certs" toggled off at startup, use "ssvnc -nv"
+    or set SSVNC_NO_VERIFY_ALL=1 before starting.  If you do not even want
+    to see the button, use "ssvnc -nvb" or SSVNC_NO_VERIFY_ALL_BUTTON=1.
+
+
+
+ Here we start a number of long sections on all sorts of proxies, Web,
+ SOCKS, ssh, UltraVNC, Single Click, etc., etc.
+
+
  Proxies/Gateways:
 
     If an intermediate proxy is needed to make the SSL connection
-    (e.g. web gateway out of a firewall) enter it in the "Proxy/Gateway"
+    (e.g. a web gateway out of a firewall) enter it in the "Proxy/Gateway"
     entry box:
 
            VNC Host-Display:   host:number
@@ -640,7 +690,7 @@ proc help {} {
 
     For example if a company had a central login server: "ssh.company.com"
     (accessible from the internet) and the internal workstation name was
-    "joes-pc", one could put in for the
+    "joes-pc", one could put this in:
 
            VNC Host:Display:   joes-pc:0
            Proxy/Gateway:      ssh.company.com
@@ -707,158 +757,197 @@ proc help {} {
  UltraVNC Proxies/Gateways:
 
     UltraVNC has a "repeater" tool (http://www.uvnc.com/addons/repeater.html
-    and http://koti.mbnet.fi/jtko/) that acts as an VNC proxy.  SSVNC can
+    and http://koti.mbnet.fi/jtko/) that acts as a VNC proxy.  SSVNC can
     work with both mode I and mode II schemes of this repeater.
 
-    Note: only SSL (or unencrypted) SSVNC connections make sense with
-    the UltraVNC repeater.  SSH connections (previous section) do not
-    seem to (let us know if you find a way to use it).
+    Note that even though the UltraVNC repeater tool is NOT SSL enabled,
+    it can nevertheless act as a proxy for SSVNC SSL connections.
+    This is because, just as with a Web proxy, the proxy negotiations
+    occur before the SSL traffic starts.  (There is a separate UltraVNC
+    tool, repeater_SSL.exe, that is SSL enabled and is discussed below.)
+
+    Note: it seems only SSL SSVNC connections make sense with the
+    UltraVNC repeater.  SSH connections (previous section) do not seem to
+    and so are not enabled to (let us know if you find a way to use it).
 
-    For mode I repeater the viewer initiates the connection and passes
-    a string that is the internal VNC server's IP address (or hostname)
+    Unencrypted (aka Direct) SSVNC VNC connections (Vnc:// prefix in
+    'VNC Host:Display'; see Tip 5) also work with the UltraVNC repeater.
+
+    For the mode I repeater the viewer initiates the connection and
+    passes a string that is the VNC server's IP address (or hostname)
     and port or display:
 
            VNC Host:Display:   :0
-           Proxy/Gateway:      repeater://myproxy.west:5900+joes-pc:1
+           Proxy/Gateway:      repeater://myuvncrep.west:5900+joes-pc:1
+
+    Where "myuvncrep.west" is running the UltraVNC repeater and 
+    "joes-pc:1" is the VNC server the repeater will connect us to.
 
-    Note here that the VNC Host:Display can be anything; we use :0.
+    Note here that the VNC Host:Display can be anything because it is
+    not used; we choose :0.
 
     The Proxy/Gateway format is repeater://proxy:port+vncserver:display.
     The string after the "+" sign is passed to the repeater server for
-    it to interpret.  For this example, instead of joes-pc:1 it could
-    be joes-pc:5901 or 192.168.1.4:1, 192.168.1.4:5901, etc.
+    it to interpret (and so does not have to be the UltraVNC repeater;
+    you could create your own if you wanted to). For this example,
+    instead of joes-pc:1 it could be joes-pc:5901 or 192.168.1.4:1,
+    192.168.1.4:5901, etc.
 
     If you do not supply a proxy port, then the default 5900 is assumed,
-    e.g.  repeater://myproxy.west+joes-pc:1
+    e.g.  repeater://myuvncrep.west+joes-pc:1
 
 
-    For mode II repeater both the VNC viewer and VNC server initiate
+    For the mode II repeater both the VNC viewer and VNC server initiate
     connections to the repeater proxy.  In this case they pass a string
-    that identifies their mutual connection via "ID:NNNN":
+    that identifies their mutual connection via "ID:XYZ":
 
            VNC Host:Display:   :0
-           Proxy/Gateway:      repeater://myproxy.west:5900+ID:1234
+           Proxy/Gateway:      repeater://myuvncrep.west:5900+ID:1234
 
     again, the default proxy port is 5900 if not supplied.
 
     In this case, mode II, you MUST set Options -> Reverse VNC Connection.
     That is to say a "Listening Connection".  The reason for this is that
     the VNC server acts as a SSL *client* and so requires the Viewer end
-    to have an SSL cert, etc.
+    to have the SSL cert, (which it does in Listen mode).
 
-    Note that in Listening mode you must supply a MyCert or use the 
+    Note that in Listening SSL mode you must supply a MyCert or use the 
     "listen.pem" one you are prompted to create.
 
-    Set REPEATER_FORCE=1 in the Host:Display (hit Enter, and then clear
-    it) to force SSVNC to try to a forward connection in this situation.
-
     We have also found that usually the Listening viewer must be started
-    BEFORE the VNC Server connects to the proxy.  This is a likely bug
-    in the repeater tool.
+    BEFORE the VNC Server connects to the proxy.  This bug may be in
+    SSVNC, x11vnc, or the repeater tool.
+
+    Set REPEATER_FORCE=1 in the Host:Display (then hit Enter, and then
+    clear it, and reenter host:disp) to force SSVNC to try a forward
+    connection in this situation.
 
+    Note that for unencrypted (i.e. direct) SSVNC connections (see vnc://
+    in Tip 5) there is no need to use a reverse "Listening connection"
+    and so you might as well use a forward connection.
 
-    For mode II, you probably should also disable "Verify All Certs"
-    unless you have taken the steps beforehand to save the VNC server's
-    certificate, or have previously accepted it using another method.
+    For mode II when tunnelling via SSL, you probably should also disable
+    "Verify All Certs" unless you have taken the steps beforehand to
+    import the VNC server's certificate, or have previously accepted it
+    using another method.  With the mode II proxying scheme, there is
+    no way to "Fetch Cert" and check if it has been previously accepted.
 
     Also, after the connection you MUST terminate the listening VNC Viewer
     (Ctrl-C) and connect again (the proxy only runs once.)  In Windows,
     go to the System Tray and terminate the Listening VNC Viewer.
+    Subsequent connection attempts after the first one will fail.
 
     BTW, the x11vnc VNC server command for the mode II case would be
     something like:
 
-       x11vnc -ssl SAVE -connect repeater=ID:1234+myproxy.west:5500 ...
+       x11vnc -ssl SAVE -connect repeater=ID:1234+myuvncrep.west:5500 ...
 
-    It also supports -connect repeater://myproxy.west:5500+ID:1234
-    notation.
+    x11vnc also supports -connect repeater://myuvncrep.west:5500+ID:1234
+    URL-like notation.
 
     For mode I operation x11vnc simply runs as a normal SSL/VNC server
 
        x11vnc -ssl SAVE
 
+    In the previous sections it was mentioned one can chain up to 3
+    proxies together by separating them with commas: proxy1,proxy2,proxy3.
+    Except where explicitly noted below this should work for "repeater://..."
+    as the final proxy.  E.g. you could use a web proxy to get out of a
+    firewall, and then connect to a remote repeater.
+
+    The UltraVNC SSL enabled repeater_SSL.exe is discussed below.
+
 
  UltraVNC Single Click:
 
     UltraVNC has Single Click (SC) Windows VNC servers that allow naive
     users to get them running very easily (a EXE download and a few
     mouse clicks).  See http://sc.uvnc.com/ for details on how to create
-    these binaries.
+    these binaries.  Also there is a how-to here:
+    http://www.simply-postcode-lookup.com/SingleClickUltraVNC/SingleClickVNC.htm
+
+    The SC EXE is a VNC *server* that starts up a Reverse VNC connection
+    to a Listening Viewer (e.g. the viewer address/port/ID is hardwired
+    into the SC EXE).  So SC is not really a proxy, but it can be used
+    with UltraVNC repeater proxies and we include it here.
 
-    One important point for SC III binary creation: do NOT include
-    "-id N" in the helpdesk.txt config file.  This is because the Ultra
-    VNC repeater is not used.  Use something like:
+    One important point for SC III binary creation: do NOT include 
+    "-id N" in the helpdesk.txt config file.  This is because the with
+    SSVNC the Ultra VNC repeater IS NOT USED (see below for how to
+    use it).  Use something like for helpdesk.txt:
+
+       [TITLE]
+       My UltraVNC SC III
 
        [HOST]
        Internet Support XYZ
        -sslproxy -connect xx.xx.xx.xx:5500 -noregistry
 
+    (replace xx.xx.xx.xx with IP address or hostname of the SSVNC machine.)
 
     The Unix SSVNC vncviewer supports the both the unencrypted "SC I"
     mode and the SSL encrypted "SC III" mode.  For both cases SSVNC
     must be run in Listening mode (Options -> Reverse VNC Connection)
 
-    For SC I, enable Reverse VNC Connection and put Vnc://0 in the
-    VNC Host:Display (use a different number if you are not using 
-    the default listening port 5500).  Then click on the "Listen"
-    button and finally have the user run your Single Click I EXE.
+    For SC I, enable Reverse VNC Connection and put Vnc://0 (see Tip 5
+    below) in the VNC Host:Display to disable encryption (use a different
+    number if you are not using the default listening port 5500).
+    Then click on the "Listen" button and finally have the user run your
+    Single Click I EXE.
+
+    BTW, we used this for a SC I helpdesk.txt:
 
-    For SC III, enable Reverse VNC Connection and then UNSET "Verify
+       [TITLE]
+       My UltraVNC SC I
+
+       [HOST]
+       Internet Support XYZ
+       -connect xx.xx.xx.xx:5500 -noregistry
+
+    For SC III (SSL), enable Reverse VNC Connection and then UNSET "Verify
     All Certs" (this is required).  Let the VNC Host:Display be ":0"
     (use a different number if you are not using the default listening
     port 5500).  Then click on the "Listen" button and finally have the
     user run your Single Click III EXE.
 
-    For SC III, you will also need to enable the setting in the
-    Options menu "UltraVNC Single Click III Bug", otherwise the
-    STUNNEL connection may drop after 2-15 minutes.
+    For SC III, you will also need to enable the setting in the Options
+    menu "UltraVNC Single Click III Bug", otherwise the STUNNEL connection
+    may drop after 2-15 minutes.
 
-    Note that in Listening mode you MUST supply a MyCert or use the 
+    Note that in Listening SSL mode you MUST supply a MyCert or use the 
     "listen.pem" one you are prompted to create.
 
-    Single Click II using the UltraVNC repeater should also work, but
-    has not been tested.
-
 
- SSL Certificates:
+ UltraVNC repeater_SSL.exe proxy:
 
-    If you want to use a SSL Certificate (PEM) file to authenticate
-    yourself to the VNC server ("MyCert") or to verify the identity of
-    the VNC Server ("ServerCert" or "CertsDir") select the certificate
-    file by clicking the "Certs ..." button before connecting.
-
-    Certificate verification is needed to prevent Man-In-The-Middle
-    attacks; if it is not done then only passive network sniffing attacks
-    are prevented.  See the x11vnc documentation:
+    For repeater_SSL.exe SSL usage, with Single Click III or otherwise
+    (available at http://www.uvnc.com/pchelpware/SCIII/index.html)
+    it helps to realize that the ENTIRE connection is SSL encrypted,
+    even the proxy host:port/ID:NNNN negotiation, and so a different
+    approach needs to be taken from that described above in 'UltraVNC
+    Proxies/Gateways'.  In this case do something like this:
 
-           http://www.karlrunge.com/x11vnc/ssl.html
+           VNC Host:Display:   :0
+           Proxy/Gateway:      sslrepeater://myuvncrep.west:443+ID:1234
 
-    for how to create and use PEM SSL certificate files.  An easy way is:
+    The sslrepeater:// part indicates the entire ID:XYZ negotiation must
+    occur inside the SSL tunnel.  Listening mode is not required in this
+    case: a forward VNC connection works fine (and is recommended).
+    As before, the ":0" is simply a placeholder and is not used.
+    Note that the UltraVNC repeater_SSL.exe listens on port 443 (HTTPS),
+    (it is not clear that it can be modified to use another port.)
 
-           x11vnc -ssl SAVE ...
+    Non-ID connections sslrepeater://myuvncrep.west:443+host:disp also
+    work, but the 2nd leg repeater <-> host:disp must be unencrypted.
+    The first leg SSVNC <-> repeater is, however, SSL encrypted.
 
-    where it will print out its automatically generated certificate to
-    the screen and that can be safely copied to the viewer side.
+    sslrepeater:// only works on Unix or MacOSX using the provided
+    SSVNC vncviewer.  The modified viewer is needed; stock VNC viewers
+    will not work.  Also, proxy chaining (bouncing off of more than one
+    proxy) currently does not work.
 
-    You can also use the "Create Certificate" feature of this program
-    under "Certs ...".  Just click on it and follow the instructions in
-    the dialog.  Then copy the cert file to the VNC Server and specify
-    the other one in the "Certs ..." dialog.
 
-    Alternatively you can use the "Import Certificate" action to paste
-    in a certificate or read one in from a file.  Or you can use the
-    "Fetch Cert" button on the main panel.  If "Verify All Certs" is
-    checked, you will be forced to check Certs of any new servers the
-    first time you connect.
-
-    Note that "Verify All Certs" is on by default so that users who do
-    not understand the SSL Man-In-The-Middle problem will not be left
-    completely vulnerable to it (everyone still must make the effort to
-    verify new certificates by an external method to be completely safe).
-
-    To have "Verify All Certs" toggled off at startup, use "ssvnc -nv"
-    or set SSVNC_NO_VERIFY_ALL=1 before starting.  If you do not even want
-    to see the button, use "ssvnc -nvb" or SSVNC_NO_VERIFY_ALL_BUTTON=1.
+ (End of long discussion about proxies...)
 
 
  More Options:
@@ -877,6 +966,7 @@ proc help {} {
         http://www.tightvnc.com
 
 
+
  Tips and Tricks:
 
      1) On Unix to get a 2nd GUI (e.g. for a 2nd connection) press Ctrl-N
@@ -911,9 +1001,10 @@ proc help {} {
         This also works for reverse connections (see below).
 
         Sorry we do not make this easy to figure out how to do (e.g. a
-        button on the main panel), but the goal of SSVNC is secure 
-        connections!  Set the env var SSVNC_NO_ENC_WARN=1 (or use Vnc://)
-        to skip the warning prompts.
+        button on the main panel), but the goal of SSVNC is secure
+        connections!  Set the env var SSVNC_NO_ENC_WARN=1 to skip the
+        warning prompts.  Using capitalized: Vnc:// will also skip the
+        prompts.
 
      6) Reverse VNC connections are possible as well.  Go to Options and
         select "Reverse VNC connection".  In the 'VNC Host:Display' entry
@@ -929,8 +1020,9 @@ proc help {} {
         port is the desired local listening port.  Then click Connect.
         If you didn't set the local port look for it in the terminal output.
 
-        On Windows set it to "NOTEPAD" or similar; you can't control the
-        port though.  It is usually 5930, 5931, ... Watch the messages.
+        On Windows set 'viewer' to "NOTEPAD" or similar; you can't
+        control the port though.  It is usually 5930, 5931, ... Watch
+        the messages or look at the stunnel log.
 
      8) On Unix if you are going to an older SSH server (e.g. Solaris 10),
         you will probably need to set the env. var. SS_VNCVIEWER_NO_T=1
@@ -1013,11 +1105,16 @@ proc help {} {
         can set DYLD_LIBRARY_PATH=... too.  It should propagate down
         the viewer.
 
+        After you set the parameter, clear out the 'VNC Host:Display'
+        entry and replace it with the actual host and display number.
+
     13) If you want this application to be SSH only, then supply the
         command line option "-ssh" or set the env. var SSVNC_SSH_ONLY=1.
+
         Then no GUI elements specific to SSL will appear (the
-        documentation will refer to the SSL mode, however).  To convert
-        a running app to ssh-only select "Mode: SSH-Only" in Options.
+        documentation wills still refer to the SSL mode, however).
+        To convert a running app to ssh-only select "Mode: SSH-Only"
+        in Options.
 
         The wrapper scripts "sshvnc" and "sshvnc.bat" will start it up
         automatically this way.
@@ -1028,7 +1125,8 @@ proc help {} {
     14) For an even simpler "Terminal Services" mode use "tsvnc" or
         "tsvnc.bat" (or "-ts" option).  This mode automatically launches
         x11vnc on the remote side to find or create your Desktop session
-        (usually the Xvfb X server).
+        (usually the Xvfb X server).  So x11vnc must be available on the
+        remote server machines under "Terminal Services" mode.
 
         From a full ssvnc you can press Ctrl-h to go into ssh-only mode
         and Ctrl-t to toggle between "tsvnc" and "ssvnc" modes.  The
@@ -1208,7 +1306,7 @@ proc help_certs {} {
     every server ("Verify All Certs").  Note that if you ever need to clean this
     directory, each cert is saved in two files, for example:
 
-          bf-d0-d6-9c-68-5a-fe-24-c6-60-ba-b4-14-e6-66-14=hostname-0.crt
+          hostname-0=bf-d0-d6-9c-68-5a-fe-24-c6-60-ba-b4-14-e6-66-14.crt
     and
           9eb7c8be.0
 
@@ -2224,6 +2322,7 @@ proc set_defaults {} {
 	global ts_mode ts_desktop_size ts_desktop_depth choose_desktop_geom
 	global additional_port_redirs additional_port_redirs_list
 	global stunnel_local_protection stunnel_local_protection_type ssh_local_protection multiple_listen
+	global ultra_dsm ultra_dsm_type ultra_dsm_file
 	global sound_daemon_remote_cmd sound_daemon_remote_port sound_daemon_kill sound_daemon_restart
 	global sound_daemon_local_cmd sound_daemon_local_port sound_daemon_local_kill sound_daemon_x11vnc sound_daemon_local_start 
 	global smb_su_mode smb_mount_list
@@ -2297,6 +2396,10 @@ proc set_defaults {} {
 	set defs(ssh_local_protection) 0
 	set defs(multiple_listen) 0
 
+	set defs(ultra_dsm) 0
+	set defs(ultra_dsm_file) ""
+	set defs(ultra_dsm_type) "guess"
+
 	set defs(cups_local_server) ""
 	set defs(cups_remote_port) ""
 	set defs(cups_local_smb_server) ""
@@ -3566,6 +3669,46 @@ proc set_smb_mounts {} {
 	}
 }
 
+proc mytmp {tmp} {
+	global is_windows mktemp env
+
+	if {$is_windows} {
+		return $tmp
+	}
+
+	if {! [info exists mktemp]} {
+		set mktemp ""
+		foreach dir {/bin /usr/bin /usr/local/bin} {
+			if [file exists "$dir/mktemp"] {
+				set mktemp "$dir/mktemp"
+				break
+			}
+		}
+	}
+	if {$mktemp != ""} {
+		set tmp2 ""
+		catch {set tmp2 [exec $mktemp "$tmp.XXXXXX"]}
+		if [file exists $tmp2] {
+			if [info exists env(DEBUG_MKTEMP)] {
+				puts stderr "mytmp: $tmp2"
+			}
+			return $tmp2
+		}
+	}
+	catch {exec rm -f $tmp}
+	catch {file delete $tmp}
+	if [file exists $tmp] {
+		puts stderr "tmp file still exists: $tmp"
+		exit 1
+	}
+	catch {exec touch $tmp}
+	catch {exec chmod 600 $tmp}
+	if [info exists env(DEBUG_MKTEMP)] {
+		puts stderr "mytmp: $tmp"
+	}
+	return $tmp
+}
+
 proc darwin_terminal_cmd {{title ""} {cmd ""} {bg 0}} {
 	global darwin_terminal
 
