From 3b9411044fbc86bf9f4a64e22a11d4f4be2a1814 Mon Sep 17 00:00:00 2001
From: Adam Ierymenko <adam.ierymenko@gmail.com>
Date: Tue, 10 Nov 2015 16:00:21 -0800
Subject: [PATCH] Patch tap-mac to latest tuntaposx upstream changes, and add
 updated build for 10.8 or later (keep old one for 10.7).

---
 .../com.zerotier.tap.kext/Contents/Info.plist |  36 ++++++
 .../com.zerotier.tap.kext/Contents/MacOS/tap  | Bin 0 -> 50496 bytes
 .../Contents/_CodeSignature/CodeResources     | 105 ++++++++++++++++++
 ext/tap-mac/tuntap/Makefile                   |  89 ++++++++++++++-
 ext/tap-mac/tuntap/src/lock.cc                |  15 ++-
 ext/tap-mac/tuntap/src/tap/Makefile           |  20 ++--
 ext/tap-mac/tuntap/src/tap/tap.cc             |  81 ++++++++++++++
 ext/tap-mac/tuntap/src/tap/tap.h              |  14 ++-
 ext/tap-mac/tuntap/src/tuntap.cc              |  21 ++--
 ext/tap-mac/tuntap/src/tuntap.h               |   2 +-
 10 files changed, 349 insertions(+), 34 deletions(-)
 create mode 100644 ext/bin/tap-mac/com.zerotier.tap.kext/Contents/Info.plist
 create mode 100755 ext/bin/tap-mac/com.zerotier.tap.kext/Contents/MacOS/tap
 create mode 100644 ext/bin/tap-mac/com.zerotier.tap.kext/Contents/_CodeSignature/CodeResources

