New in the 0.9.6 x11vnc release:
x11vnc's SSL encryption is extended to support the VeNCrypt and
TLS (older; vino) SSL/TLS security type extensions to VNC.
Anonymous Diffie-Hellman key exchange (-ssl ANON) and Certificate
Revocation List support (-sslCRL) is added to the SSL
encryption mode.
The Java viewer applet can now be served up through the VNC port
(5900) in addition to the normal HTTP port (5800) via
the -http_oneport option. Previously this only worked
for SSL connections and HTTPS.
The "-rfbport PROMPT" mode presents a simple gui for the user
to select a port for the x11vnc service and a few other
settings. This enables a menu entry for naive users
that is included in x11vnc.desktop.
If x11vnc is not built with the Avahi Zeroconf library an external
helper program (avahi-publish or dns-sd on Mac OS X)
is used instead.
miscellaneous new features and changes:
The default mode for '-ssl' is now the '-ssl SAVE' mode; i.e.
the generated certificate is saved and reused in
subsequent sessions rather than being discarded.
Use '-ssl TMP' recover the old way. This change made
to for it to be more likely that the VNC Viewer can save
the accepted cert for future authentications.
The solid background color option works on the Mac OS X console.
The -reopen option enables x11vnc to try to re connect to the X
display if GDM (or other display manager) kills it just
after the user logs in.
The -dhparams option can be used to point to your own Diffie
Hellman parameters.
The -setdefer option allows tuning how quickly updates will
be sent. Default setting tuned.
The option -zeroconf is now an alias for -avahi/-mdns.
In pipeinput mode, the pipe filehandle is now closed when
x11vnc exits.
The -sshonly option turns off VeNCrypt and TLSVNC (vino) mod
leaving only the standard SSL (i.e. vncs://)
For testing, the option -rand in an alias for -rawfb rand -nopw
Minor tweaks to improve CUPS Print tunneling.
New in the 0.9.1 x11vnc release:
A new Unix username identification scheme is provided when
SSL client certificates are used to authenticate VNC
viewers. The username is extracted from the 'Subject'
section of the cert. The option is "-users sslpeer="
which, like "-users unixpw=" already does, will cause
a switch to the Unix user. This is useful for the
-find and -create options that try to find an existing
X session associated with the user or create a new one.
The UltraVNC Java Viewer has been modified to support SSL
connections. Some bugs were also fixed and some
improvements added. A patch file and a compiled jar file
(UltraViewerSSL.jar and SignedUltraViewerSSL.jar in the
classes/ssl directory) are provided in the x11vnc package.
For the -user option groups are now handled better by using
initgroups(3), or if finer control is needed one can
use: "-users user1.group1,..."
When SSL client certification is being used and external login
programs are being used the env. var. RFB_SSL_CLIENT_CERT
is set to the clients certificate. Set X11VNC_SSLPEER_CN
to use the Common Name instead of the certificate email
address to find the unix username.
miscellaneous new features and changes:
The -wait and -defer defaults were lowered from 30 to 20
milliseconds, set the values explicitly if this increases
the load too much for your liking.
In -create mode where a Xvfb session is started, mwm was added
as a session type. setpgrp(2) is used for the spawned
process if available. The XKEYBOARD extension is
enabled (+kb, but it doesn't seem to always work).
TrueColor is forced to be the default visual (recent
Xvfb seem to choose DirectColor, this is likely a bug)
One can also force creating a new Xvfb by setting the
env. var. X11VNC_FINDDISPLAY_ALWAYS_FAILS (not exactly
clear what this would be used for).
The WAITBG env. var. enables -display WAIT:... to take place in
the background.
One can specify the X11VNC_SKIP_DISPLAY env. var. for a list of
displays to exclude in the FINDDISPLAY action. This can
also be specified via nd=... as a -unixpw login option.
setsid() or setpgrp() is called for the external command spawned
by the -gone option (since it may be long lived, e.g. a
screen locker).
The script "onetimekey" utility is provided in the classes/ssl
subdirectory that allows a (very long) string representing
a Client SSL certificate to be provided by the authenticating
client, or via https cgi script (e.g. after a web login).
Some bugs were fixed in the libvncserver implementation of
UltraVNC file transfer.
New in the 0.8.4 x11vnc release:
Native Mac OS X Aqua/Quartz support. It exports the full
display (no X11 server).
This provides an alternative to OSXvnc; some activities
are faster (and see the client-side caching feature
-ncache in the 0.8.5 development version for more
speedups). http://www.karlrunge.com/x11vnc/#faq-macosx
x11vnc can act as a VNC reflector/repeater using the
"-reflect host:N" option. This is useful for large
classroom broadcasting or demos. You set up a number
of reflectors to spread the network and CPU load around
for better response. http://www.karlrunge.com/x11vnc/#faq-reflect
A new login mode: "-display WAIT:cmd=FINDCREATEDISPLAY -unixpw ..."
that will Create a new X session (Xvfb, Xdummy, or
Xorg) for the user if it cannot find the user's X
session display via the FINDDISPLAY method. It will
be re-found upon reconnection.
