From f26025058075d91cd69ac892c373fd1d4d7f605d Mon Sep 17 00:00:00 2001
From: Adam Ierymenko <adam.ierymenko@gmail.com>
Date: Mon, 30 Nov 2015 15:39:34 -0800
Subject: [PATCH 1/7] Simplify IP assignment logic in OSXEthernetTap, also fix
 for GitHub issue #249

---
 osdep/OSXEthernetTap.cpp | 45 +++++++++++++---------------------------
 1 file changed, 14 insertions(+), 31 deletions(-)

diff --git a/osdep/OSXEthernetTap.cpp b/osdep/OSXEthernetTap.cpp
index 6b6f360b3..3e43cf955 100644
--- a/osdep/OSXEthernetTap.cpp
+++ b/osdep/OSXEthernetTap.cpp
@@ -143,7 +143,7 @@ static inline int _intl_getifmaddrs(struct _intl_ifmaddrs **pif)
 			}
 			free(buf);
 			buf = NULL;
-		} 
+		}
 	} while (buf == NULL);
 
 	for (next = buf; next < buf + needed; next += rtm->rtm_msglen) {
@@ -475,37 +475,11 @@ bool OSXEthernetTap::enabled() const
 	return _enabled;
 }
 
-static bool ___removeIp(const std::string &_dev,const InetAddress &ip)
-{
-	long cpid = (long)vfork();
-	if (cpid == 0) {
-		execl("/sbin/ifconfig","/sbin/ifconfig",_dev.c_str(),"inet",ip.toIpString().c_str(),"-alias",(const char *)0);
-		_exit(-1);
-	} else if (cpid > 0) {
-		int exitcode = -1;
-		waitpid(cpid,&exitcode,0);
-		return (exitcode == 0);
-	}
-	return false; // never reached, make compiler shut up about return value
-}
-
 bool OSXEthernetTap::addIp(const InetAddress &ip)
 {
 	if (!ip)
 		return false;
 
-	std::vector<InetAddress> allIps(ips());
-	if (std::binary_search(allIps.begin(),allIps.end(),ip))
-		return true;
-
-	// Remove and reconfigure if address is the same but netmask is different
-	for(std::vector<InetAddress>::iterator i(allIps.begin());i!=allIps.end();++i) {
-		if ((i->ipsEqual(ip))&&(i->netmaskBits() != ip.netmaskBits())) {
-			if (___removeIp(_dev,*i))
-				break;
-		}
-	}
-
 	long cpid = (long)vfork();
 	if (cpid == 0) {
 		::execl("/sbin/ifconfig","/sbin/ifconfig",_dev.c_str(),ip.isV4() ? "inet" : "inet6",ip.toString().c_str(),"alias",(const char *)0);
@@ -524,9 +498,18 @@ bool OSXEthernetTap::removeIp(const InetAddress &ip)
 	if (!ip)
 		return true;
 	std::vector<InetAddress> allIps(ips());
-	if (!std::binary_search(allIps.begin(),allIps.end(),ip)) {
-		if (___removeIp(_dev,ip))
-			return true;
+	for(std::vector<InetAddress>::iterator i(allIps.begin());i!=allIps.end();++i) {
+		if (*i == ip) {
+			long cpid = (long)vfork();
+			if (cpid == 0) {
+				execl("/sbin/ifconfig","/sbin/ifconfig",_dev.c_str(),"inet",ip.toIpString().c_str(),"-alias",(const char *)0);
+				_exit(-1);
+			} else if (cpid > 0) {
+				int exitcode = -1;
+				waitpid(cpid,&exitcode,0);
+				return (exitcode == 0);
+			}
+		}
 	}
 	return false;
 }
@@ -564,7 +547,7 @@ std::vector<InetAddress> OSXEthernetTap::ips() const
 		freeifaddrs(ifa);
 
 	std::sort(r.begin(),r.end());
-	std::unique(r.begin(),r.end());
+	r.erase(std::unique(r.begin(),r.end()),r.end());
 
 	return r;
 }

From c21882da9ce3dca08dc3ca096482ff69b7355e13 Mon Sep 17 00:00:00 2001
From: Adam Ierymenko <adam.ierymenko@gmail.com>
Date: Mon, 30 Nov 2015 16:07:02 -0800
Subject: [PATCH 2/7] Put selftest back and turn off tracing in PortMapper.