diff --git a/ext/bin/tap-mac/com.zerotier.tap.kext/Contents/Info.plist b/ext/bin/tap-mac/com.zerotier.tap.kext/Contents/Info.plist
new file mode 100644
index 000000000..c20eefa58
--- /dev/null
+++ b/ext/bin/tap-mac/com.zerotier.tap.kext/Contents/Info.plist
@@ -0,0 +1,36 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>CFBundleDevelopmentRegion</key>
+	<string>English</string>
+	<key>CFBundleExecutable</key>
+	<string>tap</string>
+	<key>CFBundleIdentifier</key>
+	<string>com.zerotier.tap</string>
+	<key>CFBundleInfoDictionaryVersion</key>
+	<string>6.0</string>
+	<key>CFBundleName</key>
+	<string>tap</string>
+	<key>CFBundlePackageType</key>
+	<string>KEXT</string>
+	<key>CFBundleShortVersionString</key>
+	<string>20150118</string>
+	<key>CFBundleSignature</key>
+	<string>????</string>
+	<key>CFBundleVersion</key>
+	<string>1.0</string>
+	<key>OSBundleLibraries</key>
+	<dict>
+		<key>com.apple.kpi.mach</key>
+		<string>8.0</string>
+		<key>com.apple.kpi.bsd</key>
+		<string>8.0</string>
+		<key>com.apple.kpi.libkern</key>
+		<string>8.0</string>
+		<key>com.apple.kpi.unsupported</key>
+		<string>8.0</string>
+	</dict>
+</dict>
+</plist>
+
diff --git a/ext/bin/tap-mac/com.zerotier.tap.kext/Contents/MacOS/tap b/ext/bin/tap-mac/com.zerotier.tap.kext/Contents/MacOS/tap
new file mode 100755
index 0000000000000000000000000000000000000000..48bf9625551ea8af1d97fe3a0868e499ab55a48c
GIT binary patch
literal 50496
zcmX^A>+L^w1_nlE1_lOh1_lNW1_p)*W(I~<1_+R3U|@K`z`zh6AL1Gj0ue(Y6Hs^z
z3{XBh0|Nsq0|NsSR60JsB(<Uh%E4k@01rfNy+4Eo@mU~D2+6|G0AWDL`1s`FlA_GK
zbO;y2egC5&5}!aGV_;x_@gbrJcft4|e|9i}{ORHt;s_IEfcu9*04fIcAB+$3C&&tz
zTjS%C^Ye-k9*vL3Ze9RL6UfK}1_l@t#6`#P@hOQVi3m}2^8%6~a#oBG8pOwMUUGhJ
zZhjs_HKu<jq(Ec@KnVfDWPte%#D!V|VuEped{S{Sm<1uw-M1hIA}#@;z$CK!(9HwI
zg9kW$_;~txySjM7(p&*pD<VFie1}koI4B;F%>t!6kewAp3=Dr57#L1;FfeF{L(+Hv
zL<@s10|OWrGB7aAV_;y2gNoy$ESeY?E`byjFff3Usx$)w1IV84rE|D8FE^3c|8>hm
zpXbG1S_}-ZBmz>+APePxn9slvpb8cmB}PMFGz3ONU^E0qLtr!nMnhm&gg~fA=Tnd7
zHwGS^wI4h>OJ8_2)_wqajK9U6fq}uJyY>U9H^Jc1>H5H<vGxH(N**lb`oN=`!=t-%
z0hm|%!lU!}|BIcje_pCFFfhCXsq|>91?%Q-0reI<x@%v6xt*?ej=TO5W?*3GcKzeg
ze8eF3a2mgS3rGh8hI=|gK^8;Z<O;S5;ielNjkPyG`uJNwZ8VQ=*BcNwtpF<webIT%
zqdW8g++`qVfL%tE{hg(6JW#B60-K7}dL^(F%=!%=zm>ir((bghG(9x`JHX=u<bY0J
zkVm0m0O}|q$IAte#@Y*zFtCO=;sPWLc7S=MFTk$ouD#*WS$o2x^SDR1>j{re-vb_<
z2YtF-4><n60E#p0A>$BxI1LQY-4}rFKA%okkVBwuj0and2&fYtjkPBrZiFN&*Aoyo
z9snyuxY4KE^@2xd?E#284|sI??f|>fcZVY+ZDDt3K<r_Dd2oLdnts6H2aUf@-#ds@
z9S*h-;WCh;p`m9EmU4xL9>}@fkSOe~z0+BH#-sDNOSkJ8P|&$_9`xvTJwPDj_~l&~
zVCh)_6kZ_rz_XVf*fxYiK&c#>z2v}Bu<QkL9mpZD+=V>^6hI+>W*?dP8I++sx{>lT
z9vfl)6Y%J){o&DA`vVfm24El5{s3opk51PQhzJ1n%RRbXKY-%D^Z5UXAU}h%q(}1+
zf!M>)_!HOxDjvXwc9wpCNTGx$s(feY3y)6U2OiBw6d)-UJ-sTx)pwSD@#qYF(dqjH
zp&B#)A?ydK2fHi{Za*mT|M2Lp{o!%k9o+5qI1cL0G8}gYd5*!O`3MInHjvXJBz(GS
zf4tcJ|NnnX{~+W+gF2Y<p!5T=vJsSl7(mI1zl9$h%%HHe0Ecv^>l<*;9tXt&gU4|P
zu<MRHz?`Lk2w#u^pi%@J#2|M~hPw-t;W5GwtR7T9beDc;tP=qF&7-sQ0e>qe0|Ub`
z*Z&MJK?56x2Re_zi+PXk(gz-mpmff_-zoxe>I;u<-v=I@jvOAHj4wfbY>#eGI<MdW
zB{;AjJi1+9fOU4daeySdJp>vLf<_8DJp_)q{%7oR{jb8vzwH1d_9j5n3n+X(fc*mx
zp9lP{ydX=DyMhztOHjCh3<M`U-xnU;kT5g61gaxIj$%Y|x$A@O0D;Cs|NsC0-x(m_
z(d`RLUq3v$U4KCAMX#>}JbGCZeHa)#SV3V83sjFzc8|^<9;_B1cYrI{<1eChLDj13
z2M<=zu!%?K@fV(OkqEH5<1ftNA_9yI3?MaI|Nj3EiCTvYP~;wSC}23|P{`<U+@S)*
zKi&X}5fICR6;zRe^niFfLE+wc4y5&X0}Ch^K~@}Z;D9k%6+i-=$6;ar;aGzPNDh(&
z(_rBX@?WDjF8@JX32Hzbe=!^6(q7gUP+)Y|e(-2K4)WFi0FVj!2tknNA%al|K~Ok>
z1kv)FNAnv6k6u<rWcwkJ4Jvd%`4Ae;P<Mb@A}@p??)U@J)Lr`m#U0NPf(Un9LI@(<
z0WD52>SuU<1?7wXqGev7NQD*VVCSRNM`@iOKuXg(UEhI{DgXA;cisLR9-XxhI=^?G
zdjT50H9YCKV*?`tgHJE7s2j+<&<8%<K?2=H9G%BIOYd}^>pbPtDWcNtdZ*Jxg<}JF
zn3ut)+xLNIr(=a@V<k8t@VBZnFfi-~4cU40nqG1RnFGpU0Rr6~Fg@Vx3K}Ft%TErm
zhr#h3&{_MZv-C%I>7RqoB)Cg|bb<<CaFOPKTHb?#zOf!`FUWKJE#M3XF5D|B;3*20
zMxjXxRJ@>ur(?Kdm}978NU%ra8*t^*+p6&Y|9_ue)_Ffc6mR-B5GDHHD~OV<{Qm#H
zN3X09Sk83z50IcO3z$;f3s$MC_VxdNNOPz3fJbNOj!xe#9^IiQj<;(3|NkG9B|JK>
zc{Cn_r2VZR%RIV^1Ux#o8vOtNzuSwWv)2O5km&5S0W)MedmTVd>Rjsqrj`bPsl5?k
zYHI?h@a&wM0p`su0Q0VSbZ)Hx3xqcKbozGqbh=LPIPN+Flr25FOLus5mM-Y_-O}m1
z0^%4@z6LdWI;RT!|NkExdY!E@|NsAQ+zTQ>+W1=>kRn&y1r)ihAk`k-;P`dv25W#O
z4UcZHNgl_YKt?khbG^>+atSE6cSH45WO#I!9>8H!7?Mp7oQbokyD9^08Wx*7TY3Kf
z|Nl~jfq`M4Lk9!HuK)j$%&dUuJLY<wv9p!q|NsA8uGb-@eB%*NiimcMag240bBu@7
z?wIv8sQic4kM&^RdUV#l;BUDI_O9!TV-7_O9^Ft|I$ggs)_#G6C#cyD%Pi_(UxI2M
zXkfa2frq5)3lCOMIR>r?x&tFXJ&GU!P+isKQPl8}@!LU0{#MZZ$xF~cGDsXveRq(8
zN8`aFkb63hdvu=rf9d5uP%;74c9<qhfK7lo7;NcrN3g#-U7_t3)bgdk@Y^oXEC{^j
z>2}ZX=&aoVs|P%KL2c~X9Uk5F8J(_Mz_ElB4y{i>4g<Lb)XxJ|$&H{gkb%GD5J;l8
z_JBvX>kf}@50IfNJUY*V4e;pp-Qm$)nc>mtx&SP&3sm`aUi0V`1x?9#bl0x%==NRU
z*m(dNj$nC@Uf%=Y3clOUqwyd}hezkRPS-hL6Zp4<UTpjYnhfZ4ox$G%4pAKj28JDy
znF<Y^hoE|Qcy!x=eB#pOdeNh^c7jLecSrthAAGufCpiAU2(IK=K}{b}ul1!aIGCYb
zPmks!1)wy9(!PPW=epbrOc){Q4%&u;m3Iyu7d(1FjfC1C9-XBhR2Vy4-+OeI{_yDh
z?$LN0REc<Wf_hlzJ-U5wcyyLt@aR1E0#qe`bA8Xq-vTajx?L|c?f})nAn)<F7%?y~
zfMsEABd9E>_C?nLD$e;^LGu<Kpbk=Z2dMrAC1{WC(hs1H(HW24+6OPdO`PT<pk5nV
ze-ct(ftu2wGP}F<!wX|!22e{?02CUS`3a;RrHXyg%!*IFgF^?Xe*4kk`W@7|1~<mL
zeSdsw1T`iYJvx0)@V9`R56f%M?HL%LiQ?r_P?-Soq2VRN1DywbdVO#3Z>#+d>S%#F
zsNi(b>3XHH_6j7=f~Ig_=A5x-VCW9L0y8QKlv=x8Pe2+mpa$IyP{R_`1I92$3aNlw
zWe+NhLSJ<I!i)m-k|Cym20?Csb$dX97F2<uq#uvwHx3@XuAmO~htASBu+B)g?+1_0
z^B#@IL0Jh>8y)xPE(LeKU!?p4H|P$0b0}csZvl07j=TN=WrpLfS3oJ?C8V@*JpgX5
z9{(Tc(CK;s-q9BVjW4)@I_@y#nh>8KIOb3Q^7aFWgS%@Fbhd+%;c-{cq#6TMwMTF5
zjTb`y{{M%JzhFr(B>QIysJYec3iS_Y5)jlw1~pS*9`FDOc(6j+XvbeDe})7AyoBm@
zJ%HMFMRoH_J_ZJc<F0=|{S9Pqc>hKA2Dts=(fp<W79XHKaA)WfP(Fd=RcK^v09Cc!
zt{Xf$OILVw9(!@+&;S3&UBM~LquX@_Bw9=$fx5z@u>xH9^0$EM3y?f0?}3AufBT8X
zhoA^+{0UB-t<b0hm0ZVN&wylJsxvV#cpP^Hjdd`1G}eM?{#I5{)4tnv1tLfcKta;!
zdH|v34%7kP910ovVMZ&10|H_+hy=&x6GjFG!vmeicZq?F?dAPr14_{#ztt`PdAz%H
zfloKIm<DO+biMH60wV(h)+7ZomEmOp$Ruiqg)}2{Y!KY%fBE*`|Npx{fdmOu4v%in
z1W=;{RKH&I=&psfP7Z>)W}Uu}I->JnckP_cb1w`T85lZU_rO(km+tZC1`Py2Iy1=m
z1yp1p)Il>2#Ft&*th9&O^-8Df6}TD?P&B~CD-BO}obs>*MQ=ywZ2mq_LWD=r)B_!^
zv%6epuVCbF_4)t*|2~js3{OJ5Q<2dfdIg+JVCp+vr|`Fck}%vRcq#`w2NX3gDt^I|
zG`Oz9R^EWhXGnXe+uoy_{eOT2q;(BT{}}QDsPa7UCcbs)5B_G*phLIopH9~=FWJE1
z@uSoAOSkJ6kLDvh;0gk@ylZ>|8sH?9#b!XV*bI-((g~m}R`?T~<0qixtqB-;YXXsZ
z3sOu5GBYq3LPFi6H}nK7utB4D44tk${H>tDXjpCW&Jteh9C!T#8rFiABrmx@#y|!y
