Bugfix release:
* Fix connection if starttls_required and zlib are set
* S2S: fix allow_host/2 on subdomains. added hook s2s_allow_host
* MUC: Add support for serving a Unique Room Name
* MUC: Route vCard request to the occupant bare JID
* MUC: Support converting one-to-one chat to MUC
* PubSub: Receive same last published PEP items at reconnect if several resources online
* PubSub: Typo in mod_pubsub_odbc breaks Service Discovery and more
* Web: Fix memory and port leak when TLS is enabled in HTTP
* WebAdmin: report correct last activity with odbc backends
* Change captcha.sh to not depend on bash
* Generate main XML file also when exporting only a vhost
* Fix last newline in ejabberdctl result
* Guide: fix -setcookie, mod_pubsub_odbc host, content_types
Pkgsrc changes:
* Fixed documentation install
* dhcpcd logs even in quiet mode.
* Sleep for 1/100th of a second to give time for kernel to send RELEASE.
* -S option now works.
* Only warn about using CSR on bind.
* Fix detection of route deletion on Linux.
Security Enhancements and Fixes in PHP 5.2.12:
* Fixed a safe_mode bypass in tempnam() identified by Grzegorz
Stachowiak. (CVE-2009-3557, Rasmus)
* Fixed a open_basedir bypass in posix_mkfifo() identified by Grzegorz
Stachowiak. (CVE-2009-3558, Rasmus)
* Added "max_file_uploads" INI directive, which can be set to limit the
number of file uploads per-request to 20 by default, to prevent possible
DOS via temporary file exhaustion, identified by Bogdan
Calin. (CVE-2009-4017, Ilia)
* Added protection for $_SESSION from interrupt corruption and improved
"session.save_path" check, identified by Stefan Esser. (CVE-2009-4143,
Stas)
* Fixed bug #49785 (insufficient input string validation of
htmlspecialchars()). (CVE-2009-4142, Moriyoshi, hello at iwamot dot com)
Key enhancements in PHP 5.2.12 include:
* Fixed unnecessary invocation of setitimer when timeouts have been
disabled. (Arvind Srinivasan)
* Fixed crash in com_print_typeinfo when an invalid typelib is given. (Pierre)
* Fixed crash in SQLiteDatabase::ArrayQuery() and
SQLiteDatabase::SingleQuery() when calling using Reflection. (Felipe)
* Fixed crash when instantiating PDORow and PDOStatement through
Reflection. (Felipe)
* Fixed memory leak in openssl_pkcs12_export_to_file(). (Felipe)
* Fixed bug #50207 (segmentation fault when concatenating very large strings
on 64bit linux). (Ilia)
* Fixed bug #50162 (Memory leak when fetching timestamp column from Oracle
database). (Felipe)
* Fixed bug #50006 (Segfault caused by uksort()). (Felipe)
* Fixed bug #50005 (Throwing through Reflection modified Exception object
makes segmentation fault). (Felipe)
* Fixed bug #49174 (crash when extending PDOStatement and trying to set
queryString property). (Felipe)
* Fixed bug #49098 (mysqli segfault on error). (Rasmus)
* Over 50 other bug fixes.
New in the 0.9.9 x11vnc release:
A new option -findauth runs the FINDDISPLAY script that applies
heuristics to try to determine the correct XAUTHORITY
file. The use of '-auth guess' will use the XAUTHORITY
that -findauth reveals. This can be handy in with
the lastest GDM where the ability to store cookies in
~/.Xauthority has been removed.
If x11vnc is running as root (e.g. inetd or XDM/GDM/KDM)
the FD_XDM=1 mode will be tried if the above -findauth
or '-auth guess' command fails; it will find the
correct XAUTHORITY for the given display (this works for
XDM/GDM/KDM if the login greeter panel is up or if someone
has already logged into an X session.) You can also
set -env FD_XDM=1 to force it to be done on the first try.
The -unixpw_system_greeter option, when used in combined
unixpw and XDMCP FINDCREATEDISPLAY mode (e.g. -xdmsvc),
enables the user to press Escape to jump directly to the
XDM/GDM/KDM login greeter screen. This way the user
avoids entering his unix password twice at X session
creation time. For subseqent logins to the same session,
he uses the regular x11vnc unixpw "login:" prompt. Also,
the unixpw login panel now has a short help displayed
if the user presses 'F1' that lists the options.
The -appshare option enables simple application sharing based on
the -id/-sid mechanism. Every new toplevel window that
the application creates induces a new viewer window via
a reverse connection. The -id/-sid and -connect options
are required. Run 'x11vnc -appshare -help' for more info.
Heuristics are applied to try to determine if the X display
is currently in a Display Manager Greeter Login panel
(e.g. GDM.) If so, x11vnc's creation of any windows and
use of XFIXES are delayed.
This is to try to avoid x11vnc being killed after the user
logs in if the GDM KillInitClients=true is in effect.
So one no longer needs to set KillInitClients=false in
gdm.conf. Note that in recent GDM the KillInitClients
option has been removed.