---
 osdep/PortMapper.cpp | 2 +-
 selftest.cpp         | 6 ++++--
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/osdep/PortMapper.cpp b/osdep/PortMapper.cpp
index 5c0179312..87c886c2a 100644
--- a/osdep/PortMapper.cpp
+++ b/osdep/PortMapper.cpp
@@ -28,7 +28,7 @@
 #ifdef ZT_USE_MINIUPNPC
 
 // Uncomment to dump debug messages
-#define ZT_PORTMAPPER_TRACE 1
+//#define ZT_PORTMAPPER_TRACE 1
 
 #include <stdio.h>
 #include <stdlib.h>
diff --git a/selftest.cpp b/selftest.cpp
index e68f564cf..4e9219b2e 100644
--- a/selftest.cpp
+++ b/selftest.cpp
@@ -1096,7 +1096,7 @@ int main(int argc,char **argv)
 
 	srand((unsigned int)time(0));
 
-	/*
+	///*
 	r |= testSqliteNetworkController();
 	r |= testOther();
 	r |= testCrypto();
@@ -1106,17 +1106,19 @@ int main(int argc,char **argv)
 	r |= testPhy();
 	r |= testResolver();
 	//r |= testHttp();
-	*/
+	//*/
 
 	if (r)
 		std::cout << std::endl << "SOMETHING FAILED!" << std::endl;
 
+	/*
 #ifdef ZT_USE_MINIUPNPC
 	std::cout << std::endl;
 	std::cout << "[portmapper] Starting port mapper and waiting forever... use CTRL+C to exit. (enable ZT_PORTMAPPER_TRACE in PortMapper.cpp for output)" << std::endl;
 	PortMapper mapper(12345,"ZeroTier/__selftest");
 	Thread::sleep(0xffffffff);
 #endif
+	*/
 
 	return r;
 }

From d73edfea5654665a2b491c4570369d6410363db2 Mon Sep 17 00:00:00 2001
From: Adam Ierymenko <adam.ierymenko@gmail.com>
Date: Mon, 30 Nov 2015 16:12:03 -0800
Subject: [PATCH 3/7] GitHub issue #257

---
 .../Contents/MacOS/ZeroTier One               | Bin 152736 -> 152736 bytes
 .../Contents/Resources/en.lproj/Window.nib    | Bin 3723 -> 3616 bytes
 .../Contents/_CodeSignature/CodeResources     |   4 ++--
 .../src/MacGap/en.lproj/Window.xib            |  16 ++++++++--------
 4 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/ext/mac-ui-macgap1-wrapper/bin/ZeroTier One.app/Contents/MacOS/ZeroTier One b/ext/mac-ui-macgap1-wrapper/bin/ZeroTier One.app/Contents/MacOS/ZeroTier One
index ba15bca9569dfc5ab63846bcca3f8a82c46c8598..8e38b861af65b371afeb86780235a6ab74bc69c0 100755
GIT binary patch
delta 781
zcmV+o1M>W!sR^K|34nwFv;w^?6t`hpX<qGlWXzX}I+j+gnsuTxe7Dgp0wxoGGB7bP
zFflPOI9f0-1_>&LNQU<f0SN>#A_O3)M{p^3aX?#L_o~fPvvg=pnPr&eP*^HEo<HG=
ztZytZ4F(A+hDe6@4FLfG1pows0RVK<2^C^sN-PfZkM1^&L$gxt3g6JWJs7Z|`C7PA
zD?MrF+cdN*f-ezSf5M?D=#X=N4=jbi5(xAv1OH{WA!7Rn;|zr-r)oKIRF6?LborcD
zQY6e#$c_7hRJESLJkwKT^H=r7k~HJd&P0+}<U(Tc_a!P!<80J2EZvkmDrQpAh)y6B
zclyyTlwh{2X~d}Tww$2vdj`Q?p8TlLWL+muuCz_8jVzy=oe~NJ9tj#y!$(@ra<Iui
zNPft)p@>xkMvbS7ah??C!>7x=WIx`~oewVlE$!LwtbydYOInS@T-#%|bpuiXe~Vit
zt3x)`Ltx7D;w!U>Ebm<O1t$G6mqkJXa!Y%GD(?O!?yKceE^ZkaGcVgLD$9zZb0bee
zOzxvru0;X}E5`;W|JDob7!NWqF*PwVFflMNF)=VWS}+3w0RaLD0NB38ijz&GPPYO>
z0;mozGB7bPFflPOI9f0x1_>&LNQU<f0SN>#76cRptdJwN(SbSo$}BEc(@2bviJFg>
z*--*Oe_lh{*!EW*0L~;Qy&uOh;{afE!?I*Nm^z#5endfqq<rSHe&t8P*B>HR*h1O&
zhMz_>!Eozt2%v?32_iCHS8a7Pi4NIJ#4bc(d(Txn7f?8p@(nQ`OScBC5tZNXC?6bB
z0f>_jvcy3j--snzN*m@H7%Vb_v3h&a-Ko;DfANJJGQf|Q+=p6z=2A#5^Hk<aNph1_
z{aV6Kvp%vrN_J@Ci2(V?*P#e6Z-4pIs!aPO^5Ji}is|<KNY#^7&$ryJ>8M)PQvdR8
zI+z15BOo?3X(2rN!BvbgC1HjK#RXpd_qp$mH{!#s#cWP51!1t9jCF`M41xxHbt&9M
L0@2vB(GZ6L7!X<G