zpk{Q}LKvL~JAL;YcijStevfWfgzG%IODA}A*JX6Nc7Sc=-*%!qw1e?fXXpk<DPMX3
zlxo3pkkrH9*UktU^WLECx&<WF>DmI8?L63Bx~KE}iv&=KT-(xl>_ynW|NlEd4K8Q~
z0Cg8olJ=U$+BF~-@wXTvRb$$gpxST^v^MmBd7(RWO=svIm{;YQKyKL4?Yl=4<TX%2
z^ym&f;L*7k)LZfBybg9#x9^V5Qyz>LJi4L6$6&(Dpgs%O{a_K8*Fd4!?YhO<bpwAB
zsPKC^n*mh1>;b#7wUYrknjo!3kH%Wi)B!_hYsvrr|M^?>k$mD}0goxTH_)Oi99%qs
zTBfBC^9)ad20B2+9Z0bDKxZqcBL;CKq9p0`-SZMs`PQC*#AgAd^8vC4)E_(7*_s3E
zfPusyk+~Pr#rqC54$6fD3MjkRo&fdF!LslopmqYNk=h-)rL#2#W}@LGkM7zDKHcoT
z-439V?nGxRs1ND*{{qym2|nF!86KT`AstLeQO3XRgGV=51Z;uf$<9+CQ$VJJTn85H
zbVZ~IJ*1FyH^&UgZr?SXzVHMAD$n4h5I9$XOQBC+A*E2`5m06aPthR8mlHt!eNf#B
znjq=)y#pTp?+*O{>dH1Bv+(EzO*Mq>cu@=Lh<As+*jby#($IO%qw~6lCa8tD!K1Tw
z1%HbdY^G>O9Z3G5M|bE356x2^ouLc(TR{Vg;93IIpzr2rJ;^`iP{SieP*0>Ipb+lj
zBcKxZr3<8{d;sgWK&xTU@}%Rg5G9J>dK20Xf(Svqj-(3Y@)zH~K)l|3BmrFdVYZLK
zT?Ww5Fru;d!=v+*NAn?&-*13|q0{%oi@GoHRz<h#7st*6j?FKaI$e*rbh;kkZvm}e
z0(-FA^+@vz#!lBg{H=ko5CJtn5lw?s1_lOD6$8p;u#609z<PAoK7gnMkNSbj2uPxQ
z2^x}yDh0)7x9gSTuAmy9q0@E83sJBScX%`(2>|;LrF;i_&ZE2bM`JyxMasZG<p5Hr
z2vi-Rj^B7RzX551%pZ1_f(HA+Nz$XU^Z<V=#L3`be>n%7XJM^GX!Gg-Mip=XcNGBY
zM1aapum#6m|9}QWI$ig?bOM_U?d7S0dRX8Jo4-{XDKF%kFu-~p$YzK!fEp4zUjBoJ
zJ$&ABIV4%V0QDr{TEGQOCupFc7TV74t-S$h-9lQI$6mC40@rm1pfLy<3GY1qV*QK%
z|3R^+0X7w;8P?1=?)nEb1qF?>PS-84C<GOupeTG1{|S^XuYl9a2L2X5n0sG(gZj9j
zJO^$>!yLf?a|B{|7p;j6PVJnZK#3F_L6H6cC`q979~<9*W@$iK9yEmonvv`d{m@<d
zrt^cYO{U>tkIt!}(y?<ZsFZ`0XZ-yWVUFtt7k;`DpbmU%2&km*2Sp7e;X~wjz;d7x
zkH4i9O`iZ*4%D>bZ{cTRV0h`r%)kIO6Fex;3L25)Z_#FkHY}lXCSZLoAp2T&gY=0Z
z^x0+_9`0-f4e0T=90xT>K_d>JQpTgx6*SWd8ggPlO}Y0$ZTRk5NJp^4^*aAH-|LM(
zLFo)KxeYCjUTz1e>vf%Q+_eXkcRWDzuHZR=?$91kBM20iAn!Bqw}M9vdO<CU+8Z9=
zad=EMpz$&fxEj#38itw{&}{sE&~UCtujxKRcnXKP2$UK4x4A9^x!Cdqe=BIvlYg7*
zMi?LDO#W@I2ci5H(8|jFpjMzqujy<<P%okt6uZzNMrhk&CrDT4Igeh^EPVzBk6uuf
z23F?T?IGaW?Eo8UcHAMA>CoT;9=Vy|(&c;IrNeh2l->xX4|;S%22f#xI=<IEI`@JG
zU?Jl=AAP!~f_R;+CjbBccl>_|<}+_baE}laq%ZBk`QP<{N2hCpM`JCh&x?pbPzHY~
z3sKPko1%eKt(^xuduu?sr`r`Kle`x!!1%)h(t_~l2Kx-sYz0rT_lmAEU|`sxzzhnV
zy`WZxb}Lv<@&}LZUQlRtcY<614Xn;q(6I7La2LH-v>umMxN4pM@C^A9v|bvLGFw5T
z%N~t;K@`Z#@bn4x9eC&m;!sfG>CxQ_QrBH504pd#S~|hw-!GwcBS-{V#QaGExBCBh
zG#&xvbZ})4s!-tb*P!u$2cW@4Se@4$`U6y%!^gfZfE)Xuaj(!5FWTRNM(Dvc6KM6p
z36IVu(12C9@0ZRl&;ZzR*E^s}`$hlT|Njj^GkFde^QAjLE&^Ey8g7I1UEuSt;Q1i<
z)XxvtNUMJYsDuLb90NfkvmcH*6fwf&d_Q<}S4Mbr*Bih`VQWFtL>{0fqw5P$>kBj`
z2N`q$DJ}#L@rHrARiHT_l={)5`3<Ch1s+c;1@*%|cy!u%bbfzP3o3HK^FI?H06ISj
zR)5?TJn9S@d}d@|;O_-><UM*>cbYITcqIFN@i@)`?zVKhegTaQFo1ev7ykeMe~fjS
z4FdxsBoLtHf$Lke!njBS+#2Yta_~6r1S%>RzOlxDb#{iHfK1ea+L$jgLCGCbW1aAT
zj*}jH;mpLqupczv>CtQY+z7IXfC1FH>~ynetOMo0|EP0I2f&k*p%0+R7Br~@t-4-b
z0(W!XbRP6L_>j5tMCb7rU&TRL#rK3qr=x*KV<p&isKzbAZCo=X=brHB_AuxUebaf(
z<KQ!9*dX+ASI`0phHlpj)~;{(dqLw1;094Q2Q(!l`$C)6;RYU^ET=q@K`T7`4Lllc
z4uWz3e@hamHU^9Op77`nH1OzVIponT-~pO@E3`=K{N7!9A<eP#Lt1C;F^|sUX)fKq
z#~k^$e{|*Fe!-(NbcajlB~Y96{{>Lh4(|GZiAHdix&V#J3y}KG^#Us>j5}Q~Kq`SA
zZyc6)9{(Q{0dXsmtH7E(I$bxwr`k4nKt0Oway}@nxc-L?^1bvybHL4i|Np}Zb{8E`
zsm)skrdZ95K(P~g!YA3u!mCr{0BF1v5v`2SXazSxK!$c9rr<$M1yF+!PyVR=0UCUJ
z(aeKy{1}u!P{*4W<5dqTk6wU_hwj=R$6UWNdUXEuXgmlR^sfaMMxEzg<bzT=Xuuqr
z%8$R06@s**!7&6HhdJi@o#AB=B!OM<Xsm#w%ob~K)dHFoVd!>!;?eDU!P-%Szd0Km
zq)$N0e?l*KbQghA(K$#e0#yv%uE<i|Jm);R4Lv%~{|^gLVRYf&cA(4kJD738Rq>!B
zbii=x0Tsp$*YD8e@dTP&p1f@R|Ns9t*YAw{Evvx&7Erm&0GgSBxup;6mIv6}0_s?F
zyCO>=xg`Qq2I3URC_Quv7rZ{J^Z5Tj4pimGS-}2<I`;w8xes0@{r~?TEQlZ=u0IM&
z;Gn6G3P>5!VhIxHHEq@dr8(CN-4&2^7`C8%!QToRse?6U9%@3AcytFiK$D|KFKZX5
z!O`t|!6P})!s9p#IQJiS1RD;X9D&Dmq5uQKP6sD`hR#!+u6I1TYcF^-9tWq8?$QfB
z-EJJd-3}TajmJPj;QqJk1z2%-{Dq1D1B12e9sbr8Adextsv4WCYF~7@en0Md15~Yb
zxE_C@`WG~Zc^uYl!mQssdRYy%v8|_Q1ho%9i#}>U@V7u$$b0~od;uDelCSfVN9Xy@
zYcCE8f$}hG7RVUTTmvlmpNB7@;FpKZUxC(79MnRx4<)mK)~O)ueF3-k1y*}KA@+U(
z83$SzgJv(Ny2R)og7P=0p8Nr-qW_D!f%W29FQEV#pX?0%;?e2*qPzCb3(#nQM=x)W
zE(3#4@&PYc=?z}vvjfx)?{t0g64coPDK-PAG2VDkosxXPqub_Ucj=$*&>!8tUwpb<
zU%UXxce*|SWo^ikG4%3_rL*==ckQ2p?<E?a{|9vsLF;~4pz9;R^F5ulKRQdlbcTND
z^nK$4o;9rn8Sl|qd!h6Ei&Az_m-5bW*Bc<GfmStoHXZ;aG@s7nFDiIIBXHmpY3;7T
z-wUdM8f!sg{S5p)p&+LxgVHOg-U<YjFrYbD2L2XM3FCn*1FxqFx=TNF*S-O*twLU?
z7<vHI@P;l_1a(l6()Sjy8*ad+w9x&J8UBw!6IQ*vJUZCIA5@YehyON+;`^Yai7os=
zO;)_&4_d#8FMLJWVBrh08ZCS!xTzez6{Lr62-ppH!xz-D?F@YbO0R98*|T2L^`LB#
ze8QvA23*KO7O?FA`LNUV#Y@nr0Z4HqSTS!CSTQVddw_c6zHeTDMq4^vUx23a!6_Ts
zUWA1wXmYmG_lXB6FVun-LSA@riUkyu501Ou0a@hH9eTl|@enAff`)?6a)N^L0Z7!^
z37%BJbrC$NJ^)pZ;D%G94Qf(F$iR~7Bv7{qG$q?z`vhlFy@Ohgb8>;)a0il9q5c7-
zPo(g3`vdB5nC63uW`f}-30BPO1XfIW_;oSk3BO(rklU#kejT9Vp}X`23E_7V>;}~E
zGw7`S0}4NAdhqFVy#Y#E|9*kOQB++6)Fb)e(P;At+_-@hvY_PA>3ZcQXvP7g_##*_
z?=N+bV&rfHtygjBc75X0?R(<|sOs!=z0&P^1-jB7)Lg`<9|AyaIauGa)AxZ(r|TV`
zPEZNx`=c9_P<;=)P-FrH^qJ$XCqORo==MDTZ}FXfp~4Od=rbTuP)n^Bw2if~_6*qh
zJ>cc&$*y2o)PxG&P=G80PpA{10qxOU`=HzR4ycHME~o)D_B}weJe`Mpx_vi*7p8-z
z5)OF4n;v0c*PMV4uVVNYlzuxw%SS*%=8y`m2{b*{%ez_)5}b`Tpv6lJC}qHtm!P#U
zps){xD6WGlhF5SN-M$~dH5_Qg333UGGM)!ouK=&VKou;c0)qwhg%{gERUT-U#tmpt
zUqA}#ovfgsz5~kj;GhOgjl-)i@a_cUN(x>kfR`sB%fN#gv?LBRYz$ha30@uynmmB+
zQwTla0Sad5J_WQ&>^;~eutFAjd;nU1H$MOW|35<~wDRVcM_a#$*?$MOe!=~B)b&+}
z_6u~r6>UBhLmo76Ab@Bu2zWHwUIj%S0|Ntpt0yRJ_1dP$gXioa<Mke$tUExxu}0gq
zaCI_BW7jV7@R2=GSNkO>V!&-}v_+hd1wE+sd82J4%*+;Xklo$3K02^2{&7|tsATM6
zr1ic?<15gW%b;!79=)uq6yVKB(E8p^c8^BeU!aB;*lXa96{v|1Sqg6ZL>p!gD2736
zx*O|2l?wx8IRk8Fc7hz-caU)o<n$Wg(aU-TVJqBa?2wiApaKQezp(Kc(7JYQP#+K)
zqloz{P<!~HJlrE7AHqCS4|X1CWiD)l?G30^{}NP?fk)!HL95kGxnUkV?)nB)%7CRh
zajg$G@aSbNM7Hk%s9XUxhC!==A?<INy*IGhd&2`_?_@1#fFkU@;Q_JN06D$EL#g(|
ze^EA&)$qMs(9i%?#jySXBK<bP{r>?z$nXJVH+Ucs5;>UjVU+5Jtlxy?M`#iO%`ft|
zfWqDI+fGm%KvzX_fEqhs=fGD(qOZpX?Pmk8)B{y;pw^B@V-+-fLvQf6fD*h%Zz(7e
zAY0Pl7Jw#l>cJNHbh|=kcR=exz?;-?mLE{}!dG@c_soIA8I(Hlg;yuIO9Wa4B?xZU
zvCfi(Cren81ov8BD1zj>T|XRm08N519CrW}53n_S$oU06J_$<y-MG@fD|o>kXqpdY
z>;yV0`ob7gPW0A(0EKyXfJEaVPy}=aNOT9tz}PY`K$|-t8zQjU4~|dh_>VAXupAyD
z*zzk%m-K}(UiAtdy#(A}4DvU!`~Uw3?d5>DAHtS-Q3p~4ZYLwVAKVxL1x#Z-IEeW{
zV>FO0Cmi6}QndJltM7IP75gAH*!&0W|NekB6T0g`%l|)s$IV?o!29e(q!&mt16@DJ
zYDnRqhUPx_csV#eK&=kYqE%3K@aQh%@aQg60PPO}<u(t{_8stWI5bdT<pXAZ0xzJ4
zm=VO`(H#UDd<G{LP|4}h`5nB(w=?vHN9Q4rZr2<CFF=}qu=YEsy$5c9!WYp(%mTZ|
zfS`Lo<#(YJJfn2hz5vb6BA2J2eK%kuJ8QxFKSh~9%0UBYkirtYVGgZ509qT{2`Vqu
zz-sY~Pk_ohM0$lJYvlF^NFEyBM4JaGuR!4e&iCN?1lqMnI%|J4+IoTJ7s2&5D4`pE