@@ -3619,6 +3762,7 @@ proc darwin_terminal_cmd {{title ""} {cmd ""} {bg 0}} {
 	}
 	incr darwin_terminal_cnt
 	append tmp ".$darwin_terminal_cnt"
+	set tmp [mytmp $tmp]
 	
 	set fh ""
 	catch {set fh [open $tmp w 0755]}
@@ -3999,6 +4143,7 @@ proc fetch_cert {save} {
 		}
 		global is_windows
 		set tmp "/tmp/cert.hsh.[tpid]"
+		set tmp [mytmp $tmp]
 		if {$is_windows} {
 			# VF
 			set tmp cert.hsh
@@ -4235,6 +4380,7 @@ if {1} {
 proc check_accepted_certs {} {
 	global cert_text always_verify_ssl
 	global skip_verify_accepted_certs use_listen
+	global ultra_dsm
 
 	if {! $always_verify_ssl} {
 		set skip_verify_accepted_certs 1
@@ -4243,6 +4389,9 @@ proc check_accepted_certs {} {
 	if {$use_listen} {
 		return 1;
 	}
+	if {$ultra_dsm} {
+		return 1;
+	}
 
 	set cert_text [fetch_cert 0]
 
@@ -4290,7 +4439,7 @@ proc check_accepted_certs {} {
 	set adir "$adir/accepted"
 	catch {file mkdir $adir}
 
-	set crt "$adir/$fingerprint=$from.crt"
+	set crt "$adir/$from=$fingerprint.crt"
 
 	if [file exists $crt] {
 		mesg "OK: Certificate found in ACCEPTED_CERTS"
@@ -4298,18 +4447,30 @@ proc check_accepted_certs {} {
 		return 1
 	}
 
+	set crt_old "$adir/$fingerprint=$from.crt"
+
+	if [file exists $crt_old] {
+		mesg "OK: Certificate found in ACCEPTED_CERTS"
+		after 750
+		return 1
+	}
+
 	set cnt 0
-	foreach f [glob -nocomplain -directory $adir "$fingerprint=*"] {
+	foreach f [glob -nocomplain -directory $adir "*$fingerprint*.crt"] {
 		mesg "CERT: $f"
 		after 150
 		incr cnt
 	}
+
 	set oth 0
 	set others [list]
-	foreach f [glob -nocomplain -directory $adir "*=$from.crt"] {
+	foreach f [glob -nocomplain -directory $adir "*$from*.crt"] {
 		if {$f == $crt}  {
 			continue
 		}
+		if {$f == $crt_old}  {
+			continue
+		}
 		set fb [file tail $f]
 		mesg "OTHER CERT: $fb"
 		if {$cnt > 0} {
@@ -4325,6 +4486,9 @@ proc check_accepted_certs {} {
 		if {$f == $crt}  {
 			continue
 		}
+		if {$f == $crt_old}  {
+			continue
+		}
 		set saw 0
 		foreach o $others {
 			if {$f == $o} 	{
@@ -4341,7 +4505,7 @@ proc check_accepted_certs {} {
 		}
 		set same 0
 		while {[gets $fh line] > -1} {
-			if [regexp {^Host-Display: (.*)$} mv hd] {
+			if [regexp {^Host-Display: (.*)$} $line mv hd] {
 				if {$hd == $hp || $hd == $from} {
 					set same 1
 				}
@@ -4510,7 +4674,7 @@ proc save_hash {crt adir hp fingerline from fingerprint} {
 			puts $fh "Host-Display: $hp"
 			puts $fh "$fingerline"
 			puts $fh "hash filename: $h.0"
-			puts $fh "full filename: $fingerprint=$from.crt"
+			puts $fh "full filename: $from=$fingerprint.crt"
 			close $fh
 		}
 		catch {file copy -force $crt $hashfile}
@@ -4612,7 +4776,9 @@ proc init_unixpw {hp} {
 			set name "unknown"
 		}
 
-		set tmp "/tmp/unix.[tpid]"
+		set tmp "/tmp/unixpipe.[tpid]"
+		set tmp [mytmp $tmp]
+		# need to make it a pipe
 		catch {file delete $tmp}
 		if {[file exists $tmp]} {
 			mesg "file still exists: $tmp"
@@ -4708,6 +4874,7 @@ proc reset_stunnel_extra_opts {} {
 	if {$ssvnc_multiple_listen0 != "none"} {
 		set env(SSVNC_MULTIPLE_LISTEN) $ssvnc_multiple_listen0
 	}
+	set env(SSVNC_ULTRA_DSM) ""
 }
 
 proc launch_unix {hp} {
@@ -4765,6 +4932,14 @@ proc launch_unix {hp} {
 	global ssvnc_multiple_listen0
 	set ssvnc_multiple_listen0 ""
 
+	if {[regexp -nocase {sslrepeater://} $hp]} {
+		if {! $use_uvnc_ssl_bug} {
+			set use_uvnc_ssl_bug 1
+			mesg "Enabling 'UltraVNC Single Click III Bug'"
+			after 400
+		}
+	}
+
 	if {$use_uvnc_ssl_bug && ! $use_ssh} {
 		if [info exists env(STUNNEL_EXTRA_OPTS)] {
 			set stunnel_extra_opts0 $env(STUNNEL_EXTRA_OPTS)
@@ -4798,6 +4973,25 @@ proc launch_unix {hp} {
 			}
 		}
 	}
+	if {$ultra_dsm} {
+		if {![file exists $ultra_dsm_file]} {
+			mesg "DSM key file does exist: $ultra_dsm_file" 
+			bell
+			after 1000
+			return
+		}
+		set dsm "ultravnc_dsm_helper "
+		if {$use_listen} {
+			append dsm "rev:"
+		}
+		if {$ultra_dsm_type == "guess"} {
+			append dsm "."
+		} else {
+			append dsm $ultra_dsm_type
+		}
+		append dsm " $ultra_dsm_file"
+		set env(SSVNC_ULTRA_DSM) $dsm
+	}
 	if {$ssh_local_protection} {
 		if {![info exists env(LIM_ACCEPT)]} {
 			set env(LIM_ACCEPT) 1
@@ -4817,7 +5011,7 @@ proc launch_unix {hp} {
 	}
 
 	if {$use_ssh || $use_sshssl} {
-		if {$skip_ssh} {
+		if {$skip_ssh || $ultra_dsm} {
 			set cmd "ss_vncviewer"
 		} elseif {$use_ssh} {
 			set cmd "ss_vncviewer -ssh"
@@ -5006,12 +5200,12 @@ proc launch_unix {hp} {
 		set hpnew  [get_ssh_hp $hp]
 		set proxy  [get_ssh_proxy $hp]
 
-		if {! [repeater_proxy_check $proxy]} {
+		if {!$do_direct && ! [repeater_proxy_check $proxy]} {
 			reset_stunnel_extra_opts
 			return
 		}
 
-		if {! $do_direct && ![regexp -nocase {ssh://} $hpnew]} {
+		if {! $do_direct && ! $ultra_dsm && ![regexp -nocase {ssh://} $hpnew]} {
 			if {$mycert != ""} {
 				set cmd "$cmd -mycert '$mycert'"
 			}
@@ -5087,14 +5281,17 @@ proc launch_unix {hp} {
 		set path [string trim $change_vncviewer_path]
 		if [regexp {^["'].} $path]  {	# "
 			set tmp "/tmp/vncspacewrapper.[tpid]"
+			set tmp [mytmp $tmp]
 			set do_vncspacewrapper 1
-			catch {file delete $tmp}
-			if {[file exists $tmp]} {
-				catch {destroy .c}
-				mesg "file still exists: $tmp"
-				bell
-				reset_stunnel_extra_opts
-				return
+			if {0} {
+				catch {file delete $tmp}
+				if {[file exists $tmp]} {
+					catch {destroy .c}
+					mesg "file still exists: $tmp"
+					bell
+					reset_stunnel_extra_opts
+					return
+				}
 			}
 			catch {set fh [open $tmp "w"]}
 			catch {exec chmod 700 $tmp}
@@ -5154,6 +5351,7 @@ proc launch_unix {hp} {
 	if {$vncauth_passwd != ""} {
 		global use_listen
 		set passwdfile "$env(SSVNC_HOME)/.vncauth_tmp.[tpid]"
+		set passwdfile [mytmp $passwdfile]
 		catch {exec vncstorepw $vncauth_passwd $passwdfile}
 		catch {exec chmod 600 $passwdfile}
 		if {$use_listen} {
@@ -6387,6 +6585,22 @@ proc set_mycert {{parent "."}} {
 	update 
 }
 
+proc set_ultra_dsm_file {{parent "."}} {
+	global ultra_dsm_file
+	set idir [get_idir_certs $ultra_dsm_file]
+	set t ""
+	unix_dialog_resize $parent
+	if {$idir != ""} {
+		set t [tk_getOpenFile -parent $parent -initialdir $idir]
+	} else {
+		set t [tk_getOpenFile -parent $parent]
+	}
+	if {$t != ""} {
+		set ultra_dsm_file $t
+	}
+	update 
+}
+
 proc show_cert {crt} {
 	if {$crt == ""} {
 		bell
@@ -6630,15 +6844,8 @@ emailAddress_max                = 64
 		# VF
 		set tmp "cert.cfg"
 	} else {
-		set tmp "/tmp/cert.cfg."
-		append tmp [clock clicks -milliseconds]
-		catch {file delete $tmp}
-		if {[file exists $tmp]} {
-			catch {destroy .c}
-			mesg "file still exists: $tmp"
-			bell
-			return
-		}
+		set tmp "/tmp/cert.cfg.[tpid]"
+		set tmp [mytmp $tmp]
 		catch {set fh [open $tmp "w"]}
 		catch {exec chmod 600 $tmp}
 		if {! [file exists $tmp]} {
@@ -6738,7 +6945,7 @@ emailAddress_max                = 64
 		set rc [catch {set ph [open "| $cmd" "w"]} emess]
 		if {$rc != 0 || $ph == ""} {
 			raise .
-			tk_messageBox -type ok -icon error -message $emess -title "Count not encrypt private key"
+			tk_messageBox -type ok -icon error -message $emess -title "Could not encrypt private key"
 			catch {file delete $pem}
 			catch {file delete $crt}
 			return
@@ -7139,6 +7346,7 @@ proc do_save {par} {
 		} else {
 			set deltmp itmp.[tpid]
 		}
+		set deltmp [mytmp $deltmp]
 		set import_save_file $deltmp
 	}
 	set rc [catch {set fh [open $import_save_file "w"]} emess]
@@ -7193,7 +7401,7 @@ proc do_save {par} {
 		regsub -all {:} $from "-" from
 		regsub -all {[\\/=]} $from "_" from
 
-		set crt "$adir/$fingerprint=$from.crt"
+		set crt "$adir/$from=$fingerprint.crt"
 		catch {file copy -force $import_save_file $crt}
 
 		save_hash $crt $adir $hp $fingerline $from $fingerprint
@@ -7532,7 +7740,7 @@ proc getcerts {} {
 
 	button .c.create -text "Create Certificate ..." -command {create_cert}
 	button .c.import -text "Import Certificate ..." -command {import_cert}
-	button .c.delete -text "Delete Certificate ..." -command {delete_cert}
+	button .c.delete -text "Delete Certificate ..." -command {delete_cert .c}
 
 	frame .c.b
 	button .c.b.done -text "Done" -command {catch {destroy .c}}
@@ -10543,6 +10751,10 @@ proc help_advanced_opts {} {
          Users (see the main Help panel) from using your STUNNEL tunnel
          to connect to the remote VNC Server.
 
+         UltraVNC DSM Encryption Plugin: on Unix, by using the supplied
+         tool, ultravnc_dsm_helper, encrypted connections to UltraVNC
+         servers using their plugins is enabled.
+
          Multiple LISTEN Connections: allow multiple VNC servers to
          reverse connect at the same time and so display each of their
          desktops on your screen at the same time.
@@ -10555,12 +10767,12 @@ proc help_advanced_opts {} {
          The port can also be closed when the encrypted VNC connection
          finishes.
 
-         Cursor Alphablending:  Use the x11vnc alpha hack for translucent
-         cursors (requires Unix, 32bpp and same endianness)
-
          Use XGrabServer:  On Unix only, use the XGrabServer workaround
          for old window managers.
 
+         Cursor Alphablending:  Use the x11vnc alpha hack for translucent
+         cursors (requires Unix, 32bpp and same endianness)
+
          Y Crop: this is for x11vnc's -ncache client side caching scheme
          with our Unix TightVNC viewer.  Sets the Y value to "crop" the
          viewer size at (below the cut is the pixel cache region you do
@@ -10766,9 +10978,9 @@ proc stunnel_sec_dialog {} {
 
 	global help_font uname
 	if {$uname == "Darwin"} {
-		scroll_text .stlsec.f 82 36
+		scroll_text .stlsec.f 82 37
 	} else {
-		scroll_text .stlsec.f 82 36
+		scroll_text .stlsec.f 82 37
 	}
 
 	apply_bg .stlsec.f
@@ -10779,9 +10991,9 @@ proc stunnel_sec_dialog {} {
     you run SSVNC on and might try to use your encrypted tunnel to gain
     access to the remote VNC machine.
 
-    For STUNNEL SSL tunnels (not SSH tunnels) we provide two options as extra
+    On Unix, for STUNNEL SSL tunnels we provide two options as extra
     safeguards against untrusted local users.  Both only apply to Unix/MacOSX.
-    Note that Both options are ignored in reverse connection (Listen) mode.
+    Note that Both options are *ignored* in reverse connection (Listen) mode.
 
     1) The first one 'Use stunnel EXEC mode' (it is mutually exclusive with
        option 2).  For this case the modified SSVNC Unix viewer must be
@@ -10826,6 +11038,86 @@ proc stunnel_sec_dialog {} {
 	wm resizable .stlsec 1 0
 }
 
+proc ultra_dsm_dialog {} {
+	global ultra_dsm ultra_dsm_file ultra_dsm_type
+	
+	toplev .ultradsm
+	wm title .ultradsm "UltraVNC DSM Encryption Plugin"
+
+	global help_font
+	eval text .ultradsm.t -width 80 -height 24 $help_font
+	apply_bg .ultradsm.t
+
+	set msg {
+    On Unix with the provided SSVNC vncviewer, you can connect to an UltraVNC
+    server that is using one of its encryption plugins: MSRC4 (not yet
+    supported), ARC4, or AESV2.
+
+    You will need to specify the corresponding UltraVNC encryption key
+    (created by you using an UltraVNC server or viewer).  It is usually
+    called 'rc4.key' (for MSRC4), 'arc4.key' (for ARC4), and 'aesv2.key'
+    (for AESV2).  Specify the path to it or browse for it.  Also, specify
+    which type of plugin it is (or use 'guess' to have it guess via the
+    before mentioned filenames).
+
+    SSL and SSH tunnels do not apply in this mode (any settings are ignored.)
+
+    Proxying works in this mode, as well as Reverse Connections (Listen)
+
+    This encryption mode is currently experimental because unfortunately
+    the UltraVNC DSM plugin also modifies the RFB protocol, and so the SSVNC
+    vncviewer had to be modified to support it.  The tight and zlib encodings
+    currently do not work in this mode and are disabled.
+
+    Note that this program also requires the utility tool named
+    'ultravnc_dsm_helper' that should be included in your SSVNC kit.
+}
+
+	.ultradsm.t insert end $msg
+
+	frame .ultradsm.path
+	label .ultradsm.path.l -text "Ultra DSM Keyfile:"
+	entry .ultradsm.path.e -width 40 -textvariable ultra_dsm_file
+	button .ultradsm.path.b -text "Browse..." -command {set_ultra_dsm_file .ultradsm}
+
+	pack .ultradsm.path.l -side left
+	pack .ultradsm.path.e -side left -expand 1 -fill x
+	pack .ultradsm.path.b -side left
+
+	frame .ultradsm.key
+	label .ultradsm.key.l -text "Type of Key:         "
+	radiobutton .ultradsm.key.guess -pady 1 -anchor w -variable ultra_dsm_type -value guess \
+		-text "Guess"
+	radiobutton .ultradsm.key.arc4 -pady 1 -anchor w -variable ultra_dsm_type -value arc4 \
+		-text "ARC4"
+
+	radiobutton .ultradsm.key.aesv2 -pady 1 -anchor w -variable ultra_dsm_type -value aesv2 \
+		-text "AESV2"
+
+	radiobutton .ultradsm.key.msrc4 -pady 1 -anchor w -variable ultra_dsm_type -value msrc4 \
+		-text "MSRC4"
+	.ultradsm.key.msrc4 configure -state disabled
+
+	pack .ultradsm.key.l -side left
+	pack .ultradsm.key.guess -side left
+	pack .ultradsm.key.arc4 -side left
+	pack .ultradsm.key.aesv2 -side left
+	pack .ultradsm.key.msrc4 -side left
+
+	button .ultradsm.cancel -text "Cancel" -command {destroy .ultradsm; set ultra_dsm 0}
+	bind .ultradsm <Escape> {destroy .ultradsm; set ultra_dsm 0}
+	wm protocol .ultradsm WM_DELETE_WINDOW {destroy .ultradsm; set ultra_dsm 0}
+	button .ultradsm.done -text "Done" -command {destroy .ultradsm; catch {raise .oa}}
+	bind .ultradsm.path.e <Return> {destroy .ultradsm; catch {raise .oa}}
+
+	pack .ultradsm.t .ultradsm.path .ultradsm.key .ultradsm.cancel .ultradsm.done -side top -fill x
+
+	center_win .ultradsm
+	wm resizable .ultradsm 1 0
+
+	focus .ultradsm.path.e 
+}
+
 proc ssh_sec_dialog {} {
 	global ssh_local_protection
 	
@@ -10843,11 +11135,11 @@ proc ssh_sec_dialog {} {
     you run SSVNC on and might try to use your encrypted tunnel to gain
     access to the remote VNC machine.
 
-    For SSH tunnels we have an LD_PRELOAD hack (lim_accept.so) that
-    will limit ssh from accepting any local redirection connections
+    On Unix, for SSH tunnels we have an LD_PRELOAD hack (lim_accept.so)
+    that will limit ssh from accepting any local redirection connections
     after the first one or after 15 seconds, whichever comes first.
-    The first SSH port redirection connection is intended to be the
-    one that tunnels your VNC Viewer to reach the remote server.
+    The first SSH port redirection connection is intended to be the one
+    that tunnels your VNC Viewer to reach the remote server.
 
     You can adjust these defaults LIM_ACCEPT=1 LIM_ACCEPT_TIME=15 by
     setting those env. vars. to different values. 
@@ -10885,7 +11177,7 @@ proc multilisten_dialog {} {
 	wm title .multil "Multiple LISTEN Connections"
 
 	global help_font
-	eval text .multil.t -width 84 -height 33 $help_font
+	eval text .multil.t -width 84 -height 35 $help_font
 
 	apply_bg .multil.t
 
@@ -10900,8 +11192,6 @@ proc multilisten_dialog {} {
     On Windows (only the stock TightVNC viewer is provided) it has no
     effect.  On MacOSX if the COTVNC viewer is used it has no effect.
 
