Pkgsrc changes:
Added x11 option (enabled by default).
You can still use with FB or MacOS X native display without X11.
New in the 0.9.5 x11vnc release:
Symmetric key encryption using the RC4, AES, Blowfish, and 3DES
ciphers is supported via the -enc cipher:keyfile option.
The SSVNC unix viewer 1.0.20 and later supports these
encryption methods.
Server-side scaling can now have different scale factors along
the horizontal and vertical axes. E.g. -scale 1280x1024
(same as -geometry 1280x1024) or -scale 0.8x0.75
The -chatwindow option allows a chat window to appear on the
X console during UltraVNC chats (requires the SSVNC
viewer package.)
miscellaneous new features and changes:
The HTTP Java viewer applet jar, classes/VncViewer.jar, has
been updated with an improved implementation based on
the code used by the classes/ssl applets.
A description and instructions are now printed out when
X_ShmAttach fails if one tries to attach to a remote
$DISPLAY (i.e. $DISPLAY is on a different machine from
the machine x11vnc is running on; this often happens
with SSH X redirection, X terminal servers, etc).
The -allow option now works correctly in -ssl mode.
The -remap option now works on the MacOSX console.
New in the 0.9.4 x11vnc release:
Reverse VNC connections (-connect and -connect_or_exit options)
work in the -find and -create X session FINDCREATEDISPLAY
modes.
Reverse VNC connections (either normal or using SSL) can use a
Web Proxy, a SOCKS proxy, the UltraVNC repeater proxy,
an SSH connection, or even a CGI URL to make the outgoing
connection (-proxy option). Forward connections can
use the -ssh option to set up a reachable redirection.
Support for the ZYWRLE encoding is added, this is the RealVNC ZRLE
encoding extended to do motion video and photo regions
more efficiently by way of a Wavelet based transformation.
The session finding and creating modes (-find and -create) have
been improved to be more reliable and also provide a new
desktop types (xfce) and new service redirection options.
Support for indexed colormaps (PseudoColor) with depths other
than 8 is provided (depths 1 to 16 now work).
Java viewer applet source code is provided in the x11vnc 0.9.4
tarball so now everything can be built from source.
miscellaneous new features and changes:
To unset Caps_Lock, Num_Lock and raise all keys in the X server
use -clear_all, or by remote control 'x11vnc -R clear_all'
The -autoport option gives more control over the server port
range that probes.
The -ping option can be used to help keep idle connections alive.
The -finddpy and -listdpy utilities help to debug and configure
the -find, -create, and -display WAIT:... modes.
Some automatic detection of screen resizes are handled even if
the -xrandr option is not supplied.
The -advertise_truecolor option can workaround some VNC viewer
incompatibilities with PseudoColor.
The option '-clip xinerama0' can be used to clip to the first
Xinerama sub-screen, etc.
If a fast framebuffer read rate is detected the -wait and -defer
parameters are reduced to 10 and 15 msec, respectively.
Pasting of the selection/clipboard into remote applications
(e.g. Java) is improved.
Usage with dvorak keyboards is improved. The option -macuskbd is
available on MacOSX to use the original US keyboard code.
Via a compiler option (-DENABLE_GRABLOCAL) one can use the
-grablocal n option to filter VNC client input if someone
at the console has done mouse or keyboard input n secs ago.
The -sleepin option can now sleep a random amount of time between
min and max time delays (-sleepin min-max).
New in the 0.9.3 x11vnc release:
This release provides client-side caching to improve interactive
response. Almost no VNC viewers implement caching which is why
VNC is slow compared to other remote graphics protocols.
The x11vnc caching will work with any VNC viewer, but they will
not hide the pixmap cache region that is below the main desktop
(one must adjust the window manually). The SSVNC Unix VNC viewer,
however, automatically detects and hides the region.
To enable caching, supply "-ncache n" to x11vnc, where the
number n, e.g. 10, indicates how much memory to devote to the
caching scheme.
See http://www.karlrunge.com/x11vnc/#faq-client-caching
New in the 0.9.2 x11vnc release:
A compile-time bug is fixed for when the OpenSSL library is not
available or --without-ssl is supplied; previously the
build would fail.
One can configure x11vnc via "configure --with-system-libvncserver"
to use a system installed libvncserver library instead of
the one bundled in the release tarball.
If UltraVNC file transfer or chat is detected, then VNC clients
are "pinged" more often to prevent these side channels
from becoming serviced too infrequently.