z10{NJ!Rpb;YNf)!aGX^`g@FN-^PvSlczs!;tq@FK3#cdW(QV7C0;`o+zk#MT7#J8p
zQ#y$7g^Z_obeld_hN^^^2u%;*@B+2}yK8@Rmwxf+7Tt}i4l<iE0c<~bzj7~Yofu@8
z43cn<zfc6NvFZ5+nPLa^gO9uZ0XIjsf)<d2W?MTUbAE>3c7l1QKzXkdTFQg!;}?36
zf#3%oovhBv3=AHPwiZy|@V9`Px%)tqryjkc%pj|~S>-`$I*-3de+ID>Y#Y>OP@CW-
zc*v%k^}7-S17w{PXo4ADt%CO|gU47sj<cQzEiDBd-sJTSJo^VS3o;!K+8&Kwo`C90
z$a;%L+o@2U{4GJCGP|3#17uz2@fR1M%MG9|0-5*{v|hran>7`r1U8%S0PZ62j&7KX
zY@z19*zxuM{};^vz|I1B3*szr27;9j;P?Zl9?()kNYvuU5Aga9v>wN!m(@!Go{hoj
z9@MH603{yO_DL@*BPh_pbLrs11Dsjep+mYaSU?>ja6W{k6bOx+zCi8+?Z*SP_BxNh
za6Iw<|4vYNfabAT4<k&6I-~Kp4kIkBg7!2WZvd@`1qA>e|GmIo-x{QKUP$ZwxC`7Z
zyXMo&dJweyzO(j2TBq;3H1NL7+7JBOL*I0UbNF<+3mkWs01X@-cb5Up#CvxB@N7H)
zPJ5lT4?shRAXh*Q^XL_Q#t#}OuYKUrcpRh%)N%pM!@KZrcYOmNIOhdh3EB<c?Wy6>
zc^$L`t<&|+|BIk$D^PC&+^qnuBS7m>U`v1S_y&b%w>`Mv1#d0?@IOES5<H0gvL20Z
zCV<xXgS-M?G}>MJ;h5_Ukz=kmg^s!2V>{-0pW&G6T?R<y$iL0^u1E4k(E7v9TF_E$
zNTJkQdc&hvv{syfVJE~a*0(|o3@-fJT<>}&|8U{o=VJT7vGD<D9gl0rL6;66+Xv{9
zCqTgpll17W-S9ua0u%tqc|?zifnf*8f=<we6VMKV4WNad&@M2@HlO4JK8y!Jdptl9
zfxI~ZoXJ3f`#x}iBE@wBXgVJ3{C%L+W*{p;>-IWb*FXe8?tu%IuILV3(doJbECmzw
z==R;<)9nb_dNaeP^LVH06tFaSnIZo+(B$R}umJ95uoL)OEWsrkc*)}ik8bFaNAN<X
z?%ETbu03EAK-0sZDPNDy+6K^UHpm|y-5@rkkBYX?5xNd>gGYBgXeZf;PVgcKuu0&e
zg})V4@_Ima4{d->#djV9x44hHf>(wb9_TpOSi1*wh*?K(HE6L;FQ{?r0a}^gxC55o
z_@^9%$ab}Y)PUj(9L}Ipd`H8y84RE{hVKTC#)FUv{8CVSfoA(b(>owTJUYRvG(g)i
zx_d$EHU3}hcHIM=yxQ}!4Aczltv&Ff4z&0PlovoD0rm*Ei;eCa$WAX%=s=gEfJ(&1
zBcMc%t$he@kAvG^(Dv|QZqnvMALCUIX`gl1{(!DA0PRL<to;IN0P#127T<QeegV%E
z-uTvX3RJ8y^0&l-YYWhk6%`rXzF#^|b#J*~04wo2T|dB&DgZCc1r-b)y{0^%qNbOZ
zi61lu^aVULbHlNF3Rol3x*u?`feGZ*3|XLX2A|R4d&8q!5Hvv_WC3a&f_F_p1wf6z
z8y-lJ-*O&20SfMAA9n@EN@MK{P?F*AT@NZ(K&^Sh1D%J!$@7Ls_kK{6gVlAqzG<v|
z13DUnzZKMEf!GC3S73QCA5pHq1RWL#+DQc#X9Xvw&SNhu{{8>I6P(OWAxU(X-tg$I
zLrrCnndffT3;!>GjCr94TG8$L0-DfXyaX*r1BVKvF^rg>1Fxq=ThH-9*CJB~vVFC5
z3wX}|7$|vyl3lm!7F~->jRT#oYxrA0%X7hof<$dV%idg9@VAD5*0q7uf(Is`)g~yi
zU2pJj^I&ZJ3ED#h8H53OihmnN<4;hT2Vc$xYT3QiXG9c*u-$$jk2f9zm0RF2L@xb6
zm47#AC&izaUqLYgZoYQc?sx&>LG#MX+o0wc$ZOyP`M{$y^aOl&3}}<ClK`j^1Mk;$
z0@arc5T*oZix`9{gHWIVYMgevzUe&VVR?$bRS=S<Pk3}YsDSoxyo9*G^+dOaO6LiX
z2y7<?e+y`5zz$Hd2A3WuV4D%UL0g6)8yrCgqv(PYA9!`-OK6J)G=B%#``7?FV+C|L
z2dG-@JP$q)1XLD)7Y-x0e-d_p78Z0K^ymc*Xo9B>A*~V67R~FhiUhR1@wn>&kW%QP
z<>Rg=Kps5qdIl8UpiB(fq!PNL+erd6WbecQn%QnV2nmm>43AFV4d6&|+yPpk2cG@|
z)t`{!+oKn>B>}!?a|Kvsr|S|Auyc{>Yta5Fa3iVo1!#S@2k876&<r!!m!SEfouC{B
zPF$V78~9s6tCKN{dB)%WA={Wex=S~Bbhd%?cy#XrQDB?Fr79$offPXUl7UC#F^~$-
z`fyP5yxVmJI4>P|@dz~C09z~TVGF8E`9X_HK%2rqf%DQIT*bLw03~JQEm<v~t;`<1
zwyyk0X}R<Q*bUHn3bd4Z2dJL|>P2=Q>pTRO>~vl7QWTU}L8qdk$t-vYG8NuRC_M$L
zr9qov!8#qm5}@Gktv%(@U3vkwzZGI%3&d2=kY;!73ncqyfb%i5ZfvaG11Z1r!7DxX
zfV0a6MEUKEEX=>X<rJj%;(LLAdm)eI2mV%2`@P#0s;|4{6sT|qm9(9Vu&fB`^?|KK
zt_@ot%MU?e3Q5bLT}a5|BOc9f5<Gfc4>;}wMS^SRDObajkQN{!y+AeufL79lzVPT4
z^5_Jm`{O>H*IYVJ!Bc6c>z>A1a65p%1yXeE0cE*dNG3i2nn&{J1TFZ7pVqMpR781n
zf{qUYwPi{n>v0jm-R-*p6bax)Oye=AVn{*<%~zzkbaQ%i`<_U1>Gb4*212Ln5{NfJ
zYyDyUOVE5NXfG!y`Gd|6>JI$?+a1^$dZOF)3TSOeGpI}0UHS%8;vMwJJPB^OF#Cc=
z6;F6{o_YbQO*&m~z>lbc)<7pfOSZZ@K?_$vMF;3ypYGBdouz*|U5~s(ijgbOYU9ew
z9!QLUG91LI80$%p-3uBWJ??r3R4alywT<?mG7ePA!i&cTjTHi*=;cRQI~>OjAA>*c
z`UhP6gH~;V>yK^+j<jx$v`*h!&|qk+y#h&`)4{3m3OI3|KqSs!(5S+8*IV7bS3sLp
zN>A`_@3{s_pr9ql;2A_$s2*s-w03<18~273wmp!77gVCZ1a$>pf`YfP7VIznR#4P}
z!rk=_IQ@c&ZdXK*ftI4f6+;{Mpw;y+O+kqZG7WX&Sj$0hTPUqN^cHAkMOx>SgCIA8
zq9xh&PUn_`pezGTC-9I5jnJX@$0a~rQt0@_aaZsuSfCRK8f!m5LJ71yx7+mtIFw$%
zef$LyBXEghkhU4*@U(8%56}eg;pLY9(1o%RINFzp@qq5q7yR4Y7;PcdyBo;2pv3^-
z6)K>EKztwYZwqAgNIu2CFNA}m@e!zcY5WCBTJV}5#CZu_Bn*lw^hLtZu|ZIz!2AC@
zDnPq24}yXLwlWh`e0REjcyaRscrOI#5D}c?lc4@2Vmu8rZr!{Sc1{wu@CK<z8ebD*
z2lcgx9<KwLUwn%M^S2RWK0U_oREt$p7)na>N)ijK6q55xb5a!Y@=FwQ6SGql^ixvH
z^g#-^u&7AP$;nSnEJ;<!%qvMPN=r;mRY=P(QUEEpQcz97s->hPF*yTC1E%8CqN4mF
zg_Kl~!pyvMylOM^lS^_Gic*tHi;6Sz^FX>%lS@)lbQBVk@{39`^V0PYu1HJF%t=jA
zD9KkyE=mPCyEs2NJGBJWsSq&*h{38U3J^`mYOn-EdTNP6Zc=F)l4Xc+OwKQ;Q~({|
zt&mofpQ}(>oLW>|keHl`Y$kHJXXX`@mM9b?g4_o3e7-_nYDsy1QMN*HNn&y~k{wVr
zCHV?TsS5d}B_MqniNy+e`C!*5WTYmhq!uA*fOrNJ0tJah#mMoNn37VIT3n2z)-AIF
z6#7sJg|x)n%$!Pi{BkjH<`<;qDQFaArYNYEYH~4fCg<cAr>1Z*s1_sprYJQ%v$!O+
zNFg~Ru_!Sa#7apm%S=vHC@#+|NzTxNXaG4mH8;PgQW3;g$WATFOU+S8ttd&&14nFG
zDkOqcixq5g6H7`m6N~loGK-6IQi~kYb1U>xQth}Hj0_A-4Gaw}AWpz;pF(<mi9$|(
zafzNnaY<2PUV19j1?Bm9>Lm)Lc{%xspyX4ckdvBNT%wSlha60q#R^HK#g*`2Qpm|q
z&MwB1BH&pAqyQ9-=|%aa1&FkWNFH#Nxuqqk6<iEeB@Ad85t0=Y3X1Ye@{{v(6hNsG
zl#)PMhYO;(B(XptKQE_Jp}4f5Ait=jSi!}|(<k1=HP|`cH6${?)d;Q~6vv>#7!Upc
z?jbQSG=Q3vNa{8~`3<0YoPmMi0+bd2?R5m5Z4PSkBB_Tl13=TQFb)F)LjjaO0n{*I
zU|^U4T9OJnW?v4XNCC9_h=GBj0o2$8(V$)xhz1=)1yT=MwFWW=bS@5v2JKCSXvIrD
zfT;rwKHyPl09wk)z`(EpO5;%qmf8SXhQh$Wpa43{lYxOD07_4Q(ifn#0;qKj@&}X#
zYsN;nLj(h$^ajw1A_fMA4^Y|wR0D(j4W$o2X^1XNvH@z&0w|5Cf;5o}pd(R0T0jeP
zK;Z=1Z~&r-OdlIS3;sdr1$qcSEPXUU#i^A(E`T<^g2D+J?+KtIL_pyW>Slq`8|dIp
zP<o04d4_>O0Ol`3=>zKT1SmZLrVnBa!vko#NdRq{WME)8U<s7~P2DgsFgVyi`8cQp
z;2s?gNj$=!W*4Z1UXlpC7y*x3d{Xdo6rUnIav(S0k%mZt)+>QnpzYeAyE#CbK&zrb
zVxxF81V%$(Gz3ONU^E0qLtr!nMnhmU1V%%EW+Ct)0lXfM4K%sH$iTpM0LtG1r8hw7
z6;OHsl%4^lCqU^ADBS?1E1+}%lum%s9#Gl=N?Sl_11PNlr6r)W0F;(Ugt$`xN*6%s
z3@Dudr6Ztp0F?HC(hgAi0F>SVr8hw76;OHsl%4^lCqU^JQ2GIs7D$G;hXYD8K<OVz
z5b+OC`URAJ0Htq0=?hT$1e87irFTH-4N!UolwJU(XF%x*P`U$3H$dqMC|v-hGoW+=
zl#YPX0Z`flN;^Pl3n*;>r5&LDvVhVCP<jHCE`ZV*P&xrhM?h)NeT1NNRg(e<ml7xq
znl9pFWMD{ujUzEIFo5_5&~YKq1`rTG0m=uh3<vQUpyNWIZaj#u0Of=BXMy+*P<|QI
zyaecY(KIN(0ouRc2<0yT9h=L*zyR9W1=4>3%D)elPXJBwFfcH@g7OtWGcODb44?%F
zAoUJVKIj-y5WfJ*S7U_uX9ARO2jzbNEf8d2U;s@ngVZko9W=(kz>o!%zX0XeLir5P
zahpCUA2u#DAIgV~?|=?^2b%{~54z$2#J>RLgAPam@fkpCoER7wK0);>K>1uu5ce`b
z`{ueZKD3YS59LpQ@>8Mw4N!hHl>Y(Bp91A?09}&Ez`(E`%6|amAA<5><4L!md<N*a
z$|oq_0LtfJhPV$l?ji@}Pk_o>Liq=ve19na0hFH(;xjWaT!7xCSqkE_Fff49C#Z03
zgYsKI>wp*-7#4!~YzzzwKnaV1fnhC_zXHnN2IX&n^7k<_Fz_=nFf>5J^CFb*0Oh}c
z@-IO7KcM^#P(C{gL_cgiNf*lB03BZofbtWd<5rze{sidw)mkWD0JO-6fq~%}j1L{3
z5@Us!F902PbAa+UfF@QM7#Ol)eCRmbbSNJ-ZgvpLhmET}g7RVGc8qKg^BX`JlYxQ3
z3d)}Vb$<|)Zvf?ILHV$8vZ+u$Y<%nxl+OSiH+v1^gBG)Z#t+#c_QA%>Y@z%HXnxIt
z@(rv&vCF_P70Q1A9hW-{<zIk~$9;zK3!wJNb3n{@02Mr-{0il7fR-Pi-9P-S3=9*X
z@xK%#58^}9&tVWBG$;q!_rk!y@EFR6jSup0Ld=Ja4;n-HuyJP}C?7T+oeJe20L?cu
zFfi0X`3cZ*^HorO19ZF`w9yir9--wS6Booj*!ZeGl-~dySC57A8KC}ahVo(K^y{E}
z*f{z_D8B$YzADcRF&{Qh;05IiK<5R@pnTZ8!4@bVHlOei%7@P<@IcIijSuTV`32B%