-    It only applies to LISTEN mode, not for forward connections.
-
     Rationale:  To play it safe, the Unix vncviewer provided by SSVNC
     (ssvncviewer) only allows one LISTEN reverse connection at a time.
     This is to prohibit malicious people on the network from depositing
@@ -10921,6 +11211,10 @@ proc multilisten_dialog {} {
     Enable 'Multiple LISTEN Connections' if you want to disable the default
     protection in the Unix SSVNC vncviewer; i.e. allow multiple reverse
     connections simultaneously (all vnc viewers we know of do this by default)
+
+    For more control, do not select 'Multiple LISTEN Connections', but
+    rather set the env. var SSVNC_MULTIPLE_LISTEN=MAX:n to limit the number
+    of simultaneous reverse connections to "n" 
 }
 	.multil.t insert end $msg
 
@@ -11758,6 +12052,7 @@ proc set_ts_adv_options {} {
 	global ts_only ts_unixpw ts_vncshared
 	global ts_ncache ts_multisession
 	global choose_othervnc darwin_cotvnc choose_sleep
+	global is_windows
 
 	if {! $ts_only} {
 		return
@@ -11813,6 +12108,12 @@ proc set_ts_adv_options {} {
 		-command {if {$choose_sleep} {ts_sleep_dialog}}
 	incr i
 
+	checkbutton .ot2.b$i -anchor w -variable ssh_local_protection -text \
+		"SSH Local Protections" \
+		-command {if {$ssh_local_protection} {ssh_sec_dialog}}
+	if {$is_windows} {.ot2.b$i configure -state disabled}
+	incr i
+
 	global env
 	if {![info exists env(SSVNC_TS_ALWAYS)]} {
 		button .ot2.b$i -anchor w -text "   SSVNC Mode" \
@@ -11846,6 +12147,7 @@ proc set_advanced_options {} {
 	global use_port_knocking port_knocking_list
 	global is_windows darwin_cotvnc
 	global use_ssh use_sshssl
+	global use_x11_macosx
 	global adv_ssh
 
 	catch {destroy .o}
@@ -11889,7 +12191,7 @@ proc set_advanced_options {} {
 		-command {if {$ssh_local_protection} {ssh_sec_dialog}}
 	global ssh_local_protection_button
 	set ssh_local_protection_button .oa.b$i
-	if {$use_ssl} {.oa.b$i configure -state disabled}
+	if {$use_ssl}    {.oa.b$i configure -state disabled}
 	if {$is_windows} {.oa.b$i configure -state disabled}
 	incr i
 
@@ -11898,7 +12200,15 @@ proc set_advanced_options {} {
 		-command {if {$stunnel_local_protection} {stunnel_sec_dialog}}
 	global stunnel_local_protection_button
 	set stunnel_local_protection_button .oa.b$i
-	if {$use_ssh} {.oa.b$i configure -state disabled}
+	if {$use_ssh}    {.oa.b$i configure -state disabled}
+	if {$is_windows} {.oa.b$i configure -state disabled}
+	incr i
+
+	checkbutton .oa.b$i -anchor w -variable ultra_dsm -text \
+		"UltraVNC DSM Encryption Plugin" \
+		-command {if {$ultra_dsm} {ultra_dsm_dialog}}
+	global ultra_dsm_button
+	set ultra_dsm_button .oa.b$i
 	if {$is_windows} {.oa.b$i configure -state disabled}
 	incr i
 
@@ -12051,6 +12361,7 @@ proc ssh_agent_restart {} {
 		return
 	}
 	set tmp $env(SSVNC_HOME)/.vnc-sa[tpid]
+	set tmp [mytmp $tmp]
 	set fh ""
 	catch {set fh [open $tmp "w"]}
 	if {$fh == ""} {
@@ -12119,7 +12430,7 @@ proc adv_ssh_tog {on} {
 }
 
 proc adv_listen_ssl_tog {on} {
-	global stunnel_local_protection_button
+	global stunnel_local_protection_button is_windows
 	if [info exists stunnel_local_protection_button] {
 		if {$on} {
 			catch {$stunnel_local_protection_button configure -state normal}
@@ -12127,10 +12438,13 @@ proc adv_listen_ssl_tog {on} {
 			catch {$stunnel_local_protection_button configure -state disabled}
 		}
 	}
+	if {$is_windows} {
+		catch {$stunnel_local_protection_button configure -state disabled}
+	}
 }
 
 proc adv_listen_ssh_tog {on} {
-	global ssh_local_protection_button
+	global ssh_local_protection_button is_windows
 	if [info exists ssh_local_protection_button] {
 		if {$on} {
 			catch {$ssh_local_protection_button configure -state normal}
@@ -12138,6 +12452,9 @@ proc adv_listen_ssh_tog {on} {
 			catch {$ssh_local_protection_button configure -state disabled}
 		}
 	}
+	if {$is_windows} {
+		catch {$ssh_local_protection_button configure -state disabled}
+	}
 }
 
 proc ssl_ssh_adjust {which} {
@@ -12233,7 +12550,7 @@ proc ssl_ssh_adjust {which} {
 }
 
 proc listen_adjust {} {
-	global use_listen revs_button multiple_listen_button
+	global use_listen revs_button multiple_listen_button is_windows
 	if {![info exists multiple_listen_button]} {
 		set multiple_listen_button "none"
 	}
@@ -12246,6 +12563,9 @@ proc listen_adjust {} {
 		catch {.o.b.connect configure -text "Connect"}
 		catch {$multiple_listen_button configure -state disabled}
 	}
+	if {$is_windows} {
+		catch {$multiple_listen_button configure -state disabled}
+	}
 }
 
 proc unixpw_adjust {} {
@@ -12554,6 +12874,41 @@ proc check_writable {} {
 	}
 }
 
+proc print_help {} {
+
+	set b "\n============================================================================\n"
+	help
+	set str [.h.f.t get 1.0 end]
+	puts "${b}Help:\n$str"
+	destroy .h
+
+	help_opts
+	set str [.oh.f.t get 1.0 end]
+	puts "${b}SSL/SSH Viewer Options Help:\n$str"
+	destroy .oh
+
+	help_advanced_opts
+	set str [.ah.f.t get 1.0 end]
+	puts "${b}Advanced Options Help:\n$str"
+	destroy .oh
+
+	help_certs
+	set str [.ch.f.t get 1.0 end]
+	puts "${b}SSL Certificates Help:\n$str"
+	destroy .ch
+
+	help_fetch_cert
+	set str [.fh.f.t get 1.0 end]
+	puts "${b}Fetch Certificates Help:\n$str"
+	destroy .fh
+
+
+	ts_help
+	set str [.h.f.t get 1.0 end]
+	puts "${b}Terminal Services Help:\n$str"
+	destroy .h
+}
+
 global env
 set is_windows 0
 set help_font "-font fixed"
@@ -13037,6 +13392,9 @@ for {set i 0} {$i < $argc} {incr i} {
 		;
 	} elseif {$item == "-tso"} {
 		;
+	} elseif {$item == "-printhelp"} {
+		print_help
+		exit;
 	} elseif {$item != ""} {
 		if {[file exists $item] && [file isfile $item]}  {
 			set didload 1
diff --git a/x11vnc/misc/enhanced_tightvnc_viewer/man/man1/ssvnc.1 b/x11vnc/misc/enhanced_tightvnc_viewer/man/man1/ssvnc.1
index 661c32a..186d805 100644
--- a/x11vnc/misc/enhanced_tightvnc_viewer/man/man1/ssvnc.1
+++ b/x11vnc/misc/enhanced_tightvnc_viewer/man/man1/ssvnc.1
@@ -55,7 +55,7 @@ Normally you do not specify any command line options.  You simply
 run \fBssvnc\fR and use the GUI that starts up.
 
 However, as shortcuts you can supply a VNC host:display (or host:port)
-on the command line.  to connect to immediately (the GUI is started
+on the command line to connect to immediately (the GUI is started
 and the connection is initiated).  For example, "\fBssvnc far-away.east:0\fR"
 Instead of a  host:display, you can specify the name of a saved profile to
 automatically load that profile and then connect to its server.  
diff --git a/x11vnc/misc/enhanced_tightvnc_viewer/man/man1/ssvncviewer.1 b/x11vnc/misc/enhanced_tightvnc_viewer/man/man1/ssvncviewer.1
index e451ec8..5c55402 100644
--- a/x11vnc/misc/enhanced_tightvnc_viewer/man/man1/ssvncviewer.1
+++ b/x11vnc/misc/enhanced_tightvnc_viewer/man/man1/ssvncviewer.1
@@ -194,6 +194,9 @@ Note: F9 is shortcut to Toggle FullScreen mode.
 .TP
 Note: In -listen mode set the env var. SSVNC_MULTIPLE_LISTEN=1
 to allow more than one incoming VNC server at a time.
+This is the same as -multilisten described below.  Set
+SSVNC_MULTIPLE_LISTEN=MAX:n to allow no more than "n"
+simultaneous reverse connections.
 .TP
 Note: If the host:port is specified as "exec=command args..."
 then instead of making a TCP/IP socket connection to the
@@ -206,6 +209,14 @@ This mode does not work for -listen reverse connections.
 Note: If the host:port contains a '/' it is interpreted as a
 unix-domain socket (AF_LOCAL insead of AF_INET)
 .TP
+\fB\-multilisten\fR
+As in -listen (reverse connection listening) except
+allow more than one incoming VNC server to be connected
+at a time.  The default for -listen of only one at a
+time tries to play it safe by not allowing anyone on
+the network to put (many) desktops on your screen over
+a long window of time. Use -multilisten for no limit.
+.TP
 \fB\-use64\fR
 In \fB\-bgr233\fR mode, use 64 colors instead of 256.
 .TP
@@ -290,8 +301,8 @@ Disable use of MIT shared memory extension (not recommended)
 Do the UltraVNC chat in the terminal vncviewer is in
 instead of in an independent window.
 .TP
-\fB\-unixpw\fR
-str Useful for logging into x11vnc in \fB\-unixpw\fR mode. "str" is a
+\fB\-unixpw\fR \fIstr\fR
+Useful for logging into x11vnc in \fB\-unixpw\fR mode. "str" is a
 string that allows many ways to enter the Unix Username
 and Unix Password.  These characters: username, newline,
 password, newline are sent to the VNC server after any VNC
@@ -313,17 +324,45 @@ after reading. Otherwise, if str has a "@" character,
 it is taken as username@password. Otherwise, the program
 exits with an error. Got all that?
 .TP
-\fB-repeater\fR str  This is for use with UltraVNC repeater proxy described
+\fB-repeater\fR \fIstr\fR
+This is for use with UltraVNC repeater proxy described
 here: http://www.uvnc.com/addons/repeater.html.  The "str"
 is the ID string to be sent to the repeater.  E.g. ID:1234
 It can also be the hostname and port or display of the VNC
 server, e.g. 12.34.56.78:0 or snoopy.com:1.  Note that when
 using -repeater, the host:dpy on the cmdline is the repeater
 server, NOT the VNC server.  The repeater will connect you.
+
 Example: vncviewer ... -repeater ID:3333 repeat.host:5900
+
 Example: vncviewer ... -repeater vhost:0 repeat.host:5900
-.TP
-\fB\-printres\fR  Print out the Ssvnc X resources (appdefaults) and
+
+Use, e.g., '-repeater SCIII=ID:3210' if the repeater is a
+Single Click III (SSL) repeater (repeater_SSL.exe) and you
+are passing the SSL part of the connection through stunnel, socat, etc.
+This way the magic UltraVNC string 'testB' needed to work with the
+repeater is sent to it.
+.TP
+\fB-rfbversion\fR \fIstr\fR
+Set the advertised RFB version.  E.g.: -rfbversion 3.6  For some
+servers, e.g. UltraVNC this needs to be done.
+.TP
+\fB-ultradsm\fR
+UltraVNC has symmetric private encryption DSM plugins.  See
+http://www.uvnc.com/features/encryption.html.  It is assumed
+you are using a unix program (e.g. our ultravnc_dsm_helper) to
+encrypt and decrypt the UltraVNC DSM stream. IN ADDITION TO
+THAT supply -ultradsm to tell THIS viewer to modify the RFB
+data sent so as to work with the UltraVNC Server.  For some
+reason, each RFB msg type must be sent twice under DSM.
+.TP
+\fB-env\fR \fIVAR=VALUE\fR
+To save writing a shell script to set environment
+variables, specify as many as you need on the command line.  For example,
+-env SSVNC_MULTIPLE_LISTEN=MAX:5 -env EDITOR=vi
+.TP
+\fB\-printres\fR
+Print out the Ssvnc X resources (appdefaults) and
 then exit. You can save them to a file and customize them (e.g. the
 keybindings and Popup menu)  Then point to the file via
 XENVIRONMENT or XAPPLRESDIR.
@@ -568,8 +607,8 @@ local TCP port number;
 .B %R
 remote TCP port number.
 .SH SEE ALSO
-\fBvncserver\fR(1), \fBXvnc\fR(1), \fBvncpasswd\fR(1),
-\fBvncconnect\fR(1), \fBssh\fR(1)
+\fBvncserver\fR(1), \fBx11vnc\fR(1), \fBssvnc\fR(1), \fBXvnc\fR(1), \fBvncpasswd\fR(1),
+\fBvncconnect\fR(1), \fBssh\fR(1), http://www.karlrunge.com/x11vnc, http://www.karlrunge.com/x11vnc/ssvnc.html
 .SH AUTHORS
 Original VNC was developed in AT&T Laboratories Cambridge. TightVNC
 additions was implemented by Constantin Kaplinsky. Many other people
@@ -584,3 +623,5 @@ Terran Melconian <terran@consistent.org>,
 Tim Waugh <twaugh@redhat.com>,
 .br
 Constantin Kaplinsky <const@ce.cctpu.edu.ru>
+.br
+Karl Runge <runge@karlrunge.com>
diff --git a/x11vnc/misc/enhanced_tightvnc_viewer/src/patches/_bundle b/x11vnc/misc/enhanced_tightvnc_viewer/src/patches/_bundle
index 8abccf3..bcd18a8 100755
--- a/x11vnc/misc/enhanced_tightvnc_viewer/src/patches/_bundle
+++ b/x11vnc/misc/enhanced_tightvnc_viewer/src/patches/_bundle
@@ -62,7 +62,10 @@ zip -9 -r ssvnc-$vers.zip ssvnc -x '*.zip' '*.tar.gz'
 tar cvf - --exclude='*.zip' --exclude='*.tar.gz' ssvnc | gzip -9 >  ssvnc-$vers.tar.gz
 tar cvf - --exclude='*.zip' --exclude='*.tar.gz' --exclude='*.dll' --exclude='*.exe' --exclude ssvnc/Windows/util ssvnc | gzip -9 >  ssvnc_no_windows-$vers.tar.gz
 
+echo
 ls -l ssvnc*-$vers.*
+echo
+
 
 ###########################################
 dest=./t.windows_only
@@ -84,3 +87,18 @@ rm -f $zip
 ls -l $zip
 rm -rf $dest
 
+
+sync
+echo
+for g in ssvnc*-$vers*.gz
+do
+	md5sum $g
+	gzip -t $g || (tput bel; sleep 2)
+done
+for g in ssvnc*-$vers*.zip
+do
+	md5sum $g
+done
+
+sleep 3
+echo
diff --git a/x11vnc/misc/enhanced_tightvnc_viewer/src/patches/tight-vncviewer-full.patch b/x11vnc/misc/enhanced_tightvnc_viewer/src/patches/tight-vncviewer-full.patch
index cf7ce30..ce0c545 100644
--- a/x11vnc/misc/enhanced_tightvnc_viewer/src/patches/tight-vncviewer-full.patch
+++ b/x11vnc/misc/enhanced_tightvnc_viewer/src/patches/tight-vncviewer-full.patch
@@ -664,7 +664,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/Vncviewer vnc_unixsrc/vncview
 +
 diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/argsresources.c vnc_unixsrc/vncviewer/argsresources.c
 --- vnc_unixsrc.orig/vncviewer/argsresources.c	2007-02-04 17:10:31.000000000 -0500
-+++ vnc_unixsrc/vncviewer/argsresources.c	2008-09-06 21:48:37.000000000 -0400
++++ vnc_unixsrc/vncviewer/argsresources.c	2008-09-14 14:27:29.000000000 -0400
 @@ -31,9 +31,9 @@
  
  char *fallback_resources[] = {
@@ -1148,7 +1148,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/argsresources.c vnc_unixsrc/v
  
  static XtResource appDataResourceList[] = {
    {"shareDesktop", "ShareDesktop", XtRBool, sizeof(Bool),
-@@ -155,14 +540,32 @@
+@@ -155,14 +540,38 @@
    {"userLogin", "UserLogin", XtRString, sizeof(String),
     XtOffsetOf(AppData, userLogin), XtRImmediate, (XtPointer) 0},
  
@@ -1158,6 +1158,12 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/argsresources.c vnc_unixsrc/v
 +  {"repeaterUltra", "RepeaterUltra", XtRString, sizeof(String),
 +   XtOffsetOf(AppData, repeaterUltra), XtRImmediate, (XtPointer) 0},
 +
++  {"ultraDSM", "UltraDSM", XtRBool, sizeof(Bool),
++   XtOffsetOf(AppData, ultraDSM), XtRImmediate, (XtPointer) False},
++
++  {"rfbVersion", "RfbVersion", XtRString, sizeof(String),
++   XtOffsetOf(AppData, rfbVersion), XtRImmediate, (XtPointer) 0},
++
    {"passwordDialog", "PasswordDialog", XtRBool, sizeof(Bool),
     XtOffsetOf(AppData, passwordDialog), XtRImmediate, (XtPointer) False},
  
@@ -1183,7 +1189,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/argsresources.c vnc_unixsrc/v
  
    {"nColours", "NColours", XtRInt, sizeof(int),
     XtOffsetOf(AppData, nColours), XtRImmediate, (XtPointer) 256},
-@@ -179,9 +582,12 @@
+@@ -179,9 +588,12 @@
    {"requestedDepth", "RequestedDepth", XtRInt, sizeof(int),
     XtOffsetOf(AppData, requestedDepth), XtRImmediate, (XtPointer) 0},
  
@@ -1197,7 +1203,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/argsresources.c vnc_unixsrc/v
    {"wmDecorationWidth", "WmDecorationWidth", XtRInt, sizeof(int),
     XtOffsetOf(AppData, wmDecorationWidth), XtRImmediate, (XtPointer) 4},
  
-@@ -191,6 +597,9 @@
+@@ -191,6 +603,9 @@
    {"popupButtonCount", "PopupButtonCount", XtRInt, sizeof(int),
     XtOffsetOf(AppData, popupButtonCount), XtRImmediate, (XtPointer) 0},
  
@@ -1207,7 +1213,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/argsresources.c vnc_unixsrc/v
    {"debug", "Debug", XtRBool, sizeof(Bool),
     XtOffsetOf(AppData, debug), XtRImmediate, (XtPointer) False},
  
-@@ -206,8 +615,13 @@
+@@ -206,8 +621,13 @@
    {"bumpScrollPixels", "BumpScrollPixels", XtRInt, sizeof(int),
     XtOffsetOf(AppData, bumpScrollPixels), XtRImmediate, (XtPointer) 20},
  
@@ -1221,7 +1227,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/argsresources.c vnc_unixsrc/v
  
    {"qualityLevel", "QualityLevel", XtRInt, sizeof(int),
     XtOffsetOf(AppData, qualityLevel), XtRImmediate, (XtPointer) 6},
-@@ -218,14 +632,55 @@
+@@ -218,14 +638,55 @@
    {"useRemoteCursor", "UseRemoteCursor", XtRBool, sizeof(Bool),
     XtOffsetOf(AppData, useRemoteCursor), XtRImmediate, (XtPointer) True},
  
@@ -1279,12 +1285,14 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/argsresources.c vnc_unixsrc/v
  };
  
  
-@@ -242,8 +697,23 @@
+@@ -242,8 +703,26 @@
    {"-noraiseonbeep", "*raiseOnBeep",        XrmoptionNoArg,  "False"},
    {"-passwd",        "*passwordFile",       XrmoptionSepArg, 0},
    {"-user",          "*userLogin",          XrmoptionSepArg, 0},
 +  {"-unixpw",        "*unixPW",             XrmoptionSepArg, 0},
 +  {"-repeater",      "*repeaterUltra",      XrmoptionSepArg, 0},
++  {"-ultradsm",      "*ultraDSM",           XrmoptionNoArg,  "True"},
++  {"-rfbversion",    "*rfbVersion",         XrmoptionSepArg, 0},
    {"-encodings",     "*encodings",          XrmoptionSepArg, 0},
 -  {"-bgr233",        "*useBGR233",          XrmoptionNoArg,  "True"},
 +  {"-bgr233",        "*useBGR233",          XrmoptionNoArg,  "256"},
@@ -1297,6 +1305,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/argsresources.c vnc_unixsrc/v
 +  {"-grey",          "*useGreyScale",       XrmoptionNoArg,  "True"},
 +  {"-gray",          "*useGreyScale",       XrmoptionNoArg,  "True"},
 +  {"-sbwidth",       "*sbwidth",            XrmoptionSepArg, 0},
++  {"-env",           "*envDummy",           XrmoptionSepArg, 0},
 +  {"-ycrop",         "*yCrop",              XrmoptionSepArg, 0},
 +  {"-sbwidth",       "*sbwidth",            XrmoptionSepArg, 0},
 +  {"-rawlocal",      "*useRawLocal",        XrmoptionNoArg,  "True"},
@@ -1304,7 +1313,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/argsresources.c vnc_unixsrc/v
    {"-owncmap",       "*forceOwnCmap",       XrmoptionNoArg,  "True"},
    {"-truecolor",     "*forceTrueColour",    XrmoptionNoArg,  "True"},
    {"-truecolour",    "*forceTrueColour",    XrmoptionNoArg,  "True"},
-@@ -253,7 +723,19 @@
+@@ -253,7 +732,19 @@
    {"-nojpeg",        "*enableJPEG",         XrmoptionNoArg,  "False"},
    {"-nocursorshape", "*useRemoteCursor",    XrmoptionNoArg,  "False"},
    {"-x11cursor",     "*useX11Cursor",       XrmoptionNoArg,  "True"},
@@ -1325,7 +1334,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/argsresources.c vnc_unixsrc/v
  
  };
  
-@@ -268,15 +750,77 @@
+@@ -268,15 +759,77 @@
      {"SendRFBEvent", SendRFBEvent},
      {"ShowPopup", ShowPopup},
      {"HidePopup", HidePopup},
@@ -1403,7 +1412,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/argsresources.c vnc_unixsrc/v
  };
  