In -unixpw mode in the username and password dialog no text will
be echoed if the first character sent is "Escape". This
enables a convenience feature in SSVNC to send the username
and password automatically.
miscellaneous new features and changes:
When building from the CVS tree --with-x11vnc must be supplied if
you want x11vnc to be built. The LibVNCServer release
tarball no longer contains the x11vnc source.
New in the 0.9.1 x11vnc release:
A new Unix username identification scheme is provided when
SSL client certificates are used to authenticate VNC
viewers. The username is extracted from the 'Subject'
section of the cert. The option is "-users sslpeer="
which, like "-users unixpw=" already does, will cause
a switch to the Unix user. This is useful for the
-find and -create options that try to find an existing
X session associated with the user or create a new one.
The UltraVNC Java Viewer has been modified to support SSL
connections. Some bugs were also fixed and some
improvements added. A patch file and a compiled jar file
(UltraViewerSSL.jar and SignedUltraViewerSSL.jar in the
classes/ssl directory) are provided in the x11vnc package.
For the -user option groups are now handled better by using
initgroups(3), or if finer control is needed one can
use: "-users user1.group1,..."
When SSL client certification is being used and external login
programs are being used the env. var. RFB_SSL_CLIENT_CERT
is set to the clients certificate. Set X11VNC_SSLPEER_CN
to use the Common Name instead of the certificate email
address to find the unix username.
miscellaneous new features and changes:
The -wait and -defer defaults were lowered from 30 to 20
milliseconds, set the values explicitly if this increases
the load too much for your liking.
In -create mode where a Xvfb session is started, mwm was added
as a session type. setpgrp(2) is used for the spawned
process if available. The XKEYBOARD extension is
enabled (+kb, but it doesn't seem to always work).
TrueColor is forced to be the default visual (recent
Xvfb seem to choose DirectColor, this is likely a bug)
One can also force creating a new Xvfb by setting the
env. var. X11VNC_FINDDISPLAY_ALWAYS_FAILS (not exactly
clear what this would be used for).
The WAITBG env. var. enables -display WAIT:... to take place in
the background.
One can specify the X11VNC_SKIP_DISPLAY env. var. for a list of
displays to exclude in the FINDDISPLAY action. This can
also be specified via nd=... as a -unixpw login option.
setsid() or setpgrp() is called for the external command spawned
by the -gone option (since it may be long lived, e.g. a
screen locker).
The script "onetimekey" utility is provided in the classes/ssl
subdirectory that allows a (very long) string representing
a Client SSL certificate to be provided by the authenticating
client, or via https cgi script (e.g. after a web login).
Some bugs were fixed in the libvncserver implementation of
UltraVNC file transfer.
New in the 0.9 x11vnc release:
VNC Service advertising via mDNS / ZeroConf / BonJour with the
Avahi client library. Enable via "-avahi".
Implementations of UltraVNC's TextChat, SingleWindow, and
ServerInput extensions (requires ultravnc viewer or ssvnc
Unix viewer). They toggle the selection of a single window
(-id), and disable (friendly) user input and viewing
(monitor blank) at the VNC server.
Short aliases "-find", "-create", "-svc", and "-xdmsvc" for
commonly used FINDCREATEDISPLAY usage modes (to find
the user's display or create one with Xvfb, etc).
Reverse VNC connections (viewer listening) now work in SSL
(-ssl) mode.
miscellaneous new features and changes:
New options to control the Monitor power state and keyboard/mouse
grabbing: -forcedpms, -clientdpms, -noserverdpms,
and -grabalways.
A simple way to emulate inetd(8) to some degree via the "-loopbg"
option.
Monitor the accuracy of XDAMAGE and apply "-noxdamage" if it is
not working well. OpenGL applications like like beryl and
MythTv have been shown to make XDAMAGE not work properly.
For Java SSL connections involving a router/firewall port
redirection, an option -httpsredir to spare the user
from needing to include PORT=NNN in the browser URL.
A -sleepin n option to delay startup by n seconds to let redirs
and listening clients to get started.
TightVNC file transfer is now off by default; enable via
-tightfilexfer
New in the 0.8.4 x11vnc release:
Native Mac OS X Aqua/Quartz support. It exports the full
display (no X11 server).