z{~#zIHh)k9<tsqv50*gr6QJe)IT#-_4-H!O2Ia%%Iaqih_QB>q<e~fm=zNG3l>Y&=
zet?02AqvVDfSOkW<rjeF$r%_JmO}X(pz04o`3+G1T`1oHs{SXGe*r2l$_H^z0(9Kp
z2+E%T<%dA|3{ZXsln<LPsDbhwp!LZ_C?7U|upG)SfX*L)788Tg3v8a@3RE68zwjE$
zSAd%L2g*MHozLLqhq!kGw7$~-@mU!dW<c|Y6Nt~qz+eEa|DvFL*nCMoln<LPX@l}%
z^Ct74eAv9oRw%y#YX4a%UjaHFb05l2fZF#F%7@L<FbhE43so-)<vT$6>L5Nd1A_wS
zoDfiX2IGSc*8r6VP(A~+K1qe~L5p-47#M1y{069eH<WJx<<A1~Sr`}&K+RtY;xjTZ
zD1h!@VqjnZU2Oo04+YS=I|c@Zi%|IuQ2A$2{sYj0L<R<i?@;~(sCsTei2oWuOR5+c
z7-XUR2cWep3=9l<P`&{)y?H?S2~d6#l+OU=S3vm>pyu~O`Jj8cK_%=$C_e$}o*jbV
z_8w^IJV=`102==k8viaD|2-Q2I~xBV8ed2V)jrU{OpFW+aQjuz<PFgH_Go+$G=2mc
zKNF2#j>fM?<M*QR=c4hqpz)8R@vo!tpQG`=qVbu9QNu$DjjxWzH$mh3qVZGF_{C`a
z1~mRmH2xAa{suJuel-3CH2xzr{ueYpvk0nx1<?4KXnbchzCRj28I50v#s^)&ft<c3
zqRFp7<8MRbpGD(8L*u_j<9|itGl-)4mj{h6j>cC;<C~!I?a=t%X#7w#ei9nL0FB>{
z#-EMG--yQFkH)`&#(#sx|B1$D7efsX2{gU}8eapAZ-B<PK;ws^@#E3>IcWTHG=4i8
ze-avh4jO+28h;BK{~#LwBpUw`8viL8{|6eMOB^-)MA7(iXnchP28JaJ4157lIs!^(
zK<N`u`T~@`0i_>6X@x|H{tr<42b5+=f{1fKX#pr*k<7rbmVtq<0ZPw+(kr0!1}MEC
znSo&)0|VbX4+e&L3=F!*JQx_}Gcf2TdoVC8U|`Ul<H5kNkbyyWz9<93A_fNC^JWm*
z-U&kIyF=*xP+C43!mo$Y4xS7Qiy0Vnmq$TpaX$uzr3?(Zks=HX%NQ7Rc?}_SkvD{9
z_kqwigCTU50RzKw1_s@$CJYQK7#MUjgBciBGBD_F2w`AY#lWD;BgVk6nt?%gwHO1#
z8U_a4+fob+>lqky4`@T^Ms3idS_WOvIT#xm7<4&w7#KD&FzCJ%XJFXOz@Qr}!N9PE
zfkD?^l7V3>1A}f#00YA|1_oW<5C(?r3=FzG@(c_+7#MVCC_v~JN)Y<B286bjW?<OK
zz@Y0c#lWzOfkAhgG6TbI1_s@ast}sZ4?>HoF)-|5V9;Ic2cZ{*GBE6AV9+%ShtO@x
z3=I1i7<4<N7#Q|5Fz70WK<I@M3=9Vt7<4~KLg<?k3=9Vu7<7%LAoO!z2z|zvf#DDX
zgYE=h28P2747z<m5ZXwOf#C=PgYI@;2wlv>z;Kj-L6@BuLbpL_ZaxTqJ(Tw3hwv{!
zX=ecle?64mqsqW=jDbOSvmyh-aRvt6nNkc4CqVIJ&%kgJ6n+j245t_vbhkP%Fq{Ut
z#}Pbcq|4?6p{t!37|t><=yEwTFq~sx(9L&dU^vgfpu5|Nf#CuJgRX-Z1H(lI23>Ut
z2t5%>7fM3-=VTzXq%4F^fzmF@5Wcz!gnkF5Ez}@<7flGQrURjyq4ZP(2>%I`&M|`U
zf15z)iKY;m!2v?wgVKuwApE2V2+g3zz;KCyL04Rnf#EU(gYG9~2;Ha(p>zEp^zSeT
zt*FVsa0Qg#6d4$<g3_TP1H&~22Hmqz+CT-u{|==c)gb(Hnh-k2A3`7CVPLq<z@RHB
z1fe-KA+#@)z7D02t1vL!U|`TyP-bAb2?}372>nrkf#DV?{i{G|=1>TotIWV~n}I>s
zS`|Wr+BtU^7<3yn85ltH1XTuxy9^Avm3|O9OO=7)9w>kNLFh1528R0#47#3v5c*^o
z1H%JQd7{d|@DP;V{UCHkC<DVI1_s?GD18G;rzkTpJZ50ftyY21Mye26T$O?038-8V
zVqkd6z@U2<N+$|K_!BiDw09^2!!uC2g3^NF3=Gd17<5BD!CQ-U9TdRFmg@#PgU2j&
zHRTu>UNbQ0{_tU7c*DS;tE$1k@Ror=S6hUE;T;2m?sGW?hW88%x?WlkdZ!cv!v|3L
zqXVHg=tAgwP};-?!mp5JVED+uplc<|!0?HILHDx^1H)$q23;Rr28J&T47wH};4xBN
zuRsQdZww5&T7e7<-x(NmkB2ZY{9s_v{jb2l@RNZ-w?Gj>Z&HTP7oc>n3WTqw$iVQ6
zfkBs11wvnyV_^6VGG7ZqFL#E}3Jme_QRbj^%PFa4Sy>>SpJifcNq#(N6{fSHYk+x4
z37Cy0<znbsh9+bNS_zt*jUjFVG72JUoST^kwZ+gJvVJ-~H>or&zOXd4G}SaUx1gjF
zq7vB^MmSwTgab`;6SMM*z&<n0&CG)`i8CI_<wzP({Rs;nXCq996A^qM?dgdnsqpZG
z3m8Dn0||ga5Jd%80Hy*d!f*!_5q>c=D@iPf&&^LM%}I?fE=epZ39!u0%}<HX%uCA;
z07ti>DT<Q(0t^*?hK67ziFt|XsYTAPWP&OR3oAntSR#Nbhe;rLiHJZnGzM7-Us4Yb
zDRgmIfT1`Bp&HrYE-<x7E}<xJL&9JY3CcD;h6cImMe)fgsb$6GU;!fo*ANfapm?Vs
ze@7Q*$Ka57M;DhMu#{P5US>&Z3YcwNl9&!+80V%JfoMac+|=Co;*8Rgl>G8MNF14f
zgg|;S6LT`FQUkn`K`JdkqG?5`sR3o+++YdfgO^f+xv24GXa-sE9}f>yXlg_YQbPlT
zJ+37sAbb4Kl^A8F#V4ku#DiC3yJiJ=8=7UN<)xOyr=;eVR>Y^I7AHepfEta4AdM-h
zIWUb_4L1gvoS&BpQxt^7bgUXpGSlLdGg6bY<8w=MN-|voye&W*89<Bov8uO#g)zY(
zu}n|ROD#$)NsZ6R%*&2XElbTSamDIGBc#wHWUNJI8YIA61I*&Vg=Ro<09I2$D#4pE
zT(cmV7ClDbUcnxxmYHesX+?>-sYR{<aJvwp6X2a3Y#xs-j1ZX}H6r0fBYJi>Gyr9Q
zc<?p|*UZe!0F#2Ed~jm*!=V)7ugu(lWFi!o7iE^Dx@HC#muBW?LL7`%-k>DktN<KV
z8-iU~oSKuGT;iIU8Bm7Lokl77;A|Za+U!BdQ*gyasfj80U1|(7m#EN!t0pqQ;OdD8
zGZUCghzt=6L=ge1RZ23Gi(v^5JvuClOA<ly@dzy`u2^Hv98`SfCKh0q#Yo|37FmL0
zl!zFDC?ps=@Y(`B*&-?zG#9wQYC1zRXcY)AY0+{8a$>`!781+oxdNAJNE{<)3oI)0
z@=G$)D&vz1(%=P75+o)t6{BVl)ck=(HMk@L?Nv)nfh7b?RiG3JDv;wLe#^*(m1USp
z2^QtpwG^k8fV>x9l33uH72uW`U>+Y2u9#qj9yD!X>NbOI(TWFc(Mm}zbA{G?m`cr)
zb5axYN((THcTBYwaAV<V!8O3!&=3?1pn54jB?nq}`(a5n7NvP`{V->N+XGk>8yO%e
zMp%YRxk+Y9PAbl*!cyO0_zjYepcxKtiiW5J=QzA66jVz=Ht@mICywNasD3b<g~+#<
zQt*~5rW8EyV(G(x;=2eIR+#eUDXHMT4jvV$c@Pz_WC-yVrcsFM7K<DnCnCxuOnvZT
z3Dj5x^-BzmGK=FA^D042tjs*9tKpL7>8U00C7Gaom+^U}xk;%opTks`q*i2>py@*H
ziNMsErh@jvqA4^j&Ph!zaD`@kxKfyCB{*PU!kE1>kn_#T6SGrGG0cDm9ZWYojerC|
zohy`<0VH1_q(EKb<m~wLB53sklR>X`EJ{k^!Fv>uy$lyb^&X}$#D8#cR1YGAQGEy(
zhkFqr0!tHc5qR=Ph`>@kLIkQSBn+k31Pc3*FtnyVR1mGIgNkBgBZxRC>_9OE;lZtC
zh==z)8RB6zBvL;DSrDlik1P!DI-m;XmR6t&Kx!gnF-YqdSp-}OAq(W?=NBM)H5f8j
z?FQ=scX}|?LrOAaVN4OE`iddmKiI7(H5Ekrg8Og?R(wceIu;>N&kq#FpgIIZ=auI&
z#K*@cS0u(4loqANmt_`}lqTjdfU3kq@RoCi_@t`TqI?E$bGEn~<XbqqC^a{~ER`W1
zv{O63w1go(xwNP#HLoPTBm-1*GsLH)mZcTPg9eu3^YT+tVFECHsUX2JhIj}a5878;
z!VsUC2Cn8nL~3y{IzJw=p&BlnQe1+rGB33xH?cSyqy*H#1P4Q6Nh+KV^%uC7kB4j$
zhRH#AkZxphehy4H71Vo!anf=U)4|RH84e0iP?&%=fyd`$7K7ank^q&7P=}$2XQUM6
zq~^iQ0`FOeadL7%8o;3$pHx|r3b!P;q!gwmFEJPHk)l-4R%<vHlrm7<1`<HE4kQAx
z1!f*d1j+c~{Irr}xLiqMNqlBra#3n7C{i=wt_HQwktD!T4++iEyv!1Y_#8;F7!MA4
za4Q}m1`03;uc#bDK~Z@;iae+cj!&&f&M7U<1SK?(!A0fq;IbcX2$&b2lA4&3lbM$a
z7lw>OqUg>~X8`w^;}cV|pe)e&0#GJ2?7$<D5LdvNxiBR~sj0cp=mblqr<Opa(o;(^
zQi`A)a14VL<R(@iIC-fRB?Z|q9R=AS9r4AfC6Mz5pn4I)2#pA_qU5s7G?>bw)PmH!
z6etfAlgY)Ux$y<5MQQm(xv5AJV6VkPG6mRK#i=C-(~DC}KrTa=1L8s4nVOrNTfh*X
zo0^+kPzk1s!9E6uIYWG2VqSi6YI1&FN^yKietcq5aehu|Noq+ZD3OAC@$m(jDGc$T
z!XUmVF)t-Qmm$75HK!;wIlm|c%!HH_;N}vT52?o(;*0YNiZb&`(iq}F?Ow>>0F(_a
zg~8$=0_33L5=gEpE-A_byA)zBC{;ku+F*bdO7R8xIho0opkRj!6{V)77NzDTr!vHs
zX6DBir51x+U7DE>Dc+!NVqo}nkLLgbgYq>71_sdiXP~t?pksuX7#J8UKnGSaFfeKS
zy2k_JhcGaKR%wHjFn|uv0bQ>P(!<5TF#m%HBLj3L5m??eIX_nqRLGWOrWWaeHX&O?
zxmbFII!Bp=G2}>0S^jtJY**E*{NJVK@-fDXHEKRtFMD#$7o+0E!F473mk7CEe!6-6
zdB^>0U*5hp(edrewYjY?ul~Lf-DoYg;Un9boo$D1dR*iYKloFTYyaKlWv8A`4c`0e
zVB$%|{S$XS_PiA;`J%;5^>X|aVRzGHuhrqH;d-VUgqF`YK7Vr8h1jyQI%fO4=5QW9
z@i{d8(SzGt%@4h~An`)!!M11Tp1m=0K54iu%ypH|vL*Hh;!M;hy86tGV07!WW80<T
zv}(n%RR!zUoewtRWQbnl`12fZuh@B~q$4{SUg<Vey53#rlG?IR^_9lb(63hgw<D_N
z9852t(|B-ZKDXFKz3sE!D_H%#rf{9f|I@E~JfPK}ptJQrG$<TJe%%8H;T#6=)H?&{
z2qI8`3t)sL16U5U@(ZMf52~I^tIebBdvXdJ6G#*s4PbR3c@PgS&j?+U#lXM-Iu#2n
zS6rHum6}|l=N}5<f@7WwDasgr-Q#9tU{G9V(7?tCwuhIIooPXXK?4&bqanWmFB@k<
zn+IbmGYb<VD+973Mh1ojO?)K=O)M-1O-yeVFf%bSF>y##tz2<vnj#NKBh)xXZdL|^
zBtvckPB!LH7B*p~&|pJh13?gnOPI^Cpdcqz!80#e&rr=k1tiEVEDI5IPAw|QOv_A8
zEXmBzQ*bOT$;dCtEU7dUGY|o(V;1Ixs0+%^FHvxIG>{YLH8e6XGB7kUGBh$YjS}ZI
zGDqSXR2u3UXoGd~sJNt-rRL-pq!uZ7x+vhX2<9Lj0uF-th6mX<$o@5GVpKv75k^)9
z<|amd27@L>E~X|%MuyHZf41mZj_;N#Ycnm5zg}#Az;r`*3zt2cO8xSw_OJc<Ca>SZ