  
-@@ -302,11 +846,13 @@
+@@ -302,11 +855,13 @@
  void
  usage(void)
  {
@@ -1419,7 +1428,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/argsresources.c vnc_unixsrc/v
  	  "       %s [<OPTIONS>] -listen [<DISPLAY#>]\n"
  	  "       %s -help\n"
  	  "\n"
-@@ -332,10 +878,185 @@
+@@ -332,10 +887,209 @@
  	  "        -autopass\n"
  	  "\n"
  	  "Option names may be abbreviated, e.g. -bgr instead of -bgr233.\n"
@@ -1438,7 +1447,9 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/argsresources.c vnc_unixsrc/v
 +	  "\n"
 +	  "   Note: In -listen mode set the env var. SSVNC_MULTIPLE_LISTEN=1\n"
 +	  "         to allow more than one incoming VNC server at a time.\n"
-+	  "         This is the same as -multilisten described below.\n"
++	  "         This is the same as -multilisten described below.  Set\n"
++	  "         SSVNC_MULTIPLE_LISTEN=MAX:n to allow no more than \"n\"\n"
++	  "         simultaneous reverse connections.\n"
 +	  "\n"
 +	  "   Note: If the host:port is specified as \"exec=command args...\"\n"
 +	  "         then instead of making a TCP/IP socket connection to the\n"
@@ -1451,12 +1462,12 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/argsresources.c vnc_unixsrc/v
 +	  "   Note: If the host:port contains a '/' it is interpreted as a\n"
 +	  "         unix-domain socket (AF_LOCAL insead of AF_INET)\n"
 +	  "\n"
-+	  "        -multilisten  As in -listen (reverse connection listening)\n"
-+	  "                    except allow more than one incoming VNC server to\n"
-+	  "                    be connected at a time.  The default of only one\n"
-+	  "                    at a time tries to play it safe by not allowing\n"
-+	  "                    anyone on the network to put (many) desktops on\n"
-+	  "                    your screen during a long window of time.\n"
++	  "        -multilisten  As in -listen (reverse connection listening) except\n"
++	  "                    allow more than one incoming VNC server to be connected\n"
++	  "                    at a time.  The default for -listen of only one at a\n"
++	  "                    time tries to play it safe by not allowing anyone on\n"
++	  "                    the network to put (many) desktops on your screen over\n"
++	  "                    a long window of time. Use -multilisten for no limit.\n"
 +	  "\n"
 +	  "        -use64      In -bgr233 mode, use 64 colors instead of 256.\n"
 +	  "        -bgr222     Same as -use64.\n"
@@ -1555,9 +1566,31 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/argsresources.c vnc_unixsrc/v
 +	  "                    server, e.g. 12.34.56.78:0 or snoopy.com:1.  Note that when\n"  
 +	  "                    using -repeater, the host:dpy on the cmdline is the repeater\n"  
 +	  "                    server, NOT the VNC server.  The repeater will connect you.\n"  
++	  "\n"
 +	  "                    Example: vncviewer ... -repeater ID:3333 repeat.host:5900\n"  
 +	  "                    Example: vncviewer ... -repeater vhost:0 repeat.host:5900\n"  
 +	  "\n"
++	  "                    Use, e.g., '-repeater SCIII=ID:3210' if the repeater is a\n"
++	  "                    Single Click III (SSL) repeater (repeater_SSL.exe) and you\n"
++	  "                    are passing the SSL part of the connection through stunnel,\n"
++	  "                    socat, etc. This way the magic UltraVNC string 'testB'\n"
++          "                    needed to work with the repeater is sent to it.\n"
++	  "\n"
++	  "     -rfbversion str Set the advertised RFB version.  E.g.: -rfbversion 3.6\n"
++	  "                    For some servers, e.g. UltraVNC this needs to be done.\n"
++	  "\n"
++	  "     -ultradsm      UltraVNC has symmetric private key encryption DSM plugins:\n"  
++	  "                    http://www.uvnc.com/features/encryption.html. It is assumed\n"  
++	  "                    you are using a unix program (e.g. our ultravnc_dsm_helper)\n"  
++	  "                    to encrypt and decrypt the UltraVNC DSM stream. IN ADDITION\n"  
++	  "                    TO THAT supply -ultradsm to tell THIS viewer to modify the\n"  
++	  "                    RFB data sent so as to work with the UltraVNC Server. For\n"  
++	  "                    some reason, each RFB msg type must be sent twice under DSM.\n"  
++	  "\n"
++	  "     -env VAR=VALUE To save writing a shell script to set environment variables,\n"
++	  "                    specify as many as you need on the command line.  For\n"
++	  "                    example, -env SSVNC_MULTIPLE_LISTEN=MAX:5 -env EDITOR=vi\n"
++	  "\n"
 +	  "     -printres      Print out the Ssvnc X resources (appdefaults) and then exit\n"  
 +	  "                    You can save them to a file and customize them (e.g. the\n"  
 +	  "                    keybindings and Popup menu)  Then point to the file via\n"  
@@ -1607,7 +1640,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/argsresources.c vnc_unixsrc/v
  
  
  /*
-@@ -350,6 +1071,7 @@
+@@ -350,6 +1104,7 @@
    int i;
    char *vncServerName, *colonPos;
    int len, portOffset;
@@ -1615,7 +1648,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/argsresources.c vnc_unixsrc/v
  
    /* Turn app resource specs into our appData structure for the rest of the
       program to use */
-@@ -357,6 +1079,23 @@
+@@ -357,6 +1112,29 @@
    XtGetApplicationResources(toplevel, &appData, appDataResourceList,
  			    XtNumber(appDataResourceList), 0, 0);
  
@@ -1634,12 +1667,18 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/argsresources.c vnc_unixsrc/v
 +			appData.yCrop = n;
 +		}
 +	}
++	if (getenv("VNCVIEWER_ULTRADSM")) {
++		appData.ultraDSM = True;
++	}
++	if (getenv("SSVNC_ULTRA_DSM") && strcmp(getenv("SSVNC_ULTRA_DSM"), "")) {
++		appData.ultraDSM = True;
++	}
 +
 +
    /* Add our actions to the actions table so they can be used in widget
       resource specs */
  
-@@ -376,6 +1115,10 @@
+@@ -376,6 +1154,10 @@
      return;
    }
  
@@ -1650,20 +1689,32 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/argsresources.c vnc_unixsrc/v
    if (argc == 1) {
      vncServerName = DoServerDialog();
      appData.passwordDialog = True;
-@@ -396,7 +1139,11 @@
+@@ -390,13 +1172,23 @@
+       usage();
+   }
+ 
++
+   if (strlen(vncServerName) > 255) {
+     fprintf(stderr,"VNC server name too long\n");
+     exit(1);
    }
  
    colonPos = strchr(vncServerName, ':');
 -  if (colonPos == NULL) {
 +  if (strstr(vncServerName, "exec=") == vncServerName) {
 +    /* special exec-external-command case */
-+    strcpy(vncServerHost, vncServerName);
-+    vncServerPort = SERVER_PORT_OFFSET;
++	strcpy(vncServerHost, vncServerName);
++	vncServerPort = SERVER_PORT_OFFSET;
++	if (! appData.ultraDSM) {
++		if (strstr(vncServerName, "ultravnc_dsm_helper")) {
++			appData.ultraDSM = True;
++		}
++	}
 +  } else if (colonPos == NULL) {
      /* No colon -- use default port number */
      strcpy(vncServerHost, vncServerName);
      vncServerPort = SERVER_PORT_OFFSET;
-@@ -414,6 +1161,13 @@
+@@ -414,6 +1206,13 @@
      if (!len || strspn(colonPos + 1, "0123456789") != len) {
        usage();
      }
@@ -4369,7 +4420,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/hextile.c vnc_unixsrc/vncview
 +#undef FillRectangle
 diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/listen.c vnc_unixsrc/vncviewer/listen.c
 --- vnc_unixsrc.orig/vncviewer/listen.c	2001-01-16 03:07:57.000000000 -0500
-+++ vnc_unixsrc/vncviewer/listen.c	2008-09-06 18:17:58.000000000 -0400
++++ vnc_unixsrc/vncviewer/listen.c	2008-09-07 11:23:30.000000000 -0400
 @@ -58,6 +58,8 @@
    int n;
    int i;
@@ -4447,7 +4498,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/listen.c vnc_unixsrc/vncviewe
      if (FD_ISSET(flashSocket, &fds)) {
  
        sock = AcceptTcpConnection(flashSocket);
-@@ -151,11 +181,35 @@
+@@ -151,11 +181,48 @@
        }
        close(sock);
      }
@@ -4463,7 +4514,20 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/listen.c vnc_unixsrc/vncviewe
 +	rfbsock = AcceptTcpConnection(listenSocket);
 +
 +	if (sml != NULL) {
-+		if (strcmp(sml, "") && strcmp(sml, "0")) {
++		if (strstr(sml, "MAX:") == sml || strstr(sml, "max:") == sml) {
++			char *q = strchr(sml, ':');
++			int maxc = atoi(q+1);
++			if (maxc == 0 && strcmp(q+1, "0")) {
++				maxc = -99;
++			}
++			if (maxc < 0) {
++				fprintf(stderr, "invalid SSVNC_MULTIPLE_LISTEN=MAX:n, %s, must be 0 or positive, using 1\n", sml); 
++			} else if (maxc == 0) {
++				multi_ok = 1;
++			} else if (children < maxc) {
++				multi_ok = 1;
++			}
++		} else if (strcmp(sml, "") && strcmp(sml, "0")) {
 +			multi_ok = 1;
 +		}
 +	}
@@ -4486,7 +4550,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/listen.c vnc_unixsrc/vncviewe
  
        XCloseDisplay(d);
  
-@@ -175,6 +229,7 @@
+@@ -175,6 +242,7 @@
  
        default:
  	/* parent - go round and listen again */
@@ -4494,7 +4558,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/listen.c vnc_unixsrc/vncviewe
  	close(rfbsock); 
  	if (!(d = XOpenDisplay(displayname))) {
  	  fprintf(stderr,"%s: unable to open display %s\n",
-@@ -182,6 +237,10 @@
+@@ -182,6 +250,10 @@
  	  exit(1);
  	}
  	getFlashFont(d);
@@ -4518,7 +4582,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/misc.c vnc_unixsrc/vncviewer/
  static int
 diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/popup.c vnc_unixsrc/vncviewer/popup.c
 --- vnc_unixsrc.orig/vncviewer/popup.c	2000-06-11 08:00:53.000000000 -0400
-+++ vnc_unixsrc/vncviewer/popup.c	2008-09-05 21:59:15.000000000 -0400
++++ vnc_unixsrc/vncviewer/popup.c	2008-09-14 10:34:39.000000000 -0400
 @@ -25,15 +25,44 @@
  
  #include <X11/Xaw/Form.h>
@@ -4566,7 +4630,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/popup.c vnc_unixsrc/vncviewer
    XSetWMProtocols(dpy, XtWindow(popup), &wmDeleteWindow, 1);
  }
  
-@@ -52,42 +81,453 @@
+@@ -52,42 +81,464 @@
  };
  
  void
@@ -4818,11 +4882,11 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/popup.c vnc_unixsrc/vncviewer
 +void ShowFile(Widget w, XEvent *event, String *params, Cardinal *num_params) {
 +	int i, port0 = 7200, port, sock = -1;
 +	char *cmd, *jar;
-+	char fmt[] = "java -cp '%s' VncViewer HOST localhost PORT %d delayAuthPanel yes ignoreMSLogonCheck yes disableSSL yes ftpOnly yes graftFtp yes &";
++	char fmt[] = "java -cp '%s' VncViewer HOST localhost PORT %d delayAuthPanel yes ignoreMSLogonCheck yes disableSSL yes ftpOnly yes graftFtp yes dsmActive no  &";
 +
 +	if (getenv("SSVNC_ULTRA_FTP_JAR")) {
 +		jar = getenv("SSVNC_ULTRA_FTP_JAR");
-+		cmd = (char *) malloc(strlen(fmt) + strlen(jar) + 10);
++		cmd = (char *) malloc(strlen(fmt) + strlen(jar) + 100);
 +	} else {
 +		fprintf(stderr, "Cannot find UltraVNC FTP jar file.\n");
 +		return;
@@ -4848,6 +4912,17 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/popup.c vnc_unixsrc/vncviewer
 +		} else if (pid == 0) {
 +			int i;
 +			sprintf(cmd, fmt, jar, port);
++			if (appData.ultraDSM) {
++				char *q = strstr(cmd, "dsmActive");
++				if (q) {
++					q = strstr(q, "no ");
++					if (q) {
++						q[0] = 'y';
++						q[1] = 'e';
++						q[2] = 's';
++					}
++				}
++			}
 +			for (i = 3; i < 100; i++) {
 +				close(i);
 +			}
@@ -5063,7 +5138,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/popup_ad vnc_unixsrc/vncviewe
 +}
 diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncviewer/rfbproto.c
 --- vnc_unixsrc.orig/vncviewer/rfbproto.c	2008-09-05 19:51:24.000000000 -0400
-+++ vnc_unixsrc/vncviewer/rfbproto.c	2008-09-05 21:51:53.000000000 -0400
++++ vnc_unixsrc/vncviewer/rfbproto.c	2008-09-13 18:00:27.000000000 -0400
 @@ -23,6 +23,7 @@
   * rfbproto.c - functions to deal with client side of RFB protocol.
   */
@@ -5117,18 +5192,19 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
  static void ReadConnFailedReason(void);
  static long ReadCompactLen (void);
  
-@@ -68,6 +107,10 @@
+@@ -67,6 +106,11 @@
+ static void JpegSetSrcManager(j_decompress_ptr cinfo, CARD8 *compressedData,
                                int compressedLen);
  
- 
++extern int currentMsg;
++
 +int sent_FBU = 0;
 +int skip_XtUpdate = 0;
 +int skip_XtUpdateAll = 0;
-+
+ 
  int rfbsock;
  char *desktopName;
- rfbPixelFormat myFormat;
-@@ -177,6 +220,9 @@
+@@ -177,6 +221,9 @@
  	  sig_rfbEncodingPointerPos, "Pointer position update");
    CapsAdd(encodingCaps, rfbEncodingLastRect, rfbTightVncVendor,
  	  sig_rfbEncodingLastRect, "LastRect protocol extension");
@@ -5138,7 +5214,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
  }
  
  
-@@ -187,21 +233,104 @@
+@@ -187,21 +234,104 @@
  Bool
  ConnectToRFBServer(const char *hostname, int port)
  {
@@ -5256,7 +5332,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
  }
  
  
-@@ -212,211 +341,299 @@
+@@ -212,211 +342,301 @@
  Bool
  InitialiseRFBConnection(void)
  {
@@ -5385,7 +5461,9 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
  
 -  if (!WriteExact(rfbsock, pv, sz_rfbProtocolVersionMsg))
 -    return False;
-+	if (server_major == 3 && (server_minor == 14 || server_minor == 16)) {
++	if (appData.rfbVersion != NULL && sscanf(appData.rfbVersion, "%d.%d", &viewer_major, &viewer_minor) == 2) {
++		fprintf(stderr,"Setting RFB version to %d.%d from -rfbversion.\n", viewer_major, viewer_minor);
++	} else if (server_major == 3 && (server_minor == 14 || server_minor == 16)) {
 +		/* hack for UltraVNC Single Click. They misuse rfb proto version */
 +		fprintf(stderr,"Setting RFB version to 3.3 for UltraVNC Single Click.\n");
 +		viewer_minor = rfbProtocolFallbackMinorVersion;
@@ -5697,21 +5775,21 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
 +			break;
 +		}
 +	}
++
++	free(secTypes);
  
 -  if (secType == rfbSecTypeInvalid)
 -    fprintf(stderr, "Server did not offer supported security type\n");
-+	free(secTypes);
- 
--  return (int)secType;
 +	if (secType == rfbSecTypeInvalid) {
 +		fprintf(stderr, "Server did not offer supported security type\n");
 +	}
-+
+ 
+-  return (int)secType;
 +	return (int)secType;
  }
  
  
-@@ -451,6 +668,9 @@
+@@ -451,6 +671,9 @@
    return True;
  }
  
@@ -5721,7 +5799,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
  
  /*
   * Negotiate authentication scheme (protocol version 3.7t)
-@@ -459,56 +679,61 @@
+@@ -459,56 +682,61 @@
  static Bool
  PerformAuthenticationTight(void)
  {
@@ -5825,7 +5903,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
  }
  
  
-@@ -519,80 +744,97 @@
+@@ -519,80 +747,97 @@
  static Bool
  AuthenticateVNC(void)
  {
@@ -5986,7 +6064,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
  }
  
  /*
-@@ -602,68 +844,71 @@
+@@ -602,68 +847,71 @@
  static Bool
  AuthenticateUnixLogin(void)
  {
@@ -6110,7 +6188,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
  }
  
  
-@@ -675,19 +920,20 @@
+@@ -675,19 +923,20 @@
  static Bool
  ReadInteractionCaps(void)
  {
@@ -6143,7 +6221,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
  }
  
  
-@@ -700,17 +946,18 @@
+@@ -700,17 +949,18 @@
  static Bool
  ReadCapabilityList(CapsContainer *caps, int count)
  {
@@ -6171,26 +6249,38 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
  }
  
  
-@@ -729,6 +976,10 @@
+@@ -729,6 +979,11 @@
    Bool requestCompressLevel = False;
    Bool requestQualityLevel = False;
    Bool requestLastRectEncoding = False;
 +  Bool requestNewFBSizeEncoding = True;
 +  Bool requestTextChatEncoding = True;
++  int dsm = 0;
 +
 +//  fprintf(stderr, "SetFormatAndEncodings: sent_FBU state: %2d\n", sent_FBU);
  
    spf.type = rfbSetPixelFormat;
    spf.format = myFormat;
-@@ -736,6 +987,7 @@
+@@ -736,12 +991,18 @@
    spf.format.greenMax = Swap16IfLE(spf.format.greenMax);
    spf.format.blueMax = Swap16IfLE(spf.format.blueMax);
  
 +
++  currentMsg = rfbSetPixelFormat;
    if (!WriteExact(rfbsock, (char *)&spf, sz_rfbSetPixelFormatMsg))
      return False;
  
-@@ -754,6 +1006,12 @@
+   se->type = rfbSetEncodings;
+   se->nEncodings = 0;
+ 
++  if (appData.ultraDSM) {
++  	dsm = 1;
++  }
++
+   if (appData.encodingsString) {
+     char *encStr = appData.encodingsString;
+     int encStrLen;
+@@ -754,11 +1015,17 @@
  	encStrLen = strlen(encStr);
        }
  