This provides an alternative to OSXvnc; some activities
are faster (and see the client-side caching feature
-ncache in the 0.8.5 development version for more
speedups). http://www.karlrunge.com/x11vnc/#faq-macosx
x11vnc can act as a VNC reflector/repeater using the
"-reflect host:N" option. This is useful for large
classroom broadcasting or demos. You set up a number
of reflectors to spread the network and CPU load around
for better response. http://www.karlrunge.com/x11vnc/#faq-reflect
A new login mode: "-display WAIT:cmd=FINDCREATEDISPLAY -unixpw ..."
that will Create a new X session (Xvfb, Xdummy, or
Xorg) for the user if it cannot find the user's X
session display via the FINDDISPLAY method. It will
be re-found upon reconnection.
This enables a simple "terminal services" mode based on
Unix username and password and where the user does not
have to memorize their VNC display number, etc.
http://www.karlrunge.com/x11vnc/#faq-userlogin
miscellaneous new features and changes:
Option "-nodpms" to avoid problems with programs like KDE's
kdesktop_lock that keep restarting the screen saver
every few seconds even with active VNC clients connected.
The "-N" option couples the VNC Display number to the X Display
number. E.g. if your X DISPLAY is :2 then the VNC display
will be :2 (i.e. using port 5902). If that port is taken
x11vnc will exit.
Wireframe copyrect detection for local user activity (e.g. someone
sitting at the physical display moving windows). You
can disable this with the "-nowireframelocal" option.
To automatically fix the common mouse motion problem on XINERAMA
(multi-headed) displays, the "-xwarppointer" option is
enabled by default when XINERAMA is active. You can
disable this with the "-noxwarppointer" option.
By default in -reflect mode "-shared" is implied (it makes sense),
use "-noshared" after the -reflect option to disable this.
The "-prog" option lets you specify the full path (argv[0]) to
the program, in case it is spawned by inetd/tcpd and
cannot determine its path. The path is needed for the
"-http" option to guess the http classes directory.
Usually not needed, but there are many options for tuning the
native Mac OS X mode: -macnodim -macnosleep -macnosaver
-macnowait -macwheel -macnoswap -macnoresize -maciconanim
-macmenu.
An option "-debug_xdamage" has been added for debugging and profiling.
New in the 0.8.3 x11vnc release:
The -ssl option provides SSL encryption and authentication
natively via the www.openssl.org library. One can use
from a simple self-signed certificate server certificate
up to full CA and client certificate authentication schemes.
The -sslverify option allows for authenticating VNC clients via
their certificates in either -ssl or -stunnel modes.
Certificate creation and management tools are provide in the
-sslGenCert, -sslGenCA, and related options.
An SSL enabled Java applet VNC Viewer applet is provided in
classes/ssl/VncViewer.jar.
The applet may also be loaded into the web
browser via HTTPS, i.e one can use the VNC port,
e.g. https://host:5900/
See our "Enhanced TightVNC Viewer" project, for native
SSL enabled viewers.
The -unixpw option supports Unix username and password
authentication. The -ssl or -localhost and -stunnel
options (or detection of an SSH tunnel) are enforced in
this mode to prevent password sniffing.
Coupling -unixpw with -display WAIT:cmd=FINDDISPLAY provides a
way to allow a user to login with their UNIX password
and have their display connected to automatically.
Hooks are provided in the -unixpw_cmd and "-passwdfile cmd:,custom:..."
options to allow you to supply your own authentication
and password lookup programs (e.g. LDAP).
The "-ultrafilexfer" alias is provided and improved UltraVNC
filetransfer rates have been achieved.
The -rotate option enables you to rotate or reflect the screen
before exporting via VNC. This is intended for use on
handhelds and other devices where the rotation orientation
is not "natural".
miscellaneous new features and changes:
Similar to -ssl, the -stunnel option starts up a SSL tunnel server
stunnel (that must be installed separately on the system)
to allow only encrypted SSL connections from the network.
Option -sslnofail to exit immediately if there are any SSL
connection failures.
A simpler variant of -unixpw is the -unixpw_nis option that
works in environments where the encrypted passwords are
readable, e.g. NIS.
x11vnc can be configured and built to not depend on X11 libraries
"./configure --without-x" for -rawfb only operation
(e.g. embedded linux console devices).
Add -cursor_drag to change the mouse cursor during Drag and Drop, etc.