zcj1KH(_D$o@-I5w_h0Aac=A7NhNkHADRXz4F6KJB<-o&7313dV(X4RI%uL9R@0#>y
zp7JxRLrR+s{bhE2+GY~z^lrmSCT59=EZa6$=o!m5xbnK@@8*k&uD5!AgX20kpHc4b
zHnS%=tB(kF6||_Wn(uP)<Bnt1Q^aR`eCLi3+ogPTzNls0so29t@%#^h>K$I~Tf>nu
zHTtB~oTm+^<g;94a_o+5P?MK^Q@uWJL6)ui$_ODtdxbKMTv?e7hx`OH)w)k#yCB$f
z(vSaRSjmN(9NuXai&n2${^*iVd*n$bW=00a#f{4h8W$VLvN4Cs^0A1qh=hy3U3C6V
z&5VTt5B}_H*VXy-SUkjlA0#cz$oQXy)qt6i@xOsQNI;oI!a%G+MEgRf`;;=ye_yhD
z^&FOcclWL5h%?XwDUfGTH&8WDUZA)@zD+ixq@=(~Uq87hM=ueS{`8XbbM=ez^Go!S
zi*gM3K<fEHHn1==F}4{9u)%W}6B`Q?D+6*=a)YCik-^EbBzxhVV@vwYwR$$oa=Gl8
zs#Cuwa>ts)-|Q168ST8X-}+#HWtL0HqBqg<1y5Jq_0Ew|F4T>`cy#i<ceA?+Qk&+A
zJ(dy>@6=s!_AgIGgeQ+iz41GSD(Nj{Yqo9O?SFrT^xPAY)4jOE()AD7ZQFdL+3G`i
zZpjfn<-m8dmNMrjd|B$TobAx=s7LbhZmxAtrhioz*sh>dlwWk~SU~AfTh;#9#SAa!
zoAr2D_HVX+HK9Ro>a2t>73aS2aRu8g`sIH^Ze7dNUZXu>zMU^CBp$4p<+Q8HO}b@K
z=Q)uV9Ty|IzpV>9qQk1?x}N){_ev&ylQkX36GJ;)PO2BPziWEx_qD*FiDkDz6Z2w7
zIl#z-97e44D*z143`~qnjSNi;jLo9Nd5ujCj0`NHT)GrOgmU_mi7PqfC*GEG4|vV`
zHm<To_qExgaG%gO-IAU6etPG8WnZmi!1O}G?neOU<$A{zGk#t?l{QBuTkyi--A|;o
z4$DuSSH-i$y*v7fn7Q%kBmBPSL^3a)lq~uh%XhUte)cC-=3SxvzOlR?Q%sdby+tEs
zH&6NgZO**&0lN-H1f=(KY*F}rdX0`ke!(_-MuVR1&gc2(+J4sd)Q~#y@7&g%d^h7{
zuAR2sYPI$YKOe&+?v09KdL>tFcyA|(tzKL>$vrsq;Cg+>%|CuWE;##av5#w=yiaz(
zG{?>(B}v=@&5rHHU5y(JBHl!?81-aq?w7rnTKqpfE_ILRjk5X1BB=|@r<~M<<n$)S
zDuX7*GPJD5hMBn$g#p&AO)&2_F@h=@Sp}9RMh=4}Mizr6Mh0j_mz=`NXwdk{K#Pq-
zn~jl`m7R%EOb%2s6kF-*mzS3#6%F7*A~{jtpz$zVF_S^#HmSzVL8&>JiFwJX3i){o
zB^jB;3d!(VD^($>QXw&~QlTKRsH9RMvADQ2H?>$HF*!N4pah~PO`#+s6@>E?Kz3v%
zCnn{jg3bWTOGzwBQ7B0*$}Lt%%u7)KwOcbm^<c3=ej4a}F&z|(APq%`O1S-?TC)Ij
z9vAo|u9CzOaNnp{4=rmlgDRjHvzb1+72DtT%)axveD<fZOXUXs2jyFvTcu~(x|@Gm
zIoqL6=gP(jLO1q(DW3iAQVRd+N`I3Zi|l?@{LenY{-)NlxjR_lvc-{&`)B!cW&hXy
z6S<s~vqsz@Oi-@m^7d|JYxl)h^Hm<bzPP>MKELZj^-~{nE8afeDlWd_PMwnJDb=et
z`LAVPS)`&Y_<iA;{^G`jW75%_`ja;OaPjz%U@=ehtF2nPLYHyYciyJ+_g*j7{~4SW
zopK=Axcs{nyH42aTl|WAw{{gv`ft5yR)4TP^yc!JJB^%v-?&;huWn(`cImy7om7Oh
zj`PcI^PLlye8RgyJYZGV)mu;gT;OCk-%whrXwbyE(x8cDBBc1@5YH9}<&P`dg&b6%
zX3PLKAwaDg69Yp7OG6720|SF7ab81914BatDA%BIsiBmC1REFUB(=`TpL9|f8F`Qz
zdWNnB&XA^$4NB7o)PjPxu&flKQj79KGE<8b{2+(X6)X7oI4fu%nv0sSh8s7E*>VOl
zAhWr6M6sHH()1(P6x!Locg9KytFIMHce^`VJU=CE5xL_@#`z6Dx;xiI2Y>nZX12zO
z&YVr<-<5bLyu28YzH7o3HMgKYq1|i#v0Z+w{`a0DLz>2R#|z>+)86cRa``yZf6w;q
zk*(((t~2&YUJ>R`m|2kZl6z8G%_RO`FIrjG%DC$uelMD&d}YFy??!p0W^aGJuX`SB
z^8Sg`R;?3!y~j^hyWN`XIN{Q)%iq{~d6>7Sx8LOLN||!#Oi7BHcJJF*6|cg?J1rk4
zR&TtrRJL(}R$9;3@HPJyRylRet*QJQ|GQX6_L9Yibskc`BCp*#{MNZW<=x>VH$kbc
z>nyn$>-+PzA7S$1dZI4!OeXxwLpJuq&;pW)&7g^i$-n_t-Y_z<m>3ut7{K@jjBP5Q
z!pcftKR>y+0I9G7aScp#K_~E~7#Jcor@S`JWfg9FA1C4zRUmjS)lqe$c9sDTsIdcX
zPB9rUptPm1w!WGeK~W7ZPlXMd82JsF7`ai()4v9$FefrGifKZfh+3Q?6_JUsRy}&r
z$}=>JR+P3QdxL=(D0o#tZAl&jE?B@YGaCpa+LVmEAZbvu5?N3PCddm7US38}M+#h6
zduP5*h@HMyhe4u?g>zz(V(7Ds)aPo^B~!8rN-yPIkbda3k?%`M&Bk($Z~ettL23?N
ze;jUeU+Iyav*=8sLS?wWXvk#_mTQ5JCV8%lTfFsDbP&_U8!s8J&i$Wvp}e&-_|Io+
zQ^Dfm7hkvR-kBvUy-(=Dbg7AlKP}X;D^G3G+0E8{_JDZIQeAttoZ73B#`XM*oagb_
z&hPTPyWVO;z-yIN`@L?jFAKN+@w0fQ7)!{c8UNQ+NGI{N>3xZDx!A|@k9%71%|ELQ
z8=f#0?d*v6Q!a0wy4gN-9qU}l--314TnGM~Ik@~q%iqfvpGKa|Wtv!FesQW%eB#oh
zKmNt5diXtGddsj$=z~F%&>JR3MuW!I0qoZ?p;Qz|9pwd?1`_ai<7763<q=*+c18mk
zgbb@8zc{a<siC2vfswJXfstX9fj&Z(#ZZYw;l9)w2a6)5RSfgyR<VCkpL$4n+Fy=o
znT0o2ojlaByXPfx6~)NPz|zFXkmMT1Uo?58lDzi0u9qr7b!S-lmls&AJ@#MFaBj)`
ztJ7}?+5c1bl#I-cOxbv6+G5Y2HXN$2^R!Q~+1eP*D&DTycGJ%6OE}M|ov|GKVRxQt
z?|7PE&UGU0{eRBS?_av_*!+kg=BMt*D|NeefBdF6cXyUo#GARc8Cls3nybF@Okqp@
zp<H^BHzrPaZ~6bYcmBV6_U}Fxo)rK8+28k!$<FB^cco3ZUcTP2ukO^Wo!{@~2IVoh
z2wxAp+Hi*HK<aTRr|o<~9@n%E)cUAZ@h=w8Vc5I-xv%A>_&rC9CObUx>bbh;#<X8@
z0pF(0H)1>6Dt2i4h3fBrABY86Do9IlY+L$*Z8zh>CV>kEO#)}wxS>N3oB~XIhD`#y
z4VnbD!-JQdX+e{~3WFwrB}|OW;5v#`n~#}Eij~2j8c8Q3%Yq!1EQ1UtMn*PPEoK&0
zHUmRYm?OnDi-IZ_%d@Lln*Nnev-L8QUU@5?e0`?u)*Ojx-%Yp7Xqn2y#F4n;eEbT5
z!V?nwpp*CD5pEP^z|6$R$i&I8i))c<{>M%87Bul*Flb_BGH7Cc1#OK~r~G>}a|_dP
zkhM@Bfyx4d8bbqc=az+;M;%m=rz(VG=B5^xB<2>-VN3(mATc#GG%ztTGO{oN^|lO6
z4UG)Vpj-n-Ls<i9P`iMcM+D)n;LP;A)FK5Re?M4Tf{XlNlNa(VXWoS>NN?sU<2U8E
zj{Cph=gXj7-G6H*9azR1rn6}Cn$XE5FMl7ob>?~LiWNmI!T}0uKQ1nvdC#Dyt;1^h
z27@5R)qh)`ad0l`InTwzQ(gOH`R?%J|9cMB>UWjiVoz}kcX@mNqV{aVa~p&|&-)>F
z>vOSY!>((#i!@htp1;RDMMd)E`h%%I;+MTM31*yRci;G|kZa?Tc>#}S&l6}YlAjX8
zw0=gR@NCYvLQc{8Ni3@$iABHRN^_oYrNwmWAAYW!|9$(9Xr0eKnpB_rnP>Nr-@$@x
zbrz@6&F8wyp80#^T_Ed*k0<o<Gw1RNv#h(>5ahZ&>G9%BSCf5D54Ng*yz;*s+E!pZ
zXwbyC7pbNX(J+Z9=-(|8?&$6#aBl-!#s0t@cxrl+v#Ne)@0qt+ER0b5@$-@9y-zZe
z4VoCibs4DV#A?t4Drx^gvks)=^ua&_R-Z93ipgND=s|s&)a1lrQnwp}>T-D&9Rn=`
zjRk58RN9oFo<<!<0?jCZ^C0G663zwz2U^w!SMzhHU3qp`^vVa(_2xRi?nN%Gbf}V6
z?v3r{xM5&){eURXx+8CQTnL_|pmDr?8;>5-+SGpTRsOoSrgwk2^N+WRga6so%We<;
zD&_k5&04p7+i9!SYi+c%OzVxKWp2)CJ+oAO^^@ue%?2X#n(GfV<p~Au;tX5y%wSeX
z@sr!SfA1QY_ODv}U1{wJzQPM0vHMs34ES?w+qJZ>TQUPhpZ=+hR%nQL@8Zr~I3>A%
zF{`p{uK(ef3r~xFzrR!V@BQSimLm_%w`RO8-~P$4%yePX`!({84n___ulIPf=}i88
z=rU8sf{fZID|gY^Tn9p{UAR8JJ|M*Lf?-9LpJMi+V1`~Dn;(lE44PQj4VswVLrcM0
zpYY`QpFeCz3o5#d>VV2RBLfoyQ_ujji3wzA8NnUkl9<q#)8%rBh2Liiq{m#+o42E1
zIo<A$(<9DWuC5&te~KOS_a3<sa8&)oza1t83wVWX_Hy{mnw)QGersOp*Dc9kCY<oh
zja9g8`ImFo7pu?byfRZ*XSzMOWqKr4LhhK@Vxhz>dS5?u^7h=Z{l<1azfIML^N{oj
zzKV|CgGxJgDGJX%^{#8)-RkK7i(g(`+*tST|Fa&?C)Qj)1(p>V@76iu6;;G#8BlUp
zBd;>PZutt4^I@CAa+bdQaAe)jR|<U+$2CeGarkzsIaS7eOL*)WvG8}GXWS$&-<|KT
z6mPx7QvEn+{^`Y%v1_tt<ji~YrbO4p?m?m*yK9|EsoD&O*`@PN7`*k~U)~QXCecTi
zv6gxRJG#t?YjoM{(${;1!R#lMZ&b`q-Shcs^vfOf(#ppdo!_!j<K>UL1s#f(pKlw_
zIb7s?&DJS!`mVLIeUmPgb{~$N^YwJkovbXYyRSoP--={^zGgT1L~d0`{3qu=feU3Z
zvl)0~{Z84O{q^koA-kgOJMO(OStYt)T}=84o;9=OQa3;5H*hj}x$ZLK<>hysic4z(
zom*!m2;5nxeknWsq_J!M$r*ABX4U%&PJWpA|BbinXTMWQeBsxX*q<tGX@5EAvg_$Q
z`=@<7{<vL@Ik{mqt5vSK#^M!jsrjJ`Gdf-c*`54y<=HR$B~R2EwpwLhJN)#gQR4}t
zMII0P*cMAZ*?ijC`~HJ7e4EzKxY#^8x(u1(B9zldN0&kKNTZ|6qod1%YINDKiOJre
ziOCu~V9{YPp#3%`4tRHxlMUA6UC`KLAO&sS^D=TW8}g#`fbk7k7)2Q<BXqJDim`|U
zHq4c<{p{zuYegLsC-dr4o0j}^Hqb^gk%`Ap#z4wI!a$5gq?K*qrS-a&Qm1`=KY!To
ztG+Gi;|$~`9&}7Y=v6~ZDEkDx)$%VyHnh)Oe$m=FS-y?cxL)RHm5p1KQb$p7&xfP=
zEbndN))-xTc<`L$&l!rLb{j-*8TuPe_n&`t?S%8j>m8gr#YDW7V@(=Ls%+<-ESa%U
z-gU$OJpLTT@3+!-Up?O%YV5}Jq_R9!C}R1nKg^+uYiHlMx~W7`Iql5h-8_QM?Xnj2
z!oG~h^ZAN*y6M$V-Tu|5bDEQXrQ6fr%e8F2|2XvU?u=lgv?bMzSDPK!CU&O?FK<}w
zH*x+7??v@8kE$cy3EY@BeLZ(mU1?h3#gqKzFGQA^e`HKQ9mgpj_v_JZRZY&7+rqm&
go_8s16t7?Zro7!>^K3|Q;ggMB;ME(W#DIkW0A}r=tpET3