This enables a simple "terminal services" mode based on
Unix username and password and where the user does not
have to memorize their VNC display number, etc.
http://www.karlrunge.com/x11vnc/#faq-userlogin
miscellaneous new features and changes:
Option "-nodpms" to avoid problems with programs like KDE's
kdesktop_lock that keep restarting the screen saver
every few seconds even with active VNC clients connected.
The "-N" option couples the VNC Display number to the X Display
number. E.g. if your X DISPLAY is :2 then the VNC display
will be :2 (i.e. using port 5902). If that port is taken
x11vnc will exit.
Wireframe copyrect detection for local user activity (e.g. someone
sitting at the physical display moving windows). You
can disable this with the "-nowireframelocal" option.
To automatically fix the common mouse motion problem on XINERAMA
(multi-headed) displays, the "-xwarppointer" option is
enabled by default when XINERAMA is active. You can
disable this with the "-noxwarppointer" option.
By default in -reflect mode "-shared" is implied (it makes sense),
use "-noshared" after the -reflect option to disable this.
The "-prog" option lets you specify the full path (argv[0]) to
the program, in case it is spawned by inetd/tcpd and
cannot determine its path. The path is needed for the
"-http" option to guess the http classes directory.
Usually not needed, but there are many options for tuning the
native Mac OS X mode: -macnodim -macnosleep -macnosaver
-macnowait -macwheel -macnoswap -macnoresize -maciconanim
-macmenu.
An option "-debug_xdamage" has been added for debugging and profiling.
Changes:
Security fix for CVE-2006-2450, remote authentication bypass
in libvncserver.
Notified by the upstream maintainer, Karl Runge via PR pkg/34050
New in the 0.8.2 x11vnc release:
================================
Support for full mouse and keyboard input into the Linux
console framebuffer /dev/fb0 in -rawfb mode
(i.e. non-X11) by using the Linux "uinput" driver.
This enables, for example, viewing and interacting
with Qt-embedded/Qtopia-Core apps on Linux-based
handhelds, etc.
Options: -rawfb cons, -pipeinput UINPUT More info:
http://www.karlrunge.com/x11vnc/#faq-qt-embedded
Extension of the display option: -display WAIT:<disp-or-cmd>
to delay x11vnc's opening of the X display
until a VNC client connects (useful built-in:
-display WAIT:cmd=FINDDISPLAY, to find a user's
display and Xauthority data).
Options -grabkbd and -grabptr have x11vnc try to grab
the X display when VNC clients are connected to
prevent a (non-malicious) user at the physical X
display from performing keyboard or mouse input.
E.g. remote help-desk support.
miscellaneous new features and changes:
-allowedcmds option to fine-tune which external commands
may be run by x11vnc, rather than shutting
them all off with -nocmds.
-env VAR=VALUE convenience option to avoid the need of
setting environment variables before starting
x11vnc.
-allinput option to enable libvncserver handleEventsEagerly
parameter (not clear it yields an improvement).
-rawfb rand fun/testing option using /dev/urandom as a fb.
-license, -copying, -warranty option.
New in the 0.8.1 x11vnc release:
================================
Improved support for webcams and TV tuners with video4linux
/dev/video: see the "-rawfb video" and "-pipeinput VID"
options. (the latter gives a simple keyboard control
of a TV tuner; see also the -freqtab option for stations).
FBPM support for hardware that provides framebuffer power
management (it needs to be disabled when vnc clients
are connected).
The -usepw option will require x11vnc to use a password of
some sort or otherwise exit immediately. Put it in
your ~/.x11vncrc so you don't forget.
The command "x11vnc -storepasswd" will prompt for a password
without echoing and save it in ~/.vnc/passwd
The X CLIPBOARD selection is managed in addition to the
X PRIMARY selection.
miscellaneous new features and changes:
Convenience option for accessing the Linux console: -rawfb cons
etc. (requires /dev/fb0 to be working).
clipboard/cut-text input can now be managed on a per-client
basis.
-capslock and -skip_lockkeys options can help make CapsLock work
better.
The Xdummy wrapper script is included in the source tree.
A mode "-gone popup" as been added.
-24to32 option to avoid 24bpp problems.
-xinerama is on by default.
<obata at lins dot jp>.
x11vnc allows one to remotely view and interact with real X displays
(i.e. a display corresponding to a physical monitor, keyboard, and
mouse) with any VNC viewer. In this way it plays the role for Unix/X11
that WinVNC plays for Windows.
joerg
obache
salo
xtraeme