Also delayed is the use of the XFIXES cursor fetching
functionality; this avoids an Xorg bug that causes Xorg
to crash right after the user logs in.
x11vnc now tries to be more aggressive in keeping up with VNC
client's framebuffer update requests. Some broken VNC
clients continuously spray these requests at VNC servers
(regardless of whether they have received any updates
or not.) The -extra_fbur option allows one to fine tune
the setting.
The "-display WAIT:cmd=...", -find, -create modes now work
correctly for the user-supplied login program scheme
"-unixpw_cmd ...", as long as the login program supports
running commands specified in the environment variable
"RFB_UNIXPW_CMD_RUN" as the logged-in user. The mode
"-unixpw_nis ..." has also been made more consistent.
The username option "tag=..." can be used to set FD_TAG.
The -stunnel option (like -ssl but uses stunnel as an external
helper program) now works with the -ssl "SAVE" and "TMP"
special certificate names. The -sslverify and -sslCRL
options now work correctly in -stunnel mode. Single port
HTTPS connections are also supported for this mode.
The remote control command -R can be used to instruct x11vnc
to resend its most recent copy of the Clipboard,
Primary, or Cutbuffer selections: "x11vnc -R
resend_clipboard", "x11vnc -R resend_primary", and
"x11vnc -R resend_cutbuffer".
miscellaneous new features and changes:
The fonts in the GUI (-gui) can now by set via environment
variables, e.g. -env X11VNC_FONT_BOLD='Helvetica -16 bold'
and -env X11VNC_FONT_FIXED='Courier -14'.
The value of the -timeout option is now also used for the timing
out of reverse connections. The -timeout exit will
occur if no client has made it to normal operating state
(instead of merely trying to connect.)
One can add extra URL parameters to the HTTPS (-ssl) urls
via X11VNC_EXTRA_HTTPS_PARAMS without needing to edit
index.vnc. E.g.: -env X11VNC_EXTRA_HTTPS_PARAMS='?GET=1'
One can make the libvncserver HTTP (non-SSL) server listen on
localhost: -env X11VNC_HTTP_LISTEN_LOCALHOST=1 (this way
only the single-port VNC+HTTPS is exposed to the network.)
Warnings are printed out at startup if $DISPLAY appears to
start with "localhost:" (SSH X11 forwarding) or
"hostname:" (remote X display; will fail w/o -noshm)
The -solid option now uses the DBUS_SESSION_BUS_ADDRESS env. var
if available. The -solid option now works in xfce.
If available, the dbus_launch(1) will be used in
FINDCREATEDISPLAY for gnome sessions.
The bcx_xattach remote control command was added to facilitate
xattach and x2x desktop cursor switching. Other new
remote control commands: grab_state, ping:mystring,
grablocal, resend_cutbuffer, resend_clipboard,
resend_primary, keycode, keysym, fakebuttonevent,
ptr, sleep, get_xprop, set_xprop, wininfo, pointer_pos,
mouse_xy, noop, guess_dbus, DIRECT:query. Remote control
scripting, -query_retries, and -remote_prefix were
also added.
In -rawfb mode the X display will not be opened at all unless
the -rawfb string is prefixed with '+' or -display
was specified on the cmdline.
For multiple, separate x11vnc instances on the same X display,
one can rename the X11VNC_REMOTE, X11VNC_TICKER, and
VNC_CONNECT property names to unique ones.
The -showrfbauth option prints out the VNC rfbauth password.
The XDAMAGE mechanism is now automatically disabled for a
period of time if a game or screensaver generates too
many XDAMAGE rectangles per second. This avoids the X11
event queue from soaking up too much memory.
x11vnc does not switch on server autorepeat if any keys are
pressed down to work around a recent Xorg server and/or
gnome bug where the key will never stop repeating.
Thse list of current clients is kept more up-to-date in the
tkx11vnc gui. Bugs in the gui setpass mode have been
fixed.
Threads stability is further improved. See under the -threads
option help info about -env X11VNC_THREADS_NEW_FB_SLEEP=ms
There is an experimental workaround: "-env X11VNC_WATCH_DX_DY=1"
that tries to avoid problems with poorly constructed
menu themes that place the initial position of the mouse
cursor inside a menu item's active zone.
The crypt(3) function is now declared inside the x11vnc code on
all platforms (not just Linux). To disable this, set
CPPFLAGS='-DDO_NOT_DECLARE_CRYPT' while configuring.
(crypt is declared to avoid problems with header files.)
Error reasons are printed for -storepasswd failures.
Two scripts are added to x11vnc/misc: connect_switch and
ultravnc_repeater.pl
* Add complete Spanish basewiki translation done by Fernando Gonzalez de
Requena.
* Improve javascript onload handling.
* monotone: Deal with format change in version 0.45.
(Thanks, Richard Levitte)
* cvs: Add missing bit to Automator.
* attachment: Fix reversion in attachment sorting by age.
* Fix utf-8 problems in rename, remove, attachment, 404, sourcepage, and
goto.
Updating this leaf during the freeze for the bugfixes.