literal 0
HcmV?d00001

diff --git a/ext/bin/tap-mac/com.zerotier.tap.kext/Contents/_CodeSignature/CodeResources b/ext/bin/tap-mac/com.zerotier.tap.kext/Contents/_CodeSignature/CodeResources
new file mode 100644
index 000000000..0710b4008
--- /dev/null
+++ b/ext/bin/tap-mac/com.zerotier.tap.kext/Contents/_CodeSignature/CodeResources
@@ -0,0 +1,105 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>files</key>
+	<dict/>
+	<key>files2</key>
+	<dict/>
+	<key>rules</key>
+	<dict>
+		<key>^Resources/</key>
+		<true/>
+		<key>^Resources/.*\.lproj/</key>
+		<dict>
+			<key>optional</key>
+			<true/>
+			<key>weight</key>
+			<real>1000</real>
+		</dict>
+		<key>^Resources/.*\.lproj/locversion.plist$</key>
+		<dict>
+			<key>omit</key>
+			<true/>
+			<key>weight</key>
+			<real>1100</real>
+		</dict>
+		<key>^version.plist$</key>
+		<true/>
+	</dict>
+	<key>rules2</key>
+	<dict>
+		<key>.*\.dSYM($|/)</key>
+		<dict>
+			<key>weight</key>
+			<real>11</real>
+		</dict>
+		<key>^(.*/)?\.DS_Store$</key>
+		<dict>
+			<key>omit</key>
+			<true/>
+			<key>weight</key>
+			<real>2000</real>
+		</dict>
+		<key>^(Frameworks|SharedFrameworks|PlugIns|Plug-ins|XPCServices|Helpers|MacOS|Library/(Automator|Spotlight|LoginItems))/</key>
+		<dict>
+			<key>nested</key>
+			<true/>
+			<key>weight</key>
+			<real>10</real>
+		</dict>
+		<key>^.*</key>
+		<true/>
+		<key>^Info\.plist$</key>
+		<dict>
+			<key>omit</key>
+			<true/>
+			<key>weight</key>
+			<real>20</real>
+		</dict>
+		<key>^PkgInfo$</key>
+		<dict>
+			<key>omit</key>
+			<true/>
+			<key>weight</key>
+			<real>20</real>
+		</dict>
+		<key>^Resources/</key>
+		<dict>
+			<key>weight</key>
+			<real>20</real>
+		</dict>
+		<key>^Resources/.*\.lproj/</key>
+		<dict>
+			<key>optional</key>
+			<true/>
+			<key>weight</key>
+			<real>1000</real>
+		</dict>
+		<key>^Resources/.*\.lproj/locversion.plist$</key>
+		<dict>
+			<key>omit</key>
+			<true/>
+			<key>weight</key>
+			<real>1100</real>
+		</dict>
+		<key>^[^/]+$</key>
+		<dict>
+			<key>nested</key>
+			<true/>
+			<key>weight</key>
+			<real>10</real>
+		</dict>
+		<key>^embedded\.provisionprofile$</key>
+		<dict>
+			<key>weight</key>
+			<real>20</real>
+		</dict>
+		<key>^version\.plist$</key>
+		<dict>
+			<key>weight</key>
+			<real>20</real>
+		</dict>
+	</dict>
+</dict>
+</plist>
diff --git a/ext/tap-mac/tuntap/Makefile b/ext/tap-mac/tuntap/Makefile
index 8d79577ee..53ab1a9d7 100644
--- a/ext/tap-mac/tuntap/Makefile
+++ b/ext/tap-mac/tuntap/Makefile
@@ -1,12 +1,95 @@
-TUNTAP_VERSION = 20131028
+# Lets have a version, at last!
+TUNTAP_VERSION = 20150118
+
+# BASE install directory
 BASE=
 
 all: tap.kext
 
+keysetup:
+	-security delete-keychain net.sf.tuntaposx.tmp
+	security create-keychain -p $$(head -c 32 /dev/urandom | hexdump -e '"%02x"') \
+		net.sf.tuntaposx.tmp
+	security set-keychain-settings -lut 60 net.sf.tuntaposx.tmp
+	security import identity.p12 -k net.sf.tuntaposx.tmp -f pkcs12 \
+		-P $$(read -sp 'identity passphrase: ' pw && echo "$$pw") -A
+	security find-identity -v net.sf.tuntaposx.tmp | \
+		awk -F \" '$$2 ~ /^Developer ID Application:/ { print $$2 }' > .signing_identity
+	security find-identity -v net.sf.tuntaposx.tmp | \
+		awk -F \" '$$2 ~ /^Developer ID Installer:/ { print $$2 }' > .installer_identity
+
+pkgbuild/%.pkg: %.kext
+	mkdir -p pkgbuild/$*_root/Library/Extensions
+	cp -pR $*.kext pkgbuild/$*_root/Library/Extensions
+	mkdir -p pkgbuild/$*_root/Library/LaunchDaemons
+	cp pkg/launchd/net.sf.tuntaposx.$*.plist pkgbuild/$*_root/Library/LaunchDaemons
+	pkgbuild --root pkgbuild/$*_root \
+		--component-plist pkg/components/$*.plist \
+		--scripts pkg/scripts/$* pkgbuild/$*.pkg
+
+tuntap_$(TUNTAP_VERSION).pkg: pkgbuild/tap.pkg pkgbuild/tun.pkg
+	productbuild --distribution pkg/distribution.xml --package-path pkgbuild \
+		--resources pkg/res.dummy \
+		tuntap_$(TUNTAP_VERSION).pkg ; \
+	pkgutil --expand tuntap_$(TUNTAP_VERSION).pkg pkgbuild/tuntap_pkg.d
+	cp -pR pkg/res/ pkgbuild/tuntap_pkg.d/Resources
+	pkgutil --flatten pkgbuild/tuntap_pkg.d tuntap_$(TUNTAP_VERSION).pkg
+	if test -s ".installer_identity"; then \
+		productsign --sign "$$(cat .installer_identity)" --keychain net.sf.tuntaposx.tmp \
+			tuntap_$(TUNTAP_VERSION).pkg tuntap_$(TUNTAP_VERSION).pkg.signed ; \
+		mv tuntap_$(TUNTAP_VERSION).pkg.signed tuntap_$(TUNTAP_VERSION).pkg ; \
+	fi
+
+pkg: tuntap_$(TUNTAP_VERSION).pkg
+	tar czf tuntap_$(TUNTAP_VERSION).tar.gz \
+		README.installer README tuntap_$(TUNTAP_VERSION).pkg 
+
+# Install targets
+# They are provided for the gentoo ebuild, but should work just fine for other people as well.
+install_%_kext: %.kext
+	mkdir -p $(BASE)/Library/Extensions
+	cp -pR $*.kext $(BASE)/Library/Extensions/
+	chown -R root:wheel $(BASE)/Library/Extensions/$*.kext
+	mkdir -p $(BASE)/Library/LaunchDaemons
+	cp pkg/launchd/net.sf.tuntaposx.$*.plist $(BASE)/Library/LaunchDaemons
+	chown -R root:wheel $(BASE)/Library/LaunchDaemons/net.sf.tuntaposx.$*.plist
+
+install: install_tap_kext install_tun_kext
+
+tarball: clean
+	touch tuntap_$(TUNTAP_VERSION)_src.tar.gz
+	tar czf tuntap_$(TUNTAP_VERSION)_src.tar.gz \
+		-C .. \
+		--exclude "tuntap/identity.p12" \
+		--exclude "tuntap/tuntap_$(TUNTAP_VERSION)_src.tar.gz" \
+		--exclude "tuntap/tuntap_$(TUNTAP_VERSION).tar.gz" \
+		--exclude "tuntap/tuntap_$(TUNTAP_VERSION).pkg" \
+		--exclude "*/.*" \
+		tuntap
+
 clean:
 	cd src/tap && make -f Makefile clean
+	cd src/tun && make -f Makefile clean
+	-rm -rf pkgbuild
+	-rm -rf tuntap_$(TUNTAP_VERSION).pkg
+	-rm -f tuntap_$(TUNTAP_VERSION).tar.gz
+	-rm -f tuntap_$(TUNTAP_VERSION)_src.tar.gz
 
-tap.kext:
-	cd src/tap && make TUNTAP_VERSION=$(TUNTAP_VERSION) -f Makefile all
+%.kext:
+	cd src/$* && make TUNTAP_VERSION=$(TUNTAP_VERSION) -f Makefile all
+	if test -s ".signing_identity"; then \
+		codesign -fv --keychain net.sf.tuntaposx.tmp -s "$$(cat .signing_identity)" \
+			$*.kext ; \
+	fi
+
+test:
+	# configd messes with interface flags, issuing SIOCSIFFLAGS ioctls upon receiving kernel
+	# events indicating protocols have been attached and detached. Unfortunately, configd does
+	# this asynchronously, making the SIOCSIFFLAGS changes totally unpredictable when we bring
+	# our interfaces up and down in rapid succession during our tests. I haven't found a good
+	# way to suppress or handle this mess other than disabling configd temporarily.
+	killall -STOP configd
+	-PYTHONPATH=test python test/tuntap/tuntap_tests.py --tests='$(TESTS)'
+	killall -CONT configd
 
 .PHONY: test
diff --git a/ext/tap-mac/tuntap/src/lock.cc b/ext/tap-mac/tuntap/src/lock.cc
index 0da48be22..9c78783a5 100644
--- a/ext/tap-mac/tuntap/src/lock.cc
+++ b/ext/tap-mac/tuntap/src/lock.cc
@@ -31,6 +31,8 @@
 
 extern "C" {
 
+#include <kern/clock.h>
+
 #include <sys/syslog.h>
 #include <sys/proc.h>
 
@@ -120,10 +122,13 @@ tt_mutex::sleep(void *cond)
 }
 
 void
-tt_mutex::sleep(void *cond, uint64_t timeout)
+tt_mutex::sleep(void *cond, uint64_t nanoseconds)
 {
-	if (lck != NULL)
-		lck_rw_sleep_deadline(lck, LCK_SLEEP_DEFAULT, cond, THREAD_INTERRUPTIBLE, timeout);
+	if (lck != NULL) {
+		uint64_t abstime;
+		nanoseconds_to_absolutetime(nanoseconds, &abstime);
+		lck_rw_sleep_deadline(lck, LCK_SLEEP_DEFAULT, cond, THREAD_INTERRUPTIBLE, abstime);
+	}
 }
 
 void
@@ -188,9 +193,9 @@ tt_gate::sleep(void* cond)
 }
 
 void
-tt_gate::sleep(void* cond, uint64_t timeout)
+tt_gate::sleep(void* cond, uint64_t nanoseconds)
 {
-	slock.sleep(cond, timeout);
+	slock.sleep(cond, nanoseconds);
 }
 
 void
diff --git a/ext/tap-mac/tuntap/src/tap/Makefile b/ext/tap-mac/tuntap/src/tap/Makefile
index ee1f5457f..306a86d7f 100644
--- a/ext/tap-mac/tuntap/src/tap/Makefile
+++ b/ext/tap-mac/tuntap/src/tap/Makefile
@@ -19,18 +19,18 @@ BUNDLE_SIGNATURE = ????
 BUNDLE_PACKAGETYPE = KEXT
 BUNDLE_VERSION = $(TAP_KEXT_VERSION)
 