delta 781
zcmV+o1M>W!sR^K|34nwFv;w^?6s6HTHswmHwW~hA0}CxvJ~H59H@DF(0wxoGF)=nW
zGBP+dF<LM$1_>&LNQU<f0SN>#A_O3;+yvZjk~1`4ODWiyHD(*SsWV)y>lTNs@hg#7
zNdz=74F(A+hDe6@4FLfG1pows0RUb-guYp>bQ%L**ra%aaot0kE=3q1duYb1C}Z8r
z(SJ@!ll#&4mZ$?T`g}`(0UGFkChl1`0@&{*r_BD_alK+hB7MWe{V<6jS_u>h)y{|z
z%df@Rs8K2!kM8I6m)v4HEPB8B0ONoGvDI24ij(&ogmyK@A_V3QiD=^)sUlwG;a>&U
zy}DwW)Kldeb<F4W*$53Mxx&z9zppQ;o@Kw|!^{W=eKX;-y^JueQ?3V43@4|l>$1h;
zk&TAyZ?h%sOD?ue&BxU}@FO4@Of{(mky)hJv;3&O#LTc%Hz2vKs<UuH?3k8?tv|WZ
zgrS4WL2sCMGH!`hXuo163sxm0mqkJXa!ZSD2LmBA=%oh<FB=rEcR6yi59Kq9tTzIr
z_XVf40>A<YK3jW5pN_k_7!NWqF*PwUF*Y(XGB`CcS}+3w0RaLD0Pk-H`Qe!m)VBgd
z0;mozF)=nWGBP+dF<LMq1_>&LNQU<f0SN>#76cUg#k}Du#6mhvF4+_5QTap2Xf2YL
z*--*Oe?13>qh(CIsExVL=A*-{Us<-pR<4(n8msB`q#4hY7F3<=wIRCX+F{YgezsuL
z&S{$1GDjZ<v42KQ1qF7oofX0te~0*bOWjZVyGcmjUg_dNGmF$BpJc>p=@x!`OU(_X
z`LR@Y?IK+_nRMksTAvNLb;?%<B+`UUxi&3uf6(v1RAQqc1Tqzu)m>e%E^`@dWVFx7
z8N2UxL#`efyU!w1R<o2|Y=O<@aGouZX8{9k!TLqYIcJGJe16FvCJF~3Cl-MOZ+SCt
z7*xGlb7!j(EG|9DtTKrkT-M$Z3t#;Qu&PMCf&S+_$=f3D3IzL#I^TznTX#g9y`*8c
L0_MxJ(GZ6L)xube