@@ -6203,7 +6293,23 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
        if (strncasecmp(encStr,"raw",encStrLen) == 0) {
  	encs[se->nEncodings++] = Swap32IfLE(rfbEncodingRaw);
        } else if (strncasecmp(encStr,"copyrect",encStrLen) == 0) {
-@@ -775,6 +1033,20 @@
+ 	encs[se->nEncodings++] = Swap32IfLE(rfbEncodingCopyRect);
+-      } else if (strncasecmp(encStr,"tight",encStrLen) == 0) {
++      } else if (strncasecmp(encStr,"tight",encStrLen) == 0 && !dsm) {
+ 	encs[se->nEncodings++] = Swap32IfLE(rfbEncodingTight);
+ 	requestLastRectEncoding = True;
+ 	if (appData.compressLevel >= 0 && appData.compressLevel <= 9)
+@@ -767,16 +1034,33 @@
+ 	  requestQualityLevel = True;
+       } else if (strncasecmp(encStr,"hextile",encStrLen) == 0) {
+ 	encs[se->nEncodings++] = Swap32IfLE(rfbEncodingHextile);
+-      } else if (strncasecmp(encStr,"zlib",encStrLen) == 0) {
++      } else if (strncasecmp(encStr,"zlib",encStrLen) == 0 && !dsm) {
+ 	encs[se->nEncodings++] = Swap32IfLE(rfbEncodingZlib);
+ 	if (appData.compressLevel >= 0 && appData.compressLevel <= 9)
+ 	  requestCompressLevel = True;
+-      } else if (strncasecmp(encStr,"corre",encStrLen) == 0) {
++      } else if (strncasecmp(encStr,"corre",encStrLen) == 0 && !dsm) {
  	encs[se->nEncodings++] = Swap32IfLE(rfbEncodingCoRRE);
        } else if (strncasecmp(encStr,"rre",encStrLen) == 0) {
  	encs[se->nEncodings++] = Swap32IfLE(rfbEncodingRRE);
@@ -6223,8 +6329,13 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
 +#endif
        } else {
  	fprintf(stderr,"Unknown encoding '%.*s'\n",encStrLen,encStr);
++        if (dsm && strstr(encStr, "tight") == encStr) fprintf(stderr, "tight encoding does not yet work with ultraDSM, skipping it.\n");
++        if (dsm && strstr(encStr, "corre") == encStr) fprintf(stderr, "corre encoding does not yet work with ultraDSM, skipping it.\n");
++        if (dsm && strstr(encStr, "zlib" ) == encStr) fprintf(stderr, "zlib  encoding does not yet work with ultraDSM, skipping it.\n");
        }
-@@ -797,7 +1069,7 @@
+ 
+       encStr = nextEncStr;
+@@ -797,7 +1081,7 @@
      if (appData.useRemoteCursor) {
        if (se->nEncodings < MAX_ENCODINGS)
  	encs[se->nEncodings++] = Swap32IfLE(rfbEncodingXCursor);
@@ -6233,7 +6344,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
  	encs[se->nEncodings++] = Swap32IfLE(rfbEncodingRichCursor);
        if (se->nEncodings < MAX_ENCODINGS)
  	encs[se->nEncodings++] = Swap32IfLE(rfbEncodingPointerPos);
-@@ -806,10 +1078,14 @@
+@@ -806,10 +1090,14 @@
      if (se->nEncodings < MAX_ENCODINGS && requestLastRectEncoding) {
        encs[se->nEncodings++] = Swap32IfLE(rfbEncodingLastRect);
      }
@@ -6249,16 +6360,36 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
  	fprintf(stderr,"Same machine: preferring raw encoding\n");
  	encs[se->nEncodings++] = Swap32IfLE(rfbEncodingRaw);
        } else {
-@@ -819,6 +1095,8 @@
+@@ -818,13 +1106,15 @@
+     }
  
      encs[se->nEncodings++] = Swap32IfLE(rfbEncodingCopyRect);
-     encs[se->nEncodings++] = Swap32IfLE(rfbEncodingTight);
+-    encs[se->nEncodings++] = Swap32IfLE(rfbEncodingTight);
++    if (!dsm) encs[se->nEncodings++] = Swap32IfLE(rfbEncodingTight);
 +    encs[se->nEncodings++] = Swap32IfLE(rfbEncodingZRLE);
 +    encs[se->nEncodings++] = Swap32IfLE(rfbEncodingZYWRLE);
      encs[se->nEncodings++] = Swap32IfLE(rfbEncodingHextile);
-     encs[se->nEncodings++] = Swap32IfLE(rfbEncodingZlib);
-     encs[se->nEncodings++] = Swap32IfLE(rfbEncodingCoRRE);
-@@ -844,11 +1122,14 @@
+-    encs[se->nEncodings++] = Swap32IfLE(rfbEncodingZlib);
+-    encs[se->nEncodings++] = Swap32IfLE(rfbEncodingCoRRE);
++    if (!dsm) encs[se->nEncodings++] = Swap32IfLE(rfbEncodingZlib);
++    if (!dsm) encs[se->nEncodings++] = Swap32IfLE(rfbEncodingCoRRE);
+     encs[se->nEncodings++] = Swap32IfLE(rfbEncodingRRE);
+ 
+-    if (appData.compressLevel >= 0 && appData.compressLevel <= 9) {
++    if (!dsm && appData.compressLevel >= 0 && appData.compressLevel <= 9) {
+       encs[se->nEncodings++] = Swap32IfLE(appData.compressLevel +
+ 					  rfbEncodingCompressLevel0);
+     } else if (!tunnelSpecified) {
+@@ -835,7 +1125,7 @@
+       encs[se->nEncodings++] = Swap32IfLE(rfbEncodingCompressLevel1);
+     }
+ 
+-    if (appData.enableJPEG) {
++    if (!dsm && appData.enableJPEG) {
+       if (appData.qualityLevel < 0 || appData.qualityLevel > 9)
+ 	appData.qualityLevel = 5;
+       encs[se->nEncodings++] = Swap32IfLE(appData.qualityLevel +
+@@ -844,18 +1134,35 @@
  
      if (appData.useRemoteCursor) {
        encs[se->nEncodings++] = Swap32IfLE(rfbEncodingXCursor);
@@ -6274,7 +6405,30 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
    }
  
    len = sz_rfbSetEncodingsMsg + se->nEncodings * 4;
-@@ -868,31 +1149,109 @@
+ 
+-  se->nEncodings = Swap16IfLE(se->nEncodings);
++	if (!appData.ultraDSM) {
++		se->nEncodings = Swap16IfLE(se->nEncodings);
+ 
+-  if (!WriteExact(rfbsock, buf, len)) return False;
++		if (!WriteExact(rfbsock, buf, len)) return False;
++	} else {
++		/* for UltraVNC encryption DSM we have to send each encoding separately (why?) */
++		int i, errs = 0, nenc = se->nEncodings;
++		
++		se->nEncodings = Swap16IfLE(se->nEncodings);
++
++		currentMsg = rfbSetEncodings;
++		if (!WriteExact(rfbsock, buf, sz_rfbSetEncodingsMsg)) errs++;
++		for (i=0; i < nenc; i++) {
++			if (!WriteExact(rfbsock, (char *)&encs[i], sizeof(CARD32))) errs++;
++		}
++		if (errs) return False;
++	}
+ 
+   return True;
+ }
+@@ -868,31 +1175,110 @@
  Bool
  SendIncrementalFramebufferUpdateRequest()
  {
@@ -6282,8 +6436,8 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
 -				      si.framebufferHeight, True);
 +	return SendFramebufferUpdateRequest(0, 0, si.framebufferWidth,
 +	    si.framebufferHeight, True);
- }
- 
++}
++
 +time_t last_filexfer = 0;
 +int delay_filexfer = 3;
 +extern void CheckFileXfer(void);
@@ -6308,12 +6462,12 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
 +if (db) {
 +	ready = rfbsock_is_ready();
 +	fprintf(stderr, "rsir: %d\n", ready);
-+}
+ }
 +#endif
 +//			x = y = 0;
 +//			w = h = 1;
 +
-+
+ 
 +static int dyn = -1;
 +extern int filexfer_sock;
 +extern int filexfer_listen;
@@ -6389,6 +6543,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
 +		sent_FBU = 2;
 +	}
 +
++	currentMsg = rfbFramebufferUpdateRequest;
 +	if (!WriteExact(rfbsock, (char *)&fur, sz_rfbFramebufferUpdateRequestMsg)) {
 +		return False;
 +	}
@@ -6397,7 +6552,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
  }
  
  
-@@ -903,19 +1262,27 @@
+@@ -903,19 +1289,28 @@
  Bool
  SendPointerEvent(int x, int y, int buttonMask)
  {
@@ -6410,11 +6565,6 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
 +			return True;
 +		}
 +	}
-+
-+	pe.type = rfbPointerEvent;
-+	pe.buttonMask = buttonMask;
-+	if (x < 0) x = 0;
-+	if (y < 0) y = 0;
  
 -  pe.type = rfbPointerEvent;
 -  pe.buttonMask = buttonMask;
@@ -6427,42 +6577,49 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
 -  pe.x = Swap16IfLE(x);
 -  pe.y = Swap16IfLE(y);
 -  return WriteExact(rfbsock, (char *)&pe, sz_rfbPointerEventMsg);
++	pe.type = rfbPointerEvent;
++	pe.buttonMask = buttonMask;
++	if (x < 0) x = 0;
++	if (y < 0) y = 0;
++
 +	if (!appData.useX11Cursor) {
 +		SoftCursorMove(x, y);
 +	}
 +
 +	pe.x = Swap16IfLE(x);
 +	pe.y = Swap16IfLE(y);
++	currentMsg = rfbPointerEvent;
 +	return WriteExact(rfbsock, (char *)&pe, sz_rfbPointerEventMsg);
  }
  
  
-@@ -926,12 +1293,19 @@
+@@ -926,12 +1321,20 @@
  Bool
  SendKeyEvent(CARD32 key, Bool down)
  {
 -  rfbKeyEventMsg ke;
 +	rfbKeyEventMsg ke;
- 
--  ke.type = rfbKeyEvent;
--  ke.down = down ? 1 : 0;
--  ke.key = Swap32IfLE(key);
--  return WriteExact(rfbsock, (char *)&ke, sz_rfbKeyEventMsg);
++
 +	if (appData.fileActive) {
 +		if (!dyn || time(NULL) < last_filexfer + delay_filexfer) {
 +			//fprintf(stderr, "skip SendPointerEvent: %d - %d\n", last_filexfer, time(NULL));
 +			return True;
 +		}
 +	}
-+
+ 
+-  ke.type = rfbKeyEvent;
+-  ke.down = down ? 1 : 0;
+-  ke.key = Swap32IfLE(key);
+-  return WriteExact(rfbsock, (char *)&ke, sz_rfbKeyEventMsg);
 +	ke.type = rfbKeyEvent;
 +	ke.down = down ? 1 : 0;
 +	ke.key = Swap32IfLE(key);
++	currentMsg = rfbKeyEvent;
 +	return WriteExact(rfbsock, (char *)&ke, sz_rfbKeyEventMsg);
  }
  
  
-@@ -942,281 +1316,818 @@
+@@ -942,281 +1345,860 @@
  Bool
  SendClientCutText(char *str, int len)
  {
@@ -6495,6 +6652,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
 +
 +	cct.type = rfbClientCutText;
 +	cct.length = Swap32IfLE(len);
++	currentMsg = rfbClientCutText;
 +	return  (WriteExact(rfbsock, (char *)&cct, sz_rfbClientCutTextMsg) &&
 +	    WriteExact(rfbsock, str, len));
  }
@@ -6515,6 +6673,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
 +	ultra_scale = nfac;
 +	ssc.type = rfbSetScale;
 +	ssc.scale = nfac;
++	currentMsg = rfbSetScale;
 +	return WriteExact(rfbsock, (char *)&ssc, sz_rfbSetScaleMsg);
 +}
  
@@ -6529,6 +6688,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
 -    return False;
 +	sim.type = rfbSetServerInput;
 +	sim.status = enabled;
++	currentMsg = rfbSetServerInput;
 +	return WriteExact(rfbsock, (char *)&sim, sz_rfbSetServerInputMsg);
 +}
  
@@ -6568,6 +6728,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
 +		
 +	}
 +	sw.status = True;
++	currentMsg = rfbSetSW;
 +	return WriteExact(rfbsock, (char *)&sw, sz_rfbSetSWMsg);
 +}
  
@@ -6586,6 +6747,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
 +	if (!WriteExact(rfbsock, (char *)&chat, sz_rfbTextChatMsg)) {
 +		return False;
 +	}
++	currentMsg = rfbTextChat;
 +	return WriteExact(rfbsock, str, strlen(str));
 +}
  
@@ -6910,6 +7072,13 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
 +		return False;
  	}
 -	break;
++	if (appData.ultraDSM) {
++		if (!ReadFromRFBServer((char *)&msg, 1)) {
++			return False;
++		}
++	}
++
++//fprintf(stderr, "msg.type: %d\n", msg.type);
  
 -      case rfbEncodingCopyRect:
 -      {
@@ -7121,6 +7290,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
 +		rect.r.w = Swap16IfLE(rect.r.w);
 +		rect.r.h = Swap16IfLE(rect.r.h);
 +
++			
 +		if (rect.encoding == rfbEncodingXCursor || rect.encoding == rfbEncodingRichCursor) {
 +			if (db) fprintf(stderr, "FBU-Cur1  %.6f\n", dnow());
 +			if (!HandleCursorShape(rect.r.x, rect.r.y, rect.r.w, rect.r.h, rect.encoding)) {
@@ -7156,6 +7326,35 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
 +		}
 +		if (rdb) fprintf(stderr,"Rect: %dx%d at (%d, %d)\n", rect.r.w, rect.r.h, rect.r.x, rect.r.y);
 +
++		if (appData.ultraDSM) {
++			/*
++			 * What a huge mess the UltraVNC DSM plugin is!!!
++			 * We read and ignore their little "this much data" hint...
++			 */
++			switch (rect.encoding)
++			{
++			case rfbEncodingRaw:
++			case rfbEncodingRRE:
++			case rfbEncodingCoRRE:
++			case rfbEncodingHextile:
++			//case rfbEncodingUltra:
++//			case rfbEncodingZlib:
++			//case rfbEncodingXOR_Zlib:
++			//case rfbEncodingXORMultiColor_Zlib:
++			//case rfbEncodingXORMonoColor_Zlib:
++			//case rfbEncodingSolidColor:
++			case rfbEncodingTight:
++			case rfbEncodingZlibHex:
++			case rfbEncodingZRLE:
++			case rfbEncodingZYWRLE:
++			    {
++				CARD32 discard;
++				ReadFromRFBServer((char *)&discard, sizeof(CARD32));
++			    }
++			    break;
++			}
++		}
++
 +		if ((rect.r.x + rect.r.w > si.framebufferWidth) ||
 +		    (rect.r.y + rect.r.h > si.framebufferHeight)) {
 +			fprintf(stderr,"Rect too large: %dx%d at (%d, %d) encoding=%d\n",
@@ -7504,7 +7703,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
  
  #ifdef MITSHM
      /* if using shared memory PutImage, make sure that the X server has
-@@ -1224,59 +2135,165 @@
+@@ -1224,59 +2206,165 @@
         mainly to avoid copyrect using invalid screen contents - not sure
         if we'd need it otherwise. */
  
@@ -7535,12 +7734,12 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
    {
 -    Window toplevelWin;
 +	Window toplevelWin;
-+
+ 
+-    XBell(dpy, 0);
 +	if (appData.useBell) {
 +		XBell(dpy, 0);
 +	}
- 
--    XBell(dpy, 0);
++
 +	if (appData.raiseOnBeep) {
 +		toplevelWin = XtWindow(toplevel);
 +		XMapRaised(dpy, toplevelWin);
@@ -7703,7 +7902,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
  }
  
  
-@@ -1296,26 +2313,47 @@
+@@ -1296,26 +2384,47 @@
  #define CONCAT2(a,b) a##b
  #define CONCAT2E(a,b) CONCAT2(a,b)
  
@@ -7751,7 +7950,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
  #undef BPP
  
  /*
-@@ -1358,9 +2396,9 @@
+@@ -1358,9 +2467,9 @@
  	    "  %s significant bit in each byte is leftmost on the screen.\n",
  	    (format->bigEndian ? "Most" : "Least"));
    } else {
@@ -7763,7 +7962,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/rfbproto.c vnc_unixsrc/vncvie
  	      (format->bigEndian ? "Most" : "Least"));
      }
      if (format->trueColour) {
-@@ -1462,4 +2500,3 @@
+@@ -1462,4 +2571,3 @@
  
    cinfo->src = &jpegSrcManager;
  }
@@ -7987,7 +8186,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/smake vnc_unixsrc/vncviewer/s
 +fi
 diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/sockets.c vnc_unixsrc/vncviewer/sockets.c
 --- vnc_unixsrc.orig/vncviewer/sockets.c	2001-01-14 22:54:18.000000000 -0500
-+++ vnc_unixsrc/vncviewer/sockets.c	2008-09-03 14:33:59.000000000 -0400
++++ vnc_unixsrc/vncviewer/sockets.c	2008-09-14 10:28:56.000000000 -0400
 @@ -27,6 +27,7 @@
  #include <netinet/in.h>
  #include <netinet/tcp.h>
@@ -7996,7 +8195,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/sockets.c vnc_unixsrc/vncview
  #include <netdb.h>
  #include <fcntl.h>
  #include <assert.h>
-@@ -56,22 +57,327 @@
+@@ -56,22 +57,339 @@
   */
  
  static Bool rfbsockReady = False;
@@ -8124,7 +8323,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/sockets.c vnc_unixsrc/vncview
 +		fprintf(stderr, " %d", (int) fxfer[i]);
 +	}
 +	fprintf(stderr, " ?\n");
-+}
+ }
 +				if (0 || db) fprintf(stderr, "filexfer read[%d] %d.\n", icnt, rn);
 +				if (rn < 0) {
 +					fprintf(stderr, "filexfer bad read: %d\n", errno);
@@ -8144,6 +8343,18 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/sockets.c vnc_unixsrc/vncview
 +					bytes += rn;
 +					last_filexfer = time(NULL);
 +					//fprintf(stderr, "last_filexfer-2b: %d\n", last_filexfer);
++
++					if (0) {
++						/* WE TRY TO FIX THIS IN THE JAVA NOW */
++						if (appData.ultraDSM) {
++							unsigned char msg = rfbFileTransfer;
++							unsigned char hdc = (unsigned char) fxfer[0];
++							if (msg == hdc) {
++								/* cross your fingers... */
++								WriteExact(rfbsock, (char *)&msg, 1);
++							}
++						}
++					}
 +					if (!WriteExact(rfbsock, fxfer, rn)) {
 +						return;
 +					}
@@ -8210,12 +8421,12 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/sockets.c vnc_unixsrc/vncview
 +	}
 +//fprintf(stderr, "Out CheckFileXfer\n");
 +	return;
- }
- 
++}
++
 +static time_t time_mark;
 +extern int delay_filexfer;
 +#include <sys/stat.h>
-+
+ 
  static void
  ProcessXtEvents()
  {
@@ -8332,10 +8543,91 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/sockets.c vnc_unixsrc/vncview
  }
  
  Bool
-@@ -191,6 +497,40 @@
-   return True;
+@@ -151,6 +469,8 @@
  }
  
+ 
++int currentMsg = -1;
++
+ /*
+  * Write an exact number of bytes, and don't return until you've sent them.
+  */
+@@ -158,37 +478,81 @@
+ Bool
+ WriteExact(int sock, char *buf, int n)
+ {
+-  fd_set fds;
+-  int i = 0;
+-  int j;
+-
+-  while (i < n) {
+-    j = write(sock, buf + i, (n - i));
+-    if (j <= 0) {
+-      if (j < 0) {
+-	if (errno == EWOULDBLOCK || errno == EAGAIN) {
+-	  FD_ZERO(&fds);
+-	  FD_SET(rfbsock,&fds);
++	fd_set fds;
++	int i = 0;
++	int j;
++
++	if (appData.ultraDSM && currentMsg >= 0) {
++		/* this is for goofy UltraVNC DSM send RFB msg char twice: */
++		unsigned char msg = (unsigned char) currentMsg;
++		currentMsg = -1;
++		if (!WriteExact(sock, (char *)&msg, sizeof(msg))) {
++			return False;
++		}
++	}
++	currentMsg = -1;
+ 
+-	  if (select(rfbsock+1, NULL, &fds, NULL, NULL) <= 0) {
+-	    fprintf(stderr,programName);
+-	    perror(": select");
+-	    return False;
+-	  }
+-	  j = 0;
+-	} else {
+-	  fprintf(stderr,programName);
+-	  perror(": write");
+-	  return False;
++	while (i < n) {
++		j = write(sock, buf + i, (n - i));
++		if (j <= 0) {
++		    if (j < 0) {
++			if (errno == EWOULDBLOCK || errno == EAGAIN) {
++				FD_ZERO(&fds);
++				FD_SET(rfbsock,&fds);
++
++				if (select(rfbsock+1, NULL, &fds, NULL, NULL) <= 0) {
++					fprintf(stderr,programName);
++					perror(": select");
++					return False;
++				}
++				j = 0;
++			} else {
++				fprintf(stderr,programName);
++				perror(": write");
++				return False;
++			}
++		    } else {
++			fprintf(stderr,"%s: write failed\n",programName);
++			return False;
++		    }
++		}
++		i += j;
+ 	}
+-      } else {
+-	fprintf(stderr,"%s: write failed\n",programName);
+-	return False;
+-      }
+-    }
+-    i += j;
+-  }
+-  return True;
++	return True;
++}
++
 +int
 +ConnectToUnixSocket(char *file) {
 +	int sock;
@@ -8368,12 +8660,10 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/sockets.c vnc_unixsrc/vncview
 +	}
 +
 +	return sock;
-+}
-+
+ }
  
- /*
-  * ConnectToTcpAddr connects to the given TCP port.
-@@ -203,6 +543,8 @@
+ 
+@@ -203,6 +567,8 @@
    struct sockaddr_in addr;
    int one = 1;
  
@@ -8382,7 +8672,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/sockets.c vnc_unixsrc/vncview
    addr.sin_family = AF_INET;
    addr.sin_port = htons(port);
    addr.sin_addr.s_addr = host;
-@@ -232,7 +574,22 @@
+@@ -232,7 +598,22 @@
    return sock;
  }
  
@@ -8405,7 +8695,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/sockets.c vnc_unixsrc/vncview
  
  /*
   * FindFreeTcpPort tries to find unused TCP port in the range
-@@ -245,6 +602,8 @@
+@@ -245,6 +626,8 @@
    int sock, port;
    struct sockaddr_in addr;
  
@@ -8414,7 +8704,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/sockets.c vnc_unixsrc/vncview
    addr.sin_family = AF_INET;
    addr.sin_addr.s_addr = INADDR_ANY;
  