-INCLUDE = -I.. -I/System/Library/Frameworks/Kernel.framework/Headers -I/Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.8.sdk/System/Library/Frameworks/Kernel.framework/Headers
-CFLAGS = -Wall -mkernel -force_cpusubtype_ALL \
-	-fno-builtin -fno-stack-protector -arch i386 -arch x86_64 \
-	-DKERNEL -D__APPLE__ -DKERNEL_PRIVATE -DTUNTAP_VERSION=\"$(TUNTAP_VERSION)\" \
+INCLUDE = -I.. -I/System/Library/Frameworks/Kernel.framework/Headers
+CFLAGS = -Wall -Werror -mkernel -force_cpusubtype_ALL \
+	-nostdinc -fno-builtin -fno-stack-protector -msoft-float -fno-common \
+	-arch x86_64 \
+	-DKERNEL -DAPPLE -DKERNEL_PRIVATE -DTUNTAP_VERSION=\"$(TUNTAP_VERSION)\" \
 	-DTAP_KEXT_VERSION=\"$(TAP_KEXT_VERSION)\"
 CCFLAGS = $(CFLAGS)
-LDFLAGS = -Wall -mkernel -nostdlib -r -lcc_kext -arch i386 -arch x86_64 -Xlinker -kext
+LDFLAGS = -Wall -Werror -arch x86_64 -Xlinker -kext -nostdlib -lkmodc++ -lkmod -lcc_kext
 
-#CCP = g++
-#CC = gcc
-CCP = ../../../../llvm-g++-Xcode4.6.2/bin/llvm-g++
-CC = ../../../../llvm-g++-Xcode4.6.2/bin/llvm-gcc
+CCP = clang -x c++
+CC = clang -x c
+LD = clang
 
 all: $(KMOD_BIN) bundle
 
@@ -40,7 +40,7 @@ all: $(KMOD_BIN) bundle
 	$(CCP) $(CCFLAGS) $(INCLUDE) -c $< -o $@
 
 $(KMOD_BIN):	$(OBJS)
-	$(CCP) $(LDFLAGS) -o $(KMOD_BIN) $(OBJS)
+	$(LD) $(LDFLAGS) -o $(KMOD_BIN) $(OBJS)
 
 bundle:	$(KMOD_BIN)
 	rm -rf $(BUNDLE_DIR)/$(BUNDLE_NAME)
diff --git a/ext/tap-mac/tuntap/src/tap/tap.cc b/ext/tap-mac/tuntap/src/tap/tap.cc
index 149f1e719..b348a85e8 100644
--- a/ext/tap-mac/tuntap/src/tap/tap.cc
+++ b/ext/tap-mac/tuntap/src/tap/tap.cc
@@ -38,6 +38,8 @@ extern "C" {
 #include <sys/random.h>
 #include <sys/kern_event.h>
 
+#include <mach/thread_policy.h>
+
 #include <net/if_types.h>
 #include <net/if_arp.h>
 #include <net/if_dl.h>
@@ -89,10 +91,25 @@ struct ifmediareq32 {
 #define	SIOCGIFMEDIA32	_IOWR('i', 56, struct ifmediareq32) /* get net media */
 #define	SIOCGIFMEDIA64	_IOWR('i', 56, struct ifmediareq64) /* get net media (64-bit) */
 
+/* thread_policy_set is exported in Mach.kext, but commented in mach/thread_policy.h in the
+ * Kernel.Framework headers (why?). Add a local declaration to work around that.
+ */
+extern "C" {
+kern_return_t thread_policy_set(
+	thread_t thread,
+	thread_policy_flavor_t flavor,
+	thread_policy_t policy_info,
+	mach_msg_type_number_t count);
+}
 
 static unsigned char ETHER_BROADCAST_ADDR[] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
 
 /* members */
+tap_interface::tap_interface() {
+	bzero(attached_protos, sizeof(attached_protos));
+	input_thread = THREAD_NULL;
+}
+
 bool
 tap_interface::initialize(unsigned short major, unsigned short unit)
 {
@@ -166,6 +183,30 @@ tap_interface::initialize_interface()
 	 */
 	bpfattach(ifp, DLT_EN10MB, ifnet_hdrlen(ifp));
 
+	/* Inject an empty packet to trigger the input thread calling demux(), which will unblock
+	 * thread_sync_lock. This is part of a hack to avoid a kernel crash on re-attaching
+	 * interfaces, see comment in shutdown_interface for more information.
+	 */
+	mbuf_t empty_mbuf;
+	mbuf_gethdr(MBUF_WAITOK, MBUF_TYPE_DATA, &empty_mbuf);
+	if (empty_mbuf != NULL) {
+		mbuf_pkthdr_setrcvif(empty_mbuf, ifp);
+		mbuf_pkthdr_setlen(empty_mbuf, 0);
+		mbuf_pkthdr_setheader(empty_mbuf, mbuf_data(empty_mbuf));
+		mbuf_set_csum_performed(empty_mbuf, 0, 0);
+		if (ifnet_input(ifp, empty_mbuf, NULL) == 0) {
+			auto_lock l(&thread_sync_lock);
+			for (int i = 0; i < 100 && input_thread == THREAD_NULL; ++i) {
+				dprintf("input thread not found, waiting...\n");
+				thread_sync_lock.sleep(&input_thread, 10000000);
+			}
+		} else {
+			mbuf_freem(empty_mbuf);
+		}
+	}
+	if (input_thread == THREAD_NULL)
+		dprintf("Failed to determine input thread!\n");
+
 	return 0;
 }
 
@@ -186,6 +227,36 @@ tap_interface::shutdown_interface()
 
 	cleanup_interface();
 	unregister_interface();
+
+	/* There's a race condition in the kernel that may cause crashes when quickly re-attaching
+	 * interfaces. The crash happens when the interface gets re-attached before the input thread
+	 * for the interface managed to terminate, in which case an assert on the input_waiting flag
+	 * to be clear triggers in ifnet_attach. The bug is really that there's no synchronization
+	 * for terminating the input thread. To work around this, the following code does add the
+	 * missing synchronization to wait for the input thread to terminate. Of course, threading
+	 * primitives available to kexts are few, and I'm not aware of a way to wait for a thread to
+	 * terminate. Hence, the code calls thread_policy_set (passing bogus parameters) in a loop,
+	 * until it returns KERN_TERMINATED. Since this is all rather fragile, there's an upper
+	 * limit on the loop iteratations we're willing to make, so this terminates eventually even
+	 * if things change on the kernel side eventually.
+	 */
+	if (input_thread != THREAD_NULL) {
+		dprintf("Waiting for input thread...\n");
+		kern_return_t result = 0;
+		for (int i = 0; i < 100; ++i) {
+			result = thread_policy_set(input_thread, -1, NULL, 0);
+			dprintf("thread_policy_set result: %d\n", result);
+			if (result == KERN_TERMINATED) {
+				dprintf("Input thread terminated.\n");
+				thread_deallocate(input_thread);
+				input_thread = THREAD_NULL;
+				break;
+			}
+
+			auto_lock l(&thread_sync_lock);
+			thread_sync_lock.sleep(&input_thread, 10000000);
+		}
+	}
 }
 
 errno_t
@@ -263,6 +334,16 @@ tap_interface::if_demux(mbuf_t m, char *header, protocol_family_t *proto)
 
 	dprintf("tap: if_demux\n");
 
+	/* Make note of what input thread this interface is running on. This is part of a hack to
+	 * avoid a crash on re-attaching interfaces, see comment in shutdown_interface for details.
+	 */
+	if (input_thread == THREAD_NULL) {
+		auto_lock l(&thread_sync_lock);
+		input_thread = current_thread();
+		thread_reference(input_thread);
+		thread_sync_lock.wakeup(&input_thread);
+	}
+
 	/* size check */
 	if (mbuf_len(m) < sizeof(struct ether_header))
 		return ENOENT;
diff --git a/ext/tap-mac/tuntap/src/tap/tap.h b/ext/tap-mac/tuntap/src/tap/tap.h
index 72339a95c..a5164d4a1 100644
--- a/ext/tap-mac/tuntap/src/tap/tap.h
+++ b/ext/tap-mac/tuntap/src/tap/tap.h
@@ -30,12 +30,15 @@
 
 #include "tuntap.h"
 
+extern "C" {
+
+#include <kern/thread.h>
+
+}
+
 #define TAP_FAMILY_NAME			((char *) "zt")
-
 #define TAP_IF_COUNT			32	/* max number of tap interfaces */
-
 #define TAP_MTU				2800
-
 #define TAP_LLADDR			tap_lladdr
 
 /* the mac address of our interfaces. note that the last byte will be replaced by the unit number */
@@ -52,6 +55,8 @@ class tap_manager : public tuntap_manager {
 
 /* the tap network interface */
 class tap_interface : public tuntap_interface {
+        public:
+	   	tap_interface();
 
 	protected:
 		/* maximum number of protocols that can be attached */
@@ -67,6 +72,9 @@ class tap_interface : public tuntap_interface {
 			protocol_family_t proto;
 		} attached_protos[MAX_ATTACHED_PROTOS];
 
+		/* The input thread for the network interface. */
+		thread_t input_thread;
+
 		/* initializes the interface */
 		virtual bool initialize(unsigned short major, unsigned short unit);
 
diff --git a/ext/tap-mac/tuntap/src/tuntap.cc b/ext/tap-mac/tuntap/src/tuntap.cc
index 7fdbb7959..d0f89018b 100644
--- a/ext/tap-mac/tuntap/src/tuntap.cc
+++ b/ext/tap-mac/tuntap/src/tuntap.cc
@@ -384,10 +384,10 @@ tuntap_interface::unregister_interface()
 		dprintf("interface detaching\n");
 
 		/* Wait until the interface has completely been detached. */
-		detach_lock.lock();
+		thread_sync_lock.lock();
 		while (!interface_detached)
-			detach_lock.sleep(&interface_detached);
-		detach_lock.unlock();
+			thread_sync_lock.sleep(&interface_detached);
+		thread_sync_lock.unlock();
 
 		dprintf("interface detached\n");
 
@@ -642,15 +642,14 @@ tuntap_interface::cdev_write(uio_t uio, int ioflag)
 	unsigned int mlen = mbuf_maxlen(first);
 	unsigned int chunk_len;
 	unsigned int copied = 0;
+	unsigned int max_data_len = ifnet_mtu(ifp) + ifnet_hdrlen(ifp);
 	int error;
 
 	/* stuff the data into the mbuf(s) */
 	mb = first;
 	while (uio_resid(uio) > 0) {
 		/* copy a chunk. enforce mtu (don't know if this is correct behaviour) */
-		// ... evidently not :) -- Adam Ierymenko <adam.ierymenko@zerotier.com>
-		//chunk_len = min(ifnet_mtu(ifp), min(uio_resid(uio), mlen));
-		chunk_len = min(uio_resid(uio),mlen);
+		chunk_len = min(max_data_len - copied, min(uio_resid(uio), mlen));
 		error = uiomove((caddr_t) mbuf_data(mb), chunk_len, uio);
 		if (error) {
 			log(LOG_ERR, "tuntap: could not copy data from userspace: %d\n", error);
@@ -666,9 +665,7 @@ tuntap_interface::cdev_write(uio_t uio, int ioflag)
 		copied += chunk_len;
 
 		/* if done, break the loop */
-		//if (uio_resid(uio) <= 0 || copied >= ifnet_mtu(ifp))
-		//	break;
-		if (uio_resid(uio) <= 0)
+		if (uio_resid(uio) <= 0 || copied >= max_data_len)
 			break;
 
 		/* allocate a new mbuf if the current is filled */
@@ -956,10 +953,10 @@ tuntap_interface::if_detached()
 	dprintf("tuntap: if_detached\n");
 
 	/* wake unregister_interface() */
-	detach_lock.lock();
+	thread_sync_lock.lock();
 	interface_detached = true;
-	detach_lock.wakeup(&interface_detached);
-	detach_lock.unlock();
+	thread_sync_lock.wakeup(&interface_detached);
+	thread_sync_lock.unlock();
 
 	dprintf("if_detached done\n");
 }
diff --git a/ext/tap-mac/tuntap/src/tuntap.h b/ext/tap-mac/tuntap/src/tuntap.h
index f10d4a067..d5f398d01 100644
--- a/ext/tap-mac/tuntap/src/tuntap.h
+++ b/ext/tap-mac/tuntap/src/tuntap.h
@@ -197,7 +197,7 @@ class tuntap_interface {
 		/* synchronization */
 		tt_mutex lock;
 		tt_mutex bpf_lock;
-		tt_mutex detach_lock;
+		tt_mutex thread_sync_lock;
 
 		/* the interface structure registered */
 		ifnet_t ifp;