diff --git a/ext/mac-ui-macgap1-wrapper/bin/ZeroTier One.app/Contents/Resources/en.lproj/Window.nib b/ext/mac-ui-macgap1-wrapper/bin/ZeroTier One.app/Contents/Resources/en.lproj/Window.nib
index 69258da62787e6c35d345a6ef35e840442e36cb3..e7b174a1cf86213f8e5a903054b495620c798d71 100644
GIT binary patch
delta 2245
zcmZWp3v?9K8UF6f+?|;_V1`E^1c8J=Adtr<AtWdSl3+-9EGZikNFZT18DL>e;$|U)
z820)oR<TuF#0MZDiBeDy0eRV0t5}W-1rjjWa?n;#Yi%hi<p^!<-K+_mcFwtv|K9(8
z|M$OU{jiohpBf~mlC%v&#s(Zvp<x8#Fbd<4f;n(tE{d=S6{tiNR^u@|j`er~KgTcd
zB%Z<sJdGeW;u&nhv)C-&Z^2fy;g@(7dvO4VaRk4@ukjnag?I2i&Y%My;g7h0KjF{#
z8~%<f_y@kjP5cKx3@3zWWFUz_0f{9eNgNqPMw56lhKwcSN%DqER|X{W96pub&1Z8e
z#w<REPYZrd__X1lm=Ule6=_Jv1Y}?$GLeP;n1s7<Hzs2WvN09Ykb_+0VY(Rkn1KQm
zVx~Bs9o#1+jb7kz&T*}Fde&Hr9L`ctO?7QUvB&SV7WPOb9;+dkEe{LcArA>Imxl(+
z<%nR5Jf~_r*Er*eI#1-|c#<jgk68_Hox_Z%G^3iDGE?n|G3n`(niFH1GVEe6rsn37
zu#NdW@Ll+cU>t*aaH1IZq6DRwj|GBXITi-JN};<CPv8dc%h8X3k1fxut?^qm{t&Ga
zhcmQvV7!1>4EJ`p_#J%A1ysYr5-i0saqhu#0qhjeE8rDDs6nlm?-%=A_{CU-hTvej
zbXu&=NAeh*$Maau`jP&^w-G!djNORjJy?S#Jb-4bMF1QR;vqbYNAOdu!=v2f{enkn
z^#1d76$w0t=SB49tn|CwUdw6u+wdG-K*GHarx40+#iFPaFA9R&gs<DtT2@#s-102(
zSiX`Hmv^OA&%sCYxK6Zp`}Y!F#*R{lGkJy8Sl`mZM|EH{;;|FED$N1C=B9h9f+tly
zuoJH!L9h_A-&0%T@->FlcVkaQspT&6SxYRRRa0fvx8gM<{Lfif_jT+m6}q7ix8rru
z4*QW%?r_et>g#H2sx4nw>kS;N=ry0?^SK(^@J0ZKkRZr*%eT24esUCViYIwqSAD&+
z!Btmh`C4%l36<ucrY2D*_E5#7PD&Ho)YQzZ=H^OM$oAVmadW$9Z!QTx4CB9z{NGlZ
zW>1L~Tldv@U4E+-ZzCa`(0Ac($1%Kz-{Ck<;c0vVpUB6Y#RvEhCqzyLio!UB)4{&_
z$N=MZo?2dYtL(x?I&rqr9O!U5Jnp$GMZ@?-Vb)kx{#sufI&n_KwEM32^mgzhe2mjv
z;x?YnQ%f4UyYAL~E?oFT+%r+k89Y9<v>}{?E<vw9KI^7<373(CFYu+H`W60)uY+gx
ziN;-~Bv3Q?B%T$FWQzh<@lB-}+07$Y81d9B?WNO(tN8Z+NQR?x4L92HPk}F(@X3N@
zh)H&b=+gf97e?|aToFHuoVq%%r^*#7uW&>T5wwQ#-VH(|+z7M_b^}8=f>p>{7D5rt
zN_5=VDQ<qW(VGdW*IG|be$<Z?`eYCpOrppT5>1AZJIOFIoagd9KAqpg^Z5*3zzg|I
zo^29SHWibaHd8G&HB%28On|$Ej|uM+aib+fM6?e{A$F0c!rZy;<sx^}U4B<9NePu=
zgu^+@YP70zd{xUlt3<JrbTWa&kc{9v#^k_7Tq6AhnRsz}4{?%O@(|fV4wJXY2jm3#
zJvmJ}$XW6cIZysTE|81lQ}P#bja(<+OMRqBDMm_=vZN_ezBE@VlNL#pl1pllc1tIv
zF6pxLjT|Az%XxB<?3TUq8hM@kg1kk3QEri2<#zdHd563+AipB-mS2+($Oq-a@=^Jm
zd_lgfNJ^9vr(`JE%1mXp;!ui|c}lTTsw_|}#jC7TRx4|i2bA5)A?1W}Uin<Ps@$Y1
z9Y7=LAR0xZ=}<b1j-au06pg22={TBBi|9OBOiSo|T1FSr3c8rOX*FF!1Iy@g>ZLXG
zNxFj`qgQPawpiN~TY=4M`<ZR4?TD?@cG32Q?K|5|m8gBxzG}2OT1`}wRlAy|PE}{9
z1!|!>OD$HHtM{vG)koD$>SlG9x?g=$J*J*kKUTj~uc+5GNi(!)ZG@Jkm1}Nog|=3E
zSbIWyMte4(J+E!nwrbn7z1k7&xOPfAqjhTMv@Y#4?Q31unLb1xrzh&kx?NAxC+Rcw
z*}6k7(&y=AdV{`6Z_#(@uj+gBz4|`=fPPRvtY6Z<Vi7Eg*;yvbXLH$nR>l^x3bvTJ
z*$Q?at7Xk>9b3;fvaM_z3v6d?>?O8??Pc$>_t<gvKKqcJWT)5}*2&JXF7_$=mR)1l
z+4t-w`#1Z+AckyELp5~6F!~x1Mn7YK5oruIVvJZL&PX(pj1(iwm|@H|DvYJZBgWI{
R{v;{9l8NE9XO@hO{{<7IY={5=