-@@ -272,6 +631,8 @@
+@@ -272,6 +655,8 @@
   * ListenAtTcpPort starts listening at the given TCP port.
   */
  
@@ -8423,7 +8713,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/sockets.c vnc_unixsrc/vncview
  int
  ListenAtTcpPort(int port)
  {
-@@ -279,10 +640,16 @@
+@@ -279,10 +664,16 @@
    struct sockaddr_in addr;
    int one = 1;
  
@@ -8495,599 +8785,9 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/tunnel.c vnc_unixsrc/vncviewe
    }
  
    sprintf(lastArgv, "localhost::%d", localPort);
-diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer._man vnc_unixsrc/vncviewer/vncviewer._man
---- vnc_unixsrc.orig/vncviewer/vncviewer._man	1969-12-31 19:00:00.000000000 -0500
-+++ vnc_unixsrc/vncviewer/vncviewer._man	2008-09-02 13:31:57.000000000 -0400
-@@ -0,0 +1,586 @@
-+'\" t
-+.\" ** The above line should force tbl to be a preprocessor **
-+.\" Man page for X vncviewer
-+.\"
-+.\" Copyright (C) 1998 Marcus.Brinkmann@ruhr-uni-bochum.de
-+.\" Copyright (C) 2000,2001 Red Hat, Inc.
-+.\" Copyright (C) 2001-2003 Constantin Kaplinsky <const@ce.cctpu.edu.ru>
-+.\" Copyright (C) 2006-2008 Karl J. Runge <runge@karlrunge.com>
-+.\"
-+.\" You may distribute under the terms of the GNU General Public
-+.\" License as specified in the file LICENCE.TXT that comes with the
-+.\" TightVNC distribution.
-+.\"
-+.TH ssvncviewer 1 "August 2008" "" "SSVNC"
-+.SH NAME
-+ssvncviewer \- an X viewer client for VNC
-+.SH SYNOPSIS
-+.B ssvncviewer
-+.RI [\| options \|]
-+.RI [\| host \|][\| :display \|]
-+.br
-+.B ssvncviewer
-+.RI [\| options \|]
-+.RI [\| host \|][\| ::port \|]
-+.br
-+.B ssvncviewer
-+.RI [\| options \|]
-+.RI exec=[\| cmd+args... \|]
-+.br
-+.B ssvncviewer
-+.RI [\| options \|]
-+.RI /path/to/unix/socket
-+.br
-+.B ssvncviewer
-+.RI [\| options \|]
-+.IR \-listen
-+.RI [\| display \|]
-+.br
-+.B ssvncviewer
-+.IR \-help
-+.br
-+.SH DESCRIPTION
-+.B ssvncviewer
-+is an Xt\-based client application for the VNC (Virtual Network
-+Computing) system. It can connect to any VNC\-compatible server such
-+as \fBXvnc\fR, WinVNC, or \fBx11vnc\fR, allowing you to control desktop environment
-+of a different machine.
-+
-+ssvncviewer is an enhanced version of the tightvnc unix viewer that can
-+take advantage of features in the \fBx11vnc\fR and UltraVNC VNC servers.
-+See below for the description of these features.
-+
-+You can use F8 to display a pop\-up utility menu. Press F8 twice to
-+pass single F8 to the remote side.
-+.SH OPTIONS
-+.TP
-+\fB\-help\fR
-+Prints a short usage notice to stderr.
-+.TP
-+\fB\-listen\fR
-+Make the viewer listen on port 5500+\fIdisplay\fR for reverse
-+connections from a server. WinVNC supports reverse connections using
-+the "Add New Client" menu option, or the \-connect command line
-+option. \fBXvnc\fR requires the use of the helper program
-+\fBvncconnect\fR.
-+.TP
-+\fB\-via\fR \fIgateway\fR
-+Automatically create encrypted TCP tunnel to the \fIgateway\fR machine
-+before connection, connect to the \fIhost\fR through that tunnel
-+(TightVNC\-specific). By default, this option invokes SSH local port
-+forwarding, assuming that SSH client binary can be accessed as
-+/usr/bin/ssh. Note that when using the \fB\-via\fR option, the host
-+machine name should be specified as known to the gateway machine, e.g. 
-+"localhost" denotes the \fIgateway\fR, not the machine where vncviewer
-+was launched. See the ENVIRONMENT section below for the information on
-+configuring the \fB\-via\fR option.
-+.TP
-+\fB\-shared\fR
-+When connecting, specify that a shared connection is requested. In
-+TightVNC, this is the default mode, allowing you to share the desktop
-+with other clients already using it.
-+.TP
-+\fB\-noshared\fR
-+When connecting, specify that the session may not be shared. This
-+would either disconnect other connected clients or refuse your
-+connection, depending on the server configuration.
-+.TP
-+\fB\-viewonly\fR
-+Disable transfer of mouse and keyboard events from the client to the
-+server.
-+.TP
-+\fB\-fullscreen\fR
-+Start in full\-screen mode. Please be aware that operating in
-+full\-screen mode may confuse X window managers. Typically, such
-+conflicts cause incorrect handling of input focus or make the viewer
-+window disappear mysteriously. See the grabKeyboard setting in the
-+RESOURCES section below for a method to solve input focus problem.
-+.TP
-+\fB\-noraiseonbeep\fR
-+By default, the viewer shows and raises its window on remote beep
-+(bell) event. This option disables such behaviour
-+(TightVNC\-specific).
-+.TP
-+\fB\-user\fR \fIusername\fR
-+User name for Unix login authentication. Default is to use current
-+Unix user name. If this option was given, the viewer will prefer Unix
-+login authentication over the standard VNC authentication.
-+.TP
-+\fB\-passwd\fR \fIpasswd\-file\fR
-+File from which to get the password (as generated by the
-+\fBvncpasswd\fR(1) program). This option affects only the standard VNC
-+authentication.
-+.TP
-+\fB\-encodings\fR \fIencoding\-list\fR
-+TightVNC supports several different compression methods to encode
-+screen updates; this option specifies a set of them to use in order of
-+preference. Encodings are specified separated with spaces, and must
-+thus be enclosed in quotes if more than one is specified. Available
-+encodings, in default order for a remote connection, are "copyrect
-+tight hextile zlib corre rre raw". For a local connection (to the same
-+machine), the default order to try is "raw copyrect tight hextile zlib
-+corre rre". Raw encoding is always assumed as a last option if no
-+other encoding can be used for some reason. For more information on
-+encodings, see the section ENCODINGS below.
-+.TP
-+\fB\-bgr233\fR
-+Always use the BGR233 format to encode pixel data. This reduces
-+network traffic, but colors may be represented inaccurately. The
-+bgr233 format is an 8\-bit "true color" format, with 2 bits blue, 3
-+bits green, and 3 bits red.
-+.TP
-+\fB\-owncmap\fR
-+Try to use a PseudoColor visual and a private colormap. This allows
-+the VNC server to control the colormap.
-+.TP
-+\fB\-truecolour\fR, \fB\-truecolor\fR
-+Try to use a TrueColor visual.
-+.TP
-+\fB\-depth\fR \fIdepth\fR
-+On an X server which supports multiple TrueColor visuals of different
-+depths, attempt to use the specified one (in bits per pixel); if
-+successful, this depth will be requested from the VNC server.
-+.TP
-+\fB\-compresslevel \fIlevel\fR
-+Use specified compression \fIlevel\fR (0..9) for "tight" and "zlib"
-+encodings (TightVNC\-specific). Level 1 uses minimum of CPU time and
-+achieves weak compression ratios, while level 9 offers best
-+compression but is slow in terms of CPU time consumption on the server
-+side. Use high levels with very slow network connections, and low
-+levels when working over high\-speed LANs. It's not recommended to use
-+compression level 0, reasonable choices start from the level 1.
-+.TP
-+\fB\-quality \fIlevel\fR
-+Use the specified JPEG quality \fIlevel\fR (0..9) for the "tight"
-+encoding (TightVNC\-specific). Quality level 0 denotes bad image
-+quality but very impressive compression ratios, while level 9 offers
-+very good image quality at lower compression ratios. Note that the
-+"tight" encoder uses JPEG to encode only those screen areas that look
-+suitable for lossy compression, so quality level 0 does not always
-+mean unacceptable image quality.
-+.TP
-+\fB\-nojpeg\fR
-+Disable lossy JPEG compression in Tight encoding (TightVNC\-specific). 
-+Disabling JPEG compression is not a good idea in typical cases, as
-+that makes the Tight encoder less efficient. You might want to use
-+this option if it's absolutely necessary to achieve perfect image
-+quality (see also the \fB\-quality\fR option).
-+.TP
-+\fB\-nocursorshape\fR
-+Disable cursor shape updates, protocol extensions used to handle
-+remote cursor movements locally on the client side
-+(TightVNC\-specific). Using cursor shape updates decreases delays with
-+remote cursor movements, and can improve bandwidth usage dramatically. 
-+.TP
-+\fB\-x11cursor\fR
-+Use a real X11 cursor with X-style cursor shape updates, instead of
-+drawing the remote cursor on the framebuffer. This option also
-+disables the dot cursor, and disables cursor position updates in
-+non-fullscreen mode.
-+.TP
-+\fB\-autopass\fR
-+Read a plain-text password from stdin. This option affects only the
-+standard VNC authentication.
-+
-+.SH Enhanced TightVNC Viewer (SSVNC) OPTIONS
-+.TP
-+Enhanced TightVNC Viewer (SSVNC) web page is located at:
-+.TP
-+http://www.karlrunge.com/x11vnc/ssvnc.html
-+.TP
-+Note: ZRLE and ZYWRLE encodings are now supported.
-+.TP
-+Note: F9 is shortcut to Toggle FullScreen mode.
-+.TP
-+Note: In -listen mode set the env var. SSVNC_MULTIPLE_LISTEN=1
-+to allow more than one incoming VNC server at a time.
-+.TP
-+Note: If the host:port is specified as "exec=command args..."
-+then instead of making a TCP/IP socket connection to the
-+remote VNC server, "command args..." is executed and the
-+viewer is attached to its stdio.  This enables tunnelling
-+established via an external command, e.g. an stunnel(8)
-+that does not involve a listening socket.
-+This mode does not work for -listen reverse connections.
-+.TP
-+Note: If the host:port contains a '/' it is interpreted as a
-+unix-domain socket (AF_LOCAL insead of AF_INET)
-+.TP
-+\fB\-use64\fR
-+In \fB\-bgr233\fR mode, use 64 colors instead of 256.
-+.TP
-+\fB\-bgr222\fR
-+Same as \fB\-use64\fR.
-+.TP
-+\fB\-use8\fR
-+In \fB\-bgr233\fR mode, use 8 colors instead of 256.
-+.TP
-+\fB\-bgr111\fR
-+Same as \fB\-use8\fR.
-+.TP
-+\fB\-16bpp\fR
-+If the vnc viewer X display is depth 24 at 32bpp
-+request a 16bpp format from the VNC server to cut
-+network traffic by up to 2X, then tranlate the
-+pixels to 32bpp locally.
-+.TP
-+\fB\-bgr565\fR
-+Same as \fB\-16bpp\fR.
-+.TP
-+\fB\-grey\fR
-+Use a grey scale for the 16- and 8\fB\-bpp\fR modes.
-+.TP
-+\fB\-alpha\fR
-+Use alphablending transparency for local cursors
-+requires: x11vnc server, both client and server
-+must be 32bpp and same endianness.
-+.TP
-+\fB\-ycrop\fR n
-+Only show the top n rows of the framebuffer.  For
-+use with x11vnc \fB\-ncache\fR client caching option
-+to help "hide" the pixel cache region.
-+Use a negative value (e.g. \fB\-1\fR) for autodetection.
-+Autodetection will always take place if the remote
-+fb height is more than 2 times the width.
-+.TP
-+\fB\-sbwidth\fR n
-+Scrollbar width for x11vnc \fB\-ncache\fR mode (\fB\-ycrop\fR),
-+default is very narrow: 2 pixels, it is narrow to
-+avoid distraction in \fB\-ycrop\fR mode.
-+.TP
-+\fB\-nobell\fR
-+Disable bell.
-+.TP
-+\fB\-rawlocal\fR
-+Prefer raw encoding for localhost, default is
-+no, i.e. assumes you have a SSH tunnel instead.
-+.TP
-+\fB\-graball\fR
-+Grab the entire X server when in fullscreen mode,
-+needed by some old window managers like fvwm2.
-+.TP
-+\fB\-popupfix\fR
-+Warp the popup back to the pointer position,
-+needed by some old window managers like fvwm2.
-+.TP
-+\fB\-grabkbd\fR
-+Grab the X keyboard when in fullscreen mode,
-+needed by some window managers. Same as \fB\-grabkeyboard\fR.
-+\fB\-grabkbd\fR is the default, use \fB\-nograbkbd\fR to disable.
-+.TP
-+\fB\-bs\fR, \fB\-nobs\fR
-+Whether or not to use X server Backingstore for the
-+main viewer window.  The default is to not, mainly
-+because most Linux, etc, systems X servers disable
-+*all* Backingstore by default.  To re\fB\-enable\fR it put
-+Option "Backingstore"
-+in the Device section of /etc/X11/xorg.conf.
-+In \fB\-bs\fR mode with no X server backingstore, whenever an
-+area of the screen is re\fB\-exposed\fR it must go out to the
-+VNC server to retrieve the pixels. This is too slow.
-+In \fB\-nobs\fR mode, memory is allocated by the viewer to
-+provide its own backing of the main viewer window. This
-+actually makes some activities faster (changes in large
-+regions) but can appear to "flash" too much.
-+.TP
-+\fB\-noshm\fR
-+Disable use of MIT shared memory extension (not recommended)
-+.TP
-+\fB\-termchat\fR
-+Do the UltraVNC chat in the terminal vncviewer is in
-+instead of in an independent window.
-+.TP
-+\fB\-unixpw\fR
-+str Useful for logging into x11vnc in \fB\-unixpw\fR mode. "str" is a
-+string that allows many ways to enter the Unix Username
-+and Unix Password.  These characters: username, newline,
-+password, newline are sent to the VNC server after any VNC
-+authentication has taken place.  Under x11vnc they are
-+used for the \fB\-unixpw\fR login.  Other VNC servers could do
-+something similar.
-+You can also indicate "str" via the environment
-+variable SSVNC_UNIXPW.
-+Note that the Escape key is actually sent first to tell
-+x11vnc to not echo the Unix Username back to the VNC
-+viewer. Set SSVNC_UNIXPW_NOESC=1 to override this.
-+If str is ".", then you are prompted at the command line
-+for the username and password in the normal way.  If str is
-+"-" the stdin is read via getpass(3) for username@password.
-+Otherwise if str is a file, it is opened and the first line
-+read is taken as the Unix username and the 2nd as the
-+password. If str prefixed by "rm:" the file is removed
-+after reading. Otherwise, if str has a "@" character,
-+it is taken as username@password. Otherwise, the program
-+exits with an error. Got all that?
-+.TP
-+\fB-repeater\fR str  This is for use with UltraVNC repeater proxy described
-+here: http://www.uvnc.com/addons/repeater.html.  The "str"
-+is the ID string to be sent to the repeater.  E.g. ID:1234
-+It can also be the hostname and port or display of the VNC
-+server, e.g. 12.34.56.78:0 or snoopy.com:1.  Note that when
-+using -repeater, the host:dpy on the cmdline is the repeater
-+server, NOT the VNC server.  The repeater will connect you.
-+Example: vncviewer ... -repeater ID:3333 repeat.host:5900
-+Example: vncviewer ... -repeater vhost:0 repeat.host:5900
-+.TP
-+\fB\-printres\fR  Print out the Ssvnc X resources (appdefaults) and
-+then exit. You can save them to a file and customize them (e.g. the
-+keybindings and Popup menu)  Then point to the file via
-+XENVIRONMENT or XAPPLRESDIR.
-+.TP
-+\fB New Popup actions:\fR
-+
-+ ViewOnly:                ~ -viewonly
-+ Disable Bell:            ~ -nobell
-+ Cursor Shape:            ~ -nocursorshape
-+ X11 Cursor:              ~ -x11cursor
-+ Cursor Alphablend:       ~ -alpha
-+ Toggle Tight/ZRLE:       ~ -encodings ...
-+ Toggle ZRLE/ZYWRLE:      ~ -encodings zywrle...
-+ Quality Level            ~ -quality (both Tight and ZYWRLE)
-+ Compress Level           ~ -compresslevel
-+ Disable JPEG:            ~ -nojpeg  (Tight)
-+ Full Color               ~ as many colors as local screen allows.
-+ Grey scale (16 & 8-bpp)  ~ -grey, for low colors 16/8bpp modes.
-+ 16 bit color (BGR565)    ~ -16bpp / -bgr565
-+ 8  bit color (BGR233)    ~ -bgr233
-+ 256 colors               ~ -bgr233 default # of colors.
-+  64 colors               ~ -bgr222 / -use64
-+   8 colors               ~ -bgr111 / -use8
-+ Set Y Crop (y-max)       ~ -ycrop
-+ Set Scrollbar Width      ~ -sbwidth
-+
-+ UltraVNC Extensions:
-+
-+ Set 1/n Server Scale  Ultravnc ext. Scale desktop by 1/n.
-+ Text Chat             Ultravnc ext. Do Text Chat.
-+ File Transfer         Ultravnc ext. File xfer via Java helper.
-+ Single Window         Ultravnc ext. Grab a single window.
-+                       (click on the window you want).
-+ Disable Remote Input  Ultravnc ext. Try to prevent input and
-+                       viewing of monitor at physical display.
-+
-+ Note: the Ultravnc extensions only apply to servers that
-+ support them.  x11vnc/libvncserver supports some of them.
-+
-+.SH ENCODINGS
-+The server supplies information in whatever format is desired by the
-+client, in order to make the client as easy as possible to implement. 
-+If the client represents itself as able to use multiple formats, the
-+server will choose one.
-+
-+.I Pixel format
-+refers to the representation of an individual pixel. The most common
-+formats are 24 and 16 bit "true\-color" values, and 8\-bit "color map"
-+representations, where an arbitrary map converts the color number to
-+RGB values.
-+
-+.I Encoding
-+refers to how a rectangle of pixels are sent (all pixel information in
-+VNC is sent as rectangles). All rectangles come with a header giving
-+the location and size of the rectangle and an encoding type used by
-+the data which follows. These types are listed below.
-+.TP
-+.B Raw
-+The raw encoding simply sends width*height pixel values. All clients
-+are required to support this encoding type. Raw is also the fastest
-+when the server and viewer are on the same machine, as the connection
-+speed is essentially infinite and raw encoding minimizes processing
-+time.
-+.TP
-+.B CopyRect
-+The Copy Rectangle encoding is efficient when something is being
-+moved; the only data sent is the location of a rectangle from which
-+data should be copied to the current location. Copyrect could also be
-+used to efficiently transmit a repeated pattern.
-+.TP
-+.B RRE
-+The Rise\-and\-Run\-length\-Encoding is basically a 2D version of
-+run\-length encoding (RLE). In this encoding, a sequence of identical
-+pixels are compressed to a single value and repeat count. In VNC, this
-+is implemented with a background color, and then specifications of an
-+arbitrary number of subrectangles and color for each. This is an
-+efficient encoding for large blocks of constant color.
-+.TP
-+.B CoRRE
-+This is a minor variation on RRE, using a maximum of 255x255 pixel
-+rectangles. This allows for single\-byte values to be used, reducing
-+packet size. This is in general more efficient, because the savings
-+from sending 1\-byte values generally outweighs the losses from the
-+(relatively rare) cases where very large regions are painted the same
-+color.
-+.TP
-+.B Hextile
-+Here, rectangles are split up in to 16x16 tiles, which are sent in a
-+predetermined order. The data within the tiles is sent either raw or
-+as a variant on RRE. Hextile encoding is usually the best choice for
-+using in high\-speed network environments (e.g. Ethernet local\-area
-+networks).
-+.TP
-+.B Zlib
-+Zlib is a very simple encoding that uses zlib library to compress raw
-+pixel data. This encoding achieves good compression, but consumes a
-+lot of CPU time. Support for this encoding is provided for
-+compatibility with VNC servers that might not understand Tight
-+encoding which is more efficient than Zlib in nearly all real\-life
-+situations.
-+.TP
-+.B Tight
-+Like Zlib encoding, Tight encoding uses zlib library to compress the
-+pixel data, but it pre\-processes data to maximize compression ratios,
-+and to minimize CPU usage on compression. Also, JPEG compression may
-+be used to encode color\-rich screen areas (see the description of
-+\-quality and \-nojpeg options above). Tight encoding is usually the
-+best choice for low\-bandwidth network environments (e.g. slow modem
-+connections).
-+.TP
-+.B ZRLE
-+The SSVNC viewer has ported the RealVNC (www.realvnc.com) ZRLE encoding
-+to the unix tightvnc viewer.
-+.TP
-+.B ZYWRLE
-+The SSVNC viewer has ported the Hitachi lossy wavelet based ZRLE
-+encoding from http://mobile.hitachi-system.co.jp/publications/ZYWRLE/ 
-+to the unix tightvnc viewer.
-+.SH RESOURCES
-+X resources that \fBvncviewer\fR knows about, aside from the
-+normal Xt resources, are as follows:
-+.TP
-+.B shareDesktop
-+Equivalent of \fB\-shared\fR/\fB\-noshared\fR options. Default true.
-+.TP
-+.B viewOnly
-+Equivalent of \fB\-viewonly\fR option. Default false.
-+.TP
-+.B fullScreen
-+Equivalent of \fB\-fullscreen\fR option. Default false.
-+.TP
-+.B grabKeyboard
-+Grab keyboard in full-screen mode. This can help to solve problems
-+with losing keyboard focus. Default false.
-+.TP
-+.B raiseOnBeep
-+Equivalent of \fB\-noraiseonbeep\fR option, when set to false. Default
-+true.
-+.TP
-+.B passwordFile
-+Equivalent of \fB\-passwd\fR option.
-+.TP
-+.B userLogin
-+Equivalent of \fB\-user\fR option.
-+.TP
-+.B passwordDialog
-+Whether to use a dialog box to get the password (true) or get it from
-+the tty (false). Irrelevant if \fBpasswordFile\fR is set. Default
-+false.
-+.TP
-+.B encodings
-+Equivalent of \fB\-encodings\fR option.
-+.TP
-+.B compressLevel
-+Equivalent of \fB\-compresslevel\fR option (TightVNC\-specific).
-+.TP
-+.B qualityLevel
-+Equivalent of \fB\-quality\fR option (TightVNC\-specific).
-+.TP
-+.B enableJPEG
-+Equivalent of \fB\-nojpeg\fR option, when set to false. Default true.
-+.TP
-+.B useRemoteCursor
-+Equivalent of \fB\-nocursorshape\fR option, when set to false
-+(TightVNC\-specific). Default true.
-+.TP
-+.B useBGR233
-+Equivalent of \fB\-bgr233\fR option. Default false.
-+.TP
-+.B nColours
-+When using BGR233, try to allocate this many "exact" colors from the
-+BGR233 color cube. When using a shared colormap, setting this resource
-+lower leaves more colors for other X clients. Irrelevant when using
-+truecolor. Default is 256 (i.e. all of them).
-+.TP
-+.B useSharedColours
-+If the number of "exact" BGR233 colors successfully allocated is less
-+than 256 then the rest are filled in using the "nearest" colors
-+available. This resource says whether to only use the "exact" BGR233
-+colors for this purpose, or whether to use other clients' "shared"
-+colors as well. Default true (i.e. use other clients' colors).
-+.TP
-+.B forceOwnCmap
-+Equivalent of \fB\-owncmap\fR option. Default false.
-+.TP
-+.B forceTrueColour
-+Equivalent of \fB\-truecolour\fR option. Default false.
-+.TP
-+.B requestedDepth
-+Equivalent of \fB\-depth\fR option.
-+.TP
-+.B useSharedMemory
-+Use MIT shared memory extension if on the same machine as the X
-+server. Default true.
-+.TP
-+.B wmDecorationWidth, wmDecorationHeight
-+The total width and height taken up by window manager decorations.
-+This is used to calculate the maximum size of the VNC viewer window. 
-+Default is width 4, height 24.
-+.TP
-+.B bumpScrollTime, bumpScrollPixels
-+When in full screen mode and the VNC desktop is bigger than the X
-+display, scrolling happens whenever the mouse hits the edge of the
-+screen. The maximum speed of scrolling is bumpScrollPixels pixels
-+every bumpScrollTime milliseconds. The actual speed of scrolling will
-+be slower than this, of course, depending on how fast your machine is. 
-+Default 20 pixels every 25 milliseconds.
-+.TP
-+.B popupButtonCount
-+The number of buttons in the popup window. See the README file for
-+more information on how to customize the buttons.
-+.TP
-+.B debug
-+For debugging. Default false.
-+.TP
-+.B rawDelay, copyRectDelay
-+For debugging, see the README file for details. Default 0 (off).
-+.SH ENVIRONMENT
-+When started with the \fB\-via\fR option, vncviewer reads the
-+\fBVNC_VIA_CMD\fR environment variable, expands patterns beginning
-+with the "%" character, and executes result as a command assuming that
-+it would create TCP tunnel that should be used for VNC connection. If
-+not set, this environment variable defaults to "/usr/bin/ssh -f -L
-+%L:%H:%R %G sleep 20".
-+
-+The following patterns are recognized in the \fBVNC_VIA_CMD\fR (note
-+that all the patterns %G, %H, %L and %R must be present in the command
-+template):
-+.TP
-+.B %%
-+A literal "%";
-+.TP
-+.B %G
-+gateway host name;
-+.TP
-+.B %H
-+remote VNC host name, as known to the gateway;
-+.TP
-+.B %L
-+local TCP port number;
-+.TP
-+.B %R
-+remote TCP port number.
-+.SH SEE ALSO
-+\fBvncserver\fR(1), \fBXvnc\fR(1), \fBvncpasswd\fR(1),
-+\fBvncconnect\fR(1), \fBssh\fR(1)
-+.SH AUTHORS
-+Original VNC was developed in AT&T Laboratories Cambridge. TightVNC
-+additions was implemented by Constantin Kaplinsky. Many other people
-+participated in development, testing and support.
-+
-+\fBMan page authors:\fR
-+.br
-+Marcus Brinkmann <Marcus.Brinkmann@ruhr-uni-bochum.de>,
-+.br
-+Terran Melconian <terran@consistent.org>,
-+.br
-+Tim Waugh <twaugh@redhat.com>,
-+.br
-+Constantin Kaplinsky <const@ce.cctpu.edu.ru>
 diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.c vnc_unixsrc/vncviewer/vncviewer.c
 --- vnc_unixsrc.orig/vncviewer/vncviewer.c	2004-01-13 09:22:05.000000000 -0500
-+++ vnc_unixsrc/vncviewer/vncviewer.c	2008-09-06 16:54:58.000000000 -0400
++++ vnc_unixsrc/vncviewer/vncviewer.c	2008-09-09 00:08:07.000000000 -0400
 @@ -22,6 +22,7 @@
   */
  