Under the "-connect_or_exit host" option x11vnc will exit
immediately unless the reverse connection to host
succeeds. The "-rfbport 0" option disables TCP listening
for connections (useful for this mode).
The "-rawfb rand" and "-rawfb none" options are useful for
testing automation scripts, etc., without requiring a
full desktop.
Reduced spewing of information at startup, use "-verbose" (also
"-v") to turn it back on for debugging.
For more information:
http://www.karlrunge.com/x11vnc/http://www.karlrunge.com/x11vnc/x11vnc_opts.html
x11vnc -help | less
Changes:
Security fix for CVE-2006-2450, remote authentication bypass
in libvncserver.
Notified by the upstream maintainer, Karl Runge via PR pkg/34050
New in the 0.8.2 x11vnc release:
================================
Support for full mouse and keyboard input into the Linux
console framebuffer /dev/fb0 in -rawfb mode
(i.e. non-X11) by using the Linux "uinput" driver.
This enables, for example, viewing and interacting
with Qt-embedded/Qtopia-Core apps on Linux-based
handhelds, etc.
Options: -rawfb cons, -pipeinput UINPUT More info:
http://www.karlrunge.com/x11vnc/#faq-qt-embedded
Extension of the display option: -display WAIT:<disp-or-cmd>
to delay x11vnc's opening of the X display
until a VNC client connects (useful built-in:
-display WAIT:cmd=FINDDISPLAY, to find a user's
display and Xauthority data).
Options -grabkbd and -grabptr have x11vnc try to grab
the X display when VNC clients are connected to
prevent a (non-malicious) user at the physical X
display from performing keyboard or mouse input.
E.g. remote help-desk support.
miscellaneous new features and changes:
-allowedcmds option to fine-tune which external commands
may be run by x11vnc, rather than shutting
them all off with -nocmds.
-env VAR=VALUE convenience option to avoid the need of
setting environment variables before starting
x11vnc.
-allinput option to enable libvncserver handleEventsEagerly
parameter (not clear it yields an improvement).
-rawfb rand fun/testing option using /dev/urandom as a fb.
-license, -copying, -warranty option.
New in the 0.8.1 x11vnc release:
================================
Improved support for webcams and TV tuners with video4linux
/dev/video: see the "-rawfb video" and "-pipeinput VID"
options. (the latter gives a simple keyboard control
of a TV tuner; see also the -freqtab option for stations).
FBPM support for hardware that provides framebuffer power
management (it needs to be disabled when vnc clients
are connected).
The -usepw option will require x11vnc to use a password of
some sort or otherwise exit immediately. Put it in
your ~/.x11vncrc so you don't forget.
The command "x11vnc -storepasswd" will prompt for a password
without echoing and save it in ~/.vnc/passwd
The X CLIPBOARD selection is managed in addition to the
X PRIMARY selection.
miscellaneous new features and changes:
Convenience option for accessing the Linux console: -rawfb cons
etc. (requires /dev/fb0 to be working).
clipboard/cut-text input can now be managed on a per-client
basis.
-capslock and -skip_lockkeys options can help make CapsLock work
better.
The Xdummy wrapper script is included in the source tree.
A mode "-gone popup" as been added.
-24to32 option to avoid 24bpp problems.
-xinerama is on by default.
New in the 0.8 x11vnc release:
TightVNC file transfer support is enabled via the extension to
LibVNCServer added by Rohit Kumar.
The -passwdfile option has been enhanced to handle any number
of full-access and view only passwords in an easy to
maintain format, and additional features.
The -8to24 option enables multi-depth viewing on systems that do
not support -overlay. The 8bpp regions are transformed
to depth 24 TrueColor before exporting via VNC.
The x11vnc source code has gone through a major reorganization.
The build has been enhanced and many bugs fixed.
miscellaneous new features and changes:
-afteraccept option is like -accept however it enables running
a user supplied command after client authentication
has taken place. The RFB_* environment variables have
been extended.
-loop option will run x11vnc in an outer loop restarting each time
(useful for situations where the X server restarts often).
-slow_fb allows for slow polling for special purpose applications
(e.g. video).
-blackout noptr,WxH+X+Y,... will prevent the pointer from going
into a blacked out region.
<obata at lins dot jp>.
x11vnc allows one to remotely view and interact with real X displays
(i.e. a display corresponding to a physical monitor, keyboard, and
mouse) with any VNC viewer. In this way it plays the role for Unix/X11
that WinVNC plays for Windows.