delta 2340
zcmZWp33yc175?vg@6KCpfS0hz5(p5Gfg}te5W*5k!WMx^%s?Uu5GKhZ42+XF*`SDX
zrBFbMh=XXYOH61fRTM#FkwtMSQmQnhh(LjlQa?&T1W{y@-pM49ug>?~_s+fN%zys#
zpL1Vr_f^r)c9K)bh_zk%2Ofb64L#8Zu^50saA7K@As2ag6c*;76!XEc7SADwb$A}@
z@d94N@9+|SkC*WZUd3yu7Z@Ax2fTqTco#dd2Or==e2h=<DgJ_k_$wN40w-|>=kae`
z#DDPvZs14U#NAk;5S3`eAdw`R*x@7t$UqWD;*moV$ROe%L&&hTr?0dh%*XO{p31X0
z70b!9c}DOo;ge&|m{D+GFcL8YNf?S@NXBraU<9Ht5~DC0sdxxukcM<*U@XRAJSJcw
zGV!ojlQ9KOWFcF4bAq)}{J@z`SDwdLQdTq7Q|Yy)J6%)U3tXOGSu<MBb3Il~=-A^6
zGC8_ur<U`KGGC?Tt85N0G`ogl66DyVkm+79zRK%$75gpA*BlyxEi``t;PHhV!E8Be
zxW*HB1drFb!3Xg;u^gP4QdG<Wfa@HlT4+A7Xi@TDM_f$ekd(!7F^h&egq<AxyWC+&
ze)GoRSbU%PC8i5yVvvsl%)m^{LLp|uE$S~uNl;QUi`w#mybW*15lO%Y6f~0!m7VK!
zg<cI9C?Muy-s|viliN?hi^t$Y8Op`^<M0dM0s&otN+ESMYQ%G)u*cyEv7SUAxLGO9
z@1yfr-dpGWc^@7TNuordy?A68`za*6g(dhkmSP!xgXLI(m3SJf@LR0LGg!l;czfP~
zcjTRTXZ`^1!n^WrygQHPJ$O$Zv&~1VNuU<5i=IuXs&p55EtgeUk6P5hKF#S8oBIUG
zK8imI+8c!eoABrS%o5Q=&m52C&&_pvtE>tR{vhvr6mK?Fy%}%e?L4O|VZODnqPCXz
zYd~N0!#mhoXtr-nH`Y@eQRyl3x%~_4g>PH1Ozjxhj`wEeSw-1?YmVi&e8pBp9d^L}
ze`jI5UD%x`Vnb?gz%FqQ--o@x>B_Mx%FBEumOmV|7yD+l=1lYZ-6Gpw?1x<tY}(#e
zW<%E|q6hGi_)CV@T~XnxahI1{{yH28Mr+;Xx5OqUwvLN1a~Fwuax4z#`wWK)O|xa-
zr&^Ddd)