@@ -9096,7 +8796,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.c vnc_unixsrc/vncvi
  
  char *programName;
  XtAppContext appContext;
-@@ -29,11 +30,168 @@
+@@ -29,11 +30,179 @@
  
  Widget toplevel;
  
@@ -9264,10 +8964,21 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.c vnc_unixsrc/vncvi
 -  programName = argv[0];
 +	int i, save_sbw;
 +	programName = argv[0];
++
++	for (i = 1; i < argc; i++) {
++		if (strcmp(argv[i], "-env") == 0) {
++			if (i+1 < argc) {
++				char *estr = argv[i+1];
++				if (strchr(estr, '=')) {
++					putenv(estr);
++				}
++			}
++		}
++	}
  
    /* The -listen option is used to make us a daemon process which listens for
       incoming connections from servers, rather than actively connecting to a
-@@ -45,89 +203,1219 @@
+@@ -45,89 +214,1235 @@
       listenForIncomingConnections() returns, setting the listenSpecified
       flag. */
  
@@ -9381,13 +9092,26 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.c vnc_unixsrc/vncvi
 -  if (!listenSpecified) {
 -    if (!ConnectToRFBServer(vncServerHost, vncServerPort)) exit(1);
 -  }
++	if (appData.repeaterUltra == NULL) {
++		if (getenv("SSVNC_REPEATER") != NULL) {
++			appData.repeaterUltra = strdup(getenv("SSVNC_REPEATER"));
++		}
++	}
++
 +	if (!listenSpecified) {
 +		if (!ConnectToRFBServer(vncServerHost, vncServerPort)) {
 +			exit(1);
 +		}
 +		if (appData.repeaterUltra != NULL) {
 +			char tmp[256];
++			if (strstr(appData.repeaterUltra, "SCIII=") == appData.repeaterUltra) {
++				appData.repeaterUltra = strdup(appData.repeaterUltra + strlen("SCIII="));
++				fprintf(stderr, "sending 'testB' to ultravnc SC III SSL repeater...\n");
++				WriteExact(rfbsock, "testB" , 5); 
++			}
 +			if (ReadFromRFBServer(tmp, 12)) {
++				tmp[12] = '\0';
++				fprintf(stderr, "repeater 1st proto line: '%s'\n", tmp);
 +				if (strstr(tmp, "RFB 000.000") == tmp) {
 +					int i;
 +					for (i=0; i<256; i++) {
@@ -9399,8 +9123,11 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.c vnc_unixsrc/vncvi
 +						}
 +						tmp[i] = appData.repeaterUltra[i];
 +					}
-+					WriteExact(rfbsock, tmp,250); 
++					fprintf(stderr, "sending '%s' to repeater...\n", tmp);
++					WriteExact(rfbsock, tmp, 250); 
 +				}
++			} else {
++				fprintf(stderr, "repeater NO proto line!\n");
 +			}
 +		}
 +	}
@@ -9596,8 +9323,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.c vnc_unixsrc/vncvi
 +	}
 +	schedule_format_change();
 +}
- 
--  Cleanup();
++
 +/*
 + * ToggleNColors
 + */
@@ -10020,8 +9746,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.c vnc_unixsrc/vncvi
 +		set_server_scale(n);
 +	}
 +}
- 
--  return 0;
++
 +void set_server_quality(int n) {
 +	fprintf(stderr, "set_quality: %d\n", n);
 +	if (n >= 0 && n <= 9) {
@@ -10090,7 +9815,8 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.c vnc_unixsrc/vncvi
 +	}
 +}
 +
-+
+ 
+-  Cleanup();
 +void set_ycrop(int n) {
 +	if (n >= 1) {
 +		int w = si.framebufferWidth;
@@ -10123,7 +9849,8 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.c vnc_unixsrc/vncvi
 +		set_ycrop(n);
 +	}
 +}
-+
+ 
+-  return 0;
 +void set_scbar(int n) {
 +	if (n >= 1) {
 +		int w = si.framebufferWidth;
@@ -10525,7 +10252,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.c vnc_unixsrc/vncvi
  }
 diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.h vnc_unixsrc/vncviewer/vncviewer.h
 --- vnc_unixsrc.orig/vncviewer/vncviewer.h	2004-03-11 13:14:40.000000000 -0500
-+++ vnc_unixsrc/vncviewer/vncviewer.h	2008-09-02 12:21:52.000000000 -0400
++++ vnc_unixsrc/vncviewer/vncviewer.h	2008-09-13 13:54:01.000000000 -0400
 @@ -51,7 +51,7 @@
  			     (((l) & 0x0000ff00) << 8)  | \
  			     (((l) & 0x000000ff) << 24))  : (l))
@@ -10535,7 +10262,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.h vnc_unixsrc/vncvi
  
  #define FLASH_PORT_OFFSET 5400
  #define LISTEN_PORT_OFFSET 5500
-@@ -68,51 +68,75 @@
+@@ -68,51 +68,77 @@
  /* argsresources.c */
  
  typedef struct {
@@ -10611,6 +10338,8 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.h vnc_unixsrc/vncvi
 +	char *userLogin;
 +	char *unixPW;
 +	char *repeaterUltra;
++	Bool ultraDSM;
++	char *rfbVersion;
 +
 +	char *passwordFile;
 +	Bool passwordDialog;
@@ -10652,7 +10381,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.h vnc_unixsrc/vncvi
  
  extern char *fallback_resources[];
  extern char vncServerHost[];
-@@ -130,10 +154,11 @@
+@@ -130,10 +156,11 @@
  /* colour.c */
  
  extern unsigned long BGR233ToPixel[];
@@ -10665,7 +10394,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.h vnc_unixsrc/vncvi
  
  extern void SetVisualAndCmap();
  
-@@ -157,13 +182,40 @@
+@@ -157,13 +184,40 @@
  
  extern void DesktopInitBeforeRealization();
  extern void DesktopInitAfterRealization();
@@ -10706,7 +10435,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.h vnc_unixsrc/vncvi
  extern void ServerDialogDone(Widget w, XEvent *event, String *params,
  			     Cardinal *num_params);
  extern char *DoServerDialog();
-@@ -181,6 +233,11 @@
+@@ -181,6 +235,11 @@
  extern void FullScreenOn();
  extern void FullScreenOff();
  
@@ -10718,7 +10447,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.h vnc_unixsrc/vncvi
  /* listen.c */
  
  extern void listenForIncomingConnections();
-@@ -207,6 +264,18 @@
+@@ -207,6 +266,18 @@
  		      Cardinal *num_params);
  extern void CreatePopup();
  
@@ -10737,7 +10466,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.h vnc_unixsrc/vncvi
  /* rfbproto.c */
  
  extern int rfbsock;
-@@ -229,6 +298,15 @@
+@@ -229,6 +300,15 @@
  extern Bool SendClientCutText(char *str, int len);
  extern Bool HandleRFBServerMessage();
  
@@ -10753,7 +10482,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.h vnc_unixsrc/vncvi
  extern void PrintPixelFormat(rfbPixelFormat *format);
  
  /* selection.c */
-@@ -241,8 +319,9 @@
+@@ -241,8 +321,9 @@
  
  /* shm.c */
  
@@ -10764,7 +10493,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.h vnc_unixsrc/vncvi
  
  /* sockets.c */
  
-@@ -253,8 +332,11 @@
+@@ -253,8 +334,11 @@
  extern int FindFreeTcpPort(void);
  extern int ListenAtTcpPort(int port);
  extern int ConnectToTcpAddr(unsigned int host, int port);
@@ -10776,7 +10505,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.h vnc_unixsrc/vncvi
  
  extern int StringToIPAddr(const char *str, unsigned int *addr);
  extern Bool SameMachine(int sock);
-@@ -271,3 +353,63 @@
+@@ -271,3 +355,63 @@
  extern XtAppContext appContext;
  extern Display* dpy;
  extern Widget toplevel;
@@ -10842,7 +10571,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.h vnc_unixsrc/vncvi
 +extern void SetFileXferState(Widget w, XEvent *ev, String *params, Cardinal *num_params);
 diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.man vnc_unixsrc/vncviewer/vncviewer.man
 --- vnc_unixsrc.orig/vncviewer/vncviewer.man	2004-03-11 13:14:40.000000000 -0500
-+++ vnc_unixsrc/vncviewer/vncviewer.man	2008-09-02 13:31:57.000000000 -0400
++++ vnc_unixsrc/vncviewer/vncviewer.man	2008-09-14 14:32:53.000000000 -0400
 @@ -5,38 +5,51 @@
  .\" Copyright (C) 1998 Marcus.Brinkmann@ruhr-uni-bochum.de
  .\" Copyright (C) 2000,2001 Red Hat, Inc.
@@ -10903,7 +10632,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.man vnc_unixsrc/vnc
  You can use F8 to display a pop\-up utility menu. Press F8 twice to
  pass single F8 to the remote side.
  .SH OPTIONS
-@@ -168,6 +181,188 @@
+@@ -168,6 +181,227 @@
  \fB\-autopass\fR
  Read a plain-text password from stdin. This option affects only the
  standard VNC authentication.
@@ -10920,6 +10649,9 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.man vnc_unixsrc/vnc
 +.TP
 +Note: In -listen mode set the env var. SSVNC_MULTIPLE_LISTEN=1
 +to allow more than one incoming VNC server at a time.
++This is the same as -multilisten described below.  Set
++SSVNC_MULTIPLE_LISTEN=MAX:n to allow no more than "n"
++simultaneous reverse connections.
 +.TP
 +Note: If the host:port is specified as "exec=command args..."
 +then instead of making a TCP/IP socket connection to the
@@ -10932,6 +10664,14 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.man vnc_unixsrc/vnc
 +Note: If the host:port contains a '/' it is interpreted as a
 +unix-domain socket (AF_LOCAL insead of AF_INET)
 +.TP
++\fB\-multilisten\fR
++As in -listen (reverse connection listening) except
++allow more than one incoming VNC server to be connected
++at a time.  The default for -listen of only one at a
++time tries to play it safe by not allowing anyone on
++the network to put (many) desktops on your screen over
++a long window of time. Use -multilisten for no limit.
++.TP
 +\fB\-use64\fR
 +In \fB\-bgr233\fR mode, use 64 colors instead of 256.
 +.TP
@@ -11016,8 +10756,8 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.man vnc_unixsrc/vnc
 +Do the UltraVNC chat in the terminal vncviewer is in
 +instead of in an independent window.
 +.TP
-+\fB\-unixpw\fR
-+str Useful for logging into x11vnc in \fB\-unixpw\fR mode. "str" is a
++\fB\-unixpw\fR \fIstr\fR
++Useful for logging into x11vnc in \fB\-unixpw\fR mode. "str" is a
 +string that allows many ways to enter the Unix Username
 +and Unix Password.  These characters: username, newline,
 +password, newline are sent to the VNC server after any VNC
@@ -11039,17 +10779,45 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.man vnc_unixsrc/vnc
 +it is taken as username@password. Otherwise, the program
 +exits with an error. Got all that?
 +.TP
-+\fB-repeater\fR str  This is for use with UltraVNC repeater proxy described
++\fB-repeater\fR \fIstr\fR
++This is for use with UltraVNC repeater proxy described
 +here: http://www.uvnc.com/addons/repeater.html.  The "str"
 +is the ID string to be sent to the repeater.  E.g. ID:1234
 +It can also be the hostname and port or display of the VNC
 +server, e.g. 12.34.56.78:0 or snoopy.com:1.  Note that when
 +using -repeater, the host:dpy on the cmdline is the repeater
 +server, NOT the VNC server.  The repeater will connect you.
++
 +Example: vncviewer ... -repeater ID:3333 repeat.host:5900
++
 +Example: vncviewer ... -repeater vhost:0 repeat.host:5900
++
++Use, e.g., '-repeater SCIII=ID:3210' if the repeater is a
++Single Click III (SSL) repeater (repeater_SSL.exe) and you
++are passing the SSL part of the connection through stunnel, socat, etc.
++This way the magic UltraVNC string 'testB' needed to work with the
++repeater is sent to it.
++.TP
++\fB-rfbversion\fR \fIstr\fR
++Set the advertised RFB version.  E.g.: -rfbversion 3.6  For some
++servers, e.g. UltraVNC this needs to be done.
++.TP
++\fB-ultradsm\fR
++UltraVNC has symmetric private encryption DSM plugins.  See
++http://www.uvnc.com/features/encryption.html.  It is assumed
++you are using a unix program (e.g. our ultravnc_dsm_helper) to
++encrypt and decrypt the UltraVNC DSM stream. IN ADDITION TO
++THAT supply -ultradsm to tell THIS viewer to modify the RFB
++data sent so as to work with the UltraVNC Server.  For some
++reason, each RFB msg type must be sent twice under DSM.
 +.TP
-+\fB\-printres\fR  Print out the Ssvnc X resources (appdefaults) and
++\fB-env\fR \fIVAR=VALUE\fR
++To save writing a shell script to set environment
++variables, specify as many as you need on the command line.  For example,
++-env SSVNC_MULTIPLE_LISTEN=MAX:5 -env EDITOR=vi
++.TP
++\fB\-printres\fR
++Print out the Ssvnc X resources (appdefaults) and
 +then exit. You can save them to a file and customize them (e.g. the
 +keybindings and Popup menu)  Then point to the file via
 +XENVIRONMENT or XAPPLRESDIR.
@@ -11092,7 +10860,7 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.man vnc_unixsrc/vnc
  .SH ENCODINGS
  The server supplies information in whatever format is desired by the
  client, in order to make the client as easy as possible to implement. 
-@@ -238,6 +433,15 @@
+@@ -238,6 +472,15 @@
  \-quality and \-nojpeg options above). Tight encoding is usually the
  best choice for low\-bandwidth network environments (e.g. slow modem
  connections).
@@ -11108,6 +10876,23 @@ diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/vncviewer.man vnc_unixsrc/vnc
  .SH RESOURCES
  X resources that \fBvncviewer\fR knows about, aside from the
  normal Xt resources, are as follows:
+@@ -364,8 +607,8 @@
+ .B %R
+ remote TCP port number.
+ .SH SEE ALSO
+-\fBvncserver\fR(1), \fBXvnc\fR(1), \fBvncpasswd\fR(1),
+-\fBvncconnect\fR(1), \fBssh\fR(1)
++\fBvncserver\fR(1), \fBx11vnc\fR(1), \fBssvnc\fR(1), \fBXvnc\fR(1), \fBvncpasswd\fR(1),
++\fBvncconnect\fR(1), \fBssh\fR(1), http://www.karlrunge.com/x11vnc, http://www.karlrunge.com/x11vnc/ssvnc.html
+ .SH AUTHORS
+ Original VNC was developed in AT&T Laboratories Cambridge. TightVNC
+ additions was implemented by Constantin Kaplinsky. Many other people
+@@ -380,3 +623,5 @@
+ Tim Waugh <twaugh@redhat.com>,
+ .br
+ Constantin Kaplinsky <const@ce.cctpu.edu.ru>
++.br
++Karl Runge <runge@karlrunge.com>
 diff -Naur -X ./exclude vnc_unixsrc.orig/vncviewer/zrle.c vnc_unixsrc/vncviewer/zrle.c
 --- vnc_unixsrc.orig/vncviewer/zrle.c	2007-02-04 18:59:50.000000000 -0500
 +++ vnc_unixsrc/vncviewer/zrle.c	2008-02-17 10:34:45.000000000 -0500
diff --git a/x11vnc/sslhelper.c b/x11vnc/sslhelper.c
index 2739e5c..2b07535 100644
--- a/x11vnc/sslhelper.c
+++ b/x11vnc/sslhelper.c
@@ -2041,6 +2041,9 @@ static int ssl_init(int s_in, int s_out) {
 	if (getenv("SSL_DEBUG")) {
 		db = atoi(getenv("SSL_DEBUG"));
 	}
+	if (getenv("SSL_INIT_TIMEOUT")) {
+		timeout = atoi(getenv("SSL_INIT_TIMEOUT"));
+	}
 	if (db) fprintf(stderr, "ssl_init: %d/%d\n", s_in, s_out);
 
 	ssl = SSL_new(ctx);
diff --git a/x11vnc/ssltools.h b/x11vnc/ssltools.h
index a2d6499..3824870 100644
--- a/x11vnc/ssltools.h
+++ b/x11vnc/ssltools.h
@@ -830,6 +830,52 @@ char find_display[] =
 "	pslist=`echo \"$psout\" | awk '{print $2}'`\n"
 "fi\n"
 "\n"
+"rchk() {\n"
+"	rr=rr	\n"
+"}\n"
+"\n"
+"dL=\"-L\"\n"
+"if uname -sr | egrep 'SunOS 5\\.[5-8]' > /dev/null; then\n"
+"	dL=\"-h\"\n"
+"fi\n"
+"\n"
+"# a portable, but not absolutely safe, tmp file creator\n"
+"mytmp() {\n"
+"	tf=$1\n"
+"	if type mktemp > /dev/null 2>&1; then\n"
+"		# if we have mktemp(1), use it:\n"
+"		tf2=\"$tf.XXXXXX\"\n"
+"		tf2=`mktemp \"$tf2\"`\n"
+"		if [ \"X$tf2\" != \"X\" -a -f \"$tf2\" ]; then\n"
+"			if [ \"X$DEBUG_MKTEMP\" != \"X\" ]; then\n"
+"				echo \"mytmp-mktemp: $tf2\" 1>&2\n"
+"			fi\n"
+"			echo \"$tf2\"\n"
+"			return\n"
+"		fi\n"
+"	fi\n"
+"	# fallback to multiple cmds:\n"
+"	rm -rf \"$tf\" || exit 1\n"
+"	if [ -d \"$tf\" ]; then\n"
+"		echo \"tmp file $tf still exists as a directory.\"\n"
+"		exit 1\n"
+"	elif [ $dL \"$tf\" ]; then\n"
+"		echo \"tmp file $tf still exists as a symlink.\"\n"
+"		exit 1\n"
+"	elif [ -f \"$tf\" ]; then\n"
+"		echo \"tmp file $tf still exists.\"\n"
+"		exit 1\n"
+"	fi\n"
+"	touch \"$tf\" || exit 1\n"
+"	chmod 600 \"$tf\" || exit 1\n"
+"	rchk\n"
+"	if [ \"X$DEBUG_MKTEMP\" != \"X\" ]; then\n"
+"		echo \"mytmp-touch: $tf\" 1>&2\n"
+"	fi\n"
+"	echo \"$tf\"\n"
+"}\n"
+"\n"
+"\n"
 "# this mode is to try to grab a display manager (gdm, kdm, xdm...) display\n"
 "# when we are run as root (e.g. no one is logged in yet).  We look at the\n"
 "# -auth line in the X/Xorg commandline.\n"
@@ -845,39 +891,38 @@ char find_display[] =
 "			#\n"
 "			env XAUTHORITY=\"$xa\" xdpyinfo -display \"$da\" >/dev/null 2>&1\n"
 "			if [ $? = 0 ]; then\n"
-"				env XAUTHORITY=/dev/null xdpyinfo -display \"$da\" >/dev/null 2>&1\n"
-"				if [ $? != 0 ]; then\n"
-"					y=`prdpy $da`\n"
-"					echo \"DISPLAY=$y\"\n"
-"					if [ \"X$showxauth\" != \"X\" ]; then\n"
-"						# copy the cookie:\n"
-"						cook=`xauth -f \"$xa\" list | head -n 1 | awk '{print $NF}'`\n"
-"						tf=$HOME/.xat.$$\n"
-"						rm -f $tf\n"
-"						if [ -f $tf ]; then\n"
+"			    env XAUTHORITY=/dev/null xdpyinfo -display \"$da\" >/dev/null 2>&1\n"
+"			    if [ $? != 0 ]; then\n"
+"				y=`prdpy $da`\n"
+"				echo \"DISPLAY=$y\"\n"
+"				if [ \"X$showxauth\" != \"X\" ]; then\n"
+"					# copy the cookie:\n"
+"					cook=`xauth -f \"$xa\" list | head -n 1 | awk '{print $NF}'`\n"
+"					xtf=$HOME/.xat.$$\n"
+"					xtf=`mytmp \"$xtf\"`\n"
+"					if [ ! -f $xtf ]; then\n"
+"						xtf=/tmp/.xat.$$\n"
+"						xtf=`mytmp \"$xtf\"`\n"
+"					fi\n"
+"					if [ ! -f $xtf ]; then\n"
+"						xtf=/tmp/.xatb.$$\n"
+"						rm -f $xtf\n"
+"						if [ -f $xtf ]; then\n"
 "							exit 1\n"
 "						fi\n"
-"						touch $tf 2>/dev/null\n"
-"						chmod 600 $tf 2>/dev/null\n"
-"						if [ ! -f $tf ]; then\n"
-"							tf=/tmp/.xat.$$\n"
-"							rm -f $tf\n"
-"							if [ -f $tf ]; then\n"
-"								exit 1\n"
-"							fi\n"
-"							touch $tf 2>/dev/null\n"
-"							chmod 600 $tf 2>/dev/null\n"
-"							if [ ! -f $tf ]; then\n"
-"								exit 1\n"
-"							fi\n"
+"						touch $xtf 2>/dev/null\n"
+"						chmod 600 $xtf 2>/dev/null\n"
+"						if [ ! -f $xtf ]; then\n"
+"							exit 1\n"
 "						fi\n"
-"						xauth -f $tf add \"$da\" . $cook\n"
-"						xauth -f $tf extract - \"$da\" 2>/dev/null\n"
-"						rm -f $tf\n"
 "					fi\n"
-"					# DONE\n"
-"					exit 0\n"
+"					xauth -f $xtf add \"$da\" . $cook\n"
+"					xauth -f $xtf extract - \"$da\" 2>/dev/null\n"
+"					rm -f $xtf\n"
 "				fi\n"
+"				# DONE\n"
+"				exit 0\n"
+"			    fi\n"
 "			fi\n"
 "		fi\n"
 "	done\n"
@@ -1459,6 +1504,51 @@ char create_display[] =
 "	redir_daemon=`echo \"$redir_daemon\" | sed -e 's/^,*//'`\n"
 "}\n"
 "\n"
+"rchk() {\n"
+"	rr=rr\n"
+"}\n"
+"\n"
+"dL=\"-L\"\n"
+"if uname -sr | egrep 'SunOS 5\\.[5-8]' > /dev/null; then\n"
+"	dL=\"-h\"\n"
+"fi\n"
+"\n"
+"# a portable, but not absolutely safe, tmp file creator\n"
+"mytmp() {\n"
+"	tf=$1\n"
+"	if type mktemp > /dev/null 2>&1; then\n"
+"		# if we have mktemp(1), use it:\n"
+"		tf2=\"$tf.XXXXXX\"\n"
+"		tf2=`mktemp \"$tf2\"`\n"
+"		if [ \"X$tf2\" != \"X\" -a -f \"$tf2\" ]; then\n"
+"			if [ \"X$DEBUG_MKTEMP\" != \"X\" ]; then\n"
+"				echo \"mytmp-mktemp: $tf2\" 1>&2\n"
+"			fi\n"
+"			echo \"$tf2\"\n"
+"			return\n"
+"		fi\n"
+"	fi\n"
+"	# fallback to multiple cmds:\n"
+"	rm -rf \"$tf\" || exit 1\n"
+"	if [ -d \"$tf\" ]; then\n"
+"		echo \"tmp file $tf still exists as a directory.\"\n"
+"		exit 1\n"
+"	elif [ $dL \"$tf\" ]; then\n"
+"		echo \"tmp file $tf still exists as a symlink.\"\n"
+"		exit 1\n"
+"	elif [ -f \"$tf\" ]; then\n"
+"		echo \"tmp file $tf still exists.\"\n"
+"		exit 1\n"
+"	fi\n"
+"	touch \"$tf\" || exit 1\n"
+"	chmod 600 \"$tf\" || exit 1\n"
+"	rchk\n"
+"	if [ \"X$DEBUG_MKTEMP\" != \"X\" ]; then\n"
+"		echo \"mytmp-touch: $tf\" 1>&2\n"
+"	fi\n"
+"	echo \"$tf\"\n"
+"}\n"
+"\n"
 "server() {\n"
 "	authfile=`auth`\n"
 "	sess=`findsession`\n"
@@ -1475,10 +1565,7 @@ char create_display[] =
 "	rmf=\"/nosuch\"\n"
 "	if echo \"$sess\" | grep '[ 	]' > /dev/null; then\n"
 "		stmp=/tmp/.cd$$`random`\n"
-"		rm -f $stmp\n"
-"		if [ -f $stmp ]; then\n"
-"			exit 1\n"
-"		fi\n"
+"		stmp=`mytmp \"$stmp\"`\n"
 "		touch $stmp\n"
 "		chmod 755 $stmp || exit 1\n"
 "		echo \"#!/bin/sh\" > $stmp\n"
@@ -1490,10 +1577,7 @@ char create_display[] =
 "	fi\n"
 "	if [ \"X$have_root\" != \"X\" -a \"X$USER\" != \"Xroot\" ]; then\n"
 "		ctmp=/tmp/.xat$$`random`\n"
-"		rm -f $ctmp\n"
-"		if [ -f $ctmp ]; then\n"
-"			exit 1\n"
-"		fi\n"
+"		ctmp=`mytmp \"$ctmp\"`\n"
 "		touch $ctmp\n"
 "		chmod 644 $ctmp || exit 1\n"
 "		$have_xauth -f $authfile nextract - :$N > $ctmp\n"
@@ -1799,10 +1883,7 @@ char create_display[] =
 "		exit 1\n"
 "	fi\n"
 "	tmp=/tmp/.xas$$`random`\n"
-"	rm -f $tmp\n"
-"	if [ -f $tmp ]; then\n"
-"		exit 1\n"
-"	fi\n"
+"	tmp=`mytmp \"$tmp\"`\n"
 "	touch $tmp\n"
 "	chmod 600 $tmp || exit 1\n"
 "	if [ ! -f $tmp ]; then\n"
diff --git a/x11vnc/tkx11vnc b/x11vnc/tkx11vnc
index 6fc846e..4260d27 100755
--- a/x11vnc/tkx11vnc
+++ b/x11vnc/tkx11vnc
@@ -6275,10 +6275,17 @@ proc restart_everything {gui_mode} {
 		exit 1;
 	}
 	set tmp "/tmp/x11vnc[pid]"
-	file delete -force $tmp
-	if {[file exists $tmp]} {
-		puts stderr "failure in restart_everything."
-		exit 1;
+	append tmp [clock clicks]
+	set tmp2 ""
+	catch {set tmp2 [exec mktemp $tmp.XXXXXX 2>/dev/null]}
+	if {$tmp2 != "" && [file exists $tmp2]} {
+		set tmp $tmp2
+	} else {
+		file delete -force $tmp
+		if {[file exists $tmp]} {
+			puts stderr "failure in restart_everything."
+			exit 1;
+		}
 	}
 	set fh [open $tmp "a"]
 	if {![file owned $tmp]}  {
diff --git a/x11vnc/tkx11vnc.h b/x11vnc/tkx11vnc.h
index 7641f9f..f4b688d 100644
--- a/x11vnc/tkx11vnc.h
+++ b/x11vnc/tkx11vnc.h
@@ -6286,10 +6286,17 @@ char gui_code[] = "";
 "		exit 1;\n"
 "	}\n"
 "	set tmp \"/tmp/x11vnc[pid]\"\n"
-"	file delete -force $tmp\n"
-"	if {[file exists $tmp]} {\n"
-"		puts stderr \"failure in restart_everything.\"\n"
-"		exit 1;\n"
+"	append tmp [clock clicks]\n"
+"	set tmp2 \"\"\n"
+"	catch {set tmp2 [exec mktemp $tmp.XXXXXX 2>/dev/null]}\n"
+"	if {$tmp2 != \"\" && [file exists $tmp2]} {\n"
+"		set tmp $tmp2\n"
+"	} else {\n"
+"		file delete -force $tmp\n"
+"		if {[file exists $tmp]} {\n"
+"			puts stderr \"failure in restart_everything.\"\n"
+"			exit 1;\n"
+"		}\n"
 "	}\n"
 "	set fh [open $tmp \"a\"]\n"
 "	if {![file owned $tmp]}  {\n"
diff --git a/x11vnc/userinput.c b/x11vnc/userinput.c
index 37783d0..5ab6c2d 100644
--- a/x11vnc/userinput.c
+++ b/x11vnc/userinput.c
@@ -7656,6 +7656,10 @@ void xselectinput(Window w, unsigned long evmask, int sync) {
 	XErrorHandler   old_handler1;
 	XIOErrorHandler old_handler2;
 
+	if (macosx_console || !dpy) {
+		return;
+	}
+
 	old_handler1 = XSetErrorHandler(trap_xerror);
 	old_handler2 = XSetIOErrorHandler(trap_xioerror);
 	trapped_xerror = 0;
@@ -8812,7 +8816,7 @@ if (ncdb) fprintf(stderr, "*VIS  BS_save: 0x%lx %d %d %d\n", win, cache_list[i].
 		last_sched_bs = dnow();
 	}
 #if !NO_X11
-	if (atom_XROOTPMAP_ID == None && now > last_pixmap + 5.0) {
+	if (dpy && atom_XROOTPMAP_ID == None && now > last_pixmap + 5.0) {
 		atom_XROOTPMAP_ID = XInternAtom(dpy, "_XROOTPMAP_ID", True);
 		last_pixmap = now;
 	}
diff --git a/x11vnc/util.c b/x11vnc/util.c
index 7b59bb2..8e18781 100644
--- a/x11vnc/util.c
+++ b/x11vnc/util.c
@@ -399,8 +399,23 @@ double rnow(void) {
 }
 
 double rfac(void) {
-	double f = (double) rand();
+	double f;
+	static int first = 1;
+
+	if (first) {
+		unsigned int s;
+		if (getenv("RAND_SEED")) {
+			s = (unsigned int) atoi(getenv("RAND_SEED"));
+		} else {
+			s = (unsigned int) ((int) getpid() + 100000 * rnow());
+		}
+		srand(s);
+		first = 0;
+	}
+
+	f = (double) rand();
 	f = f / ((double) RAND_MAX);
+
 	return f;
 }
 
diff --git a/x11vnc/x11vnc.1 b/x11vnc/x11vnc.1
index 0b5c2a4..c3ba2bb 100644
--- a/x11vnc/x11vnc.1
+++ b/x11vnc/x11vnc.1
@@ -2,7 +2,7 @@
 .TH X11VNC "1" "September 2008" "x11vnc " "User Commands"
 .SH NAME
 x11vnc - allow VNC connections to real X11 displays
-         version: 0.9.4, lastmod: 2008-09-06
+         version: 0.9.4, lastmod: 2008-09-14
 .SH SYNOPSIS
 .B x11vnc
 [OPTION]...
@@ -423,6 +423,10 @@ after startup.
 .IP
 At startup sleep n seconds before proceeding (e.g. to
 allow redirs and listening clients to start up)
+.IP
+If a range is given: '-sleepin min-max', a random value
+between min and max is slept. E.g. '-sleepin 0-20' and
+\'-sleepin 10-30'.  Floats are allowed too.
 .PP
 \fB-inetd\fR
 .IP
@@ -1485,6 +1489,10 @@ talking and the connection is dropped after the default
 timeout (25s for about the first minute, 43200s later).
 Set to zero to poll forever.  Set to a negative value
 to use the builtin setting.
+.IP
+Note that this value does not apply to the *initial* ssl
+init connection.  The default timeout for that is 20sec.
+Use \fB-env\fR SSL_INIT_TIMEOUT=n to modify it.
 .PP
 \fB-sslnofail\fR
 .IP
@@ -2528,6 +2536,9 @@ identical keyboards).  Also useful in resolving cases
 where a Keysym is bound to multiple keys (e.g. "<" + ">"
 and "," + "<" keys).  Default: \fB-modtweak\fR
 .IP
+If you are having trouble with with keys and \fB-xkb\fR or
+\fB-noxkb,\fR and similar things don't help, try \fB-nomodtweak.\fR
+.IP
 On some HP-UX systems it is been noted that they have
 an odd keymapping where a single keycode will have a
 keysym, e.g. "#", up to three times.  You can check
diff --git a/x11vnc/x11vnc.c b/x11vnc/x11vnc.c
index cf7e122..2ef71dd 100644
--- a/x11vnc/x11vnc.c
+++ b/x11vnc/x11vnc.c
@@ -2293,6 +2293,38 @@ char msg2[] =
 	    && !query_cmd && !remote_cmd && !unixpw && !got_gui_pw \
 	    && ! ssl_verify && !inetd && !terminal_services_daemon)
 
+static void do_sleepin(char *sleep) {
+	int n1, n2, nt;
+	double f1, f2, ft;
+
+	if (strchr(sleep, '-')) {
+		double s = atof(strchr(sleep, '-')+1); 
+		if (sscanf(sleep, "%d-%d", &n1, &n2) == 2) {
+			if (n1 > n2) {
+				nt = n1;
+				n1 = n2;
+				n2 = nt;
+			}
+			s = n1 + rfac() * (n2 - n1);
+		} else if (sscanf(sleep, "%lf-%lf", &f1, &f2) == 2) {
+			if (f1 > f2) {
+				ft = f1;
+				f1 = f2;
+				f2 = ft;
+			}
+			s = f1 + rfac() * (f2 - f1);
+		}
+		if (getenv("DEBUG_SLEEPIN")) fprintf(stderr, "sleepin: %f secs\n", s);
+		usleep( (int) (1000*1000*s) );
+	} else {
+		n1 = atoi(sleep);
+		if (getenv("DEBUG_SLEEPIN")) fprintf(stderr, "sleepin: %d secs\n", n1);
+		if (n1 > 0) {
+			usleep(1000*1000*n1);
+		}
+	}
+}
+
 extern int dragum(void);
 
 int main(int argc, char* argv[]) {
@@ -2581,10 +2613,7 @@ int main(int argc, char* argv[]) {
 		} else if (!strcmp(arg, "-sleepin")) {
 			int n;
 			CHECK_ARGC
-			n = atoi(argv[++i]);
-			if (n > 0) {
-				usleep(1000*1000*n);
-			}
+			do_sleepin(argv[++i]);
 		} else if (!strcmp(arg, "-users")) {
 			CHECK_ARGC
 			users_list = strdup(argv[++i]);
diff --git a/x11vnc/x11vnc_defs.c b/x11vnc/x11vnc_defs.c
index 896caf7..4674c2e 100644
--- a/x11vnc/x11vnc_defs.c
+++ b/x11vnc/x11vnc_defs.c
@@ -15,7 +15,7 @@ int xtrap_base_event_type = 0;
 int xdamage_base_event_type = 0;
 
 /*               date +'lastmod: %Y-%m-%d' */
-char lastmod[] = "0.9.4 lastmod: 2008-09-06";
+char lastmod[] = "0.9.4 lastmod: 2008-09-14";
 
 /* X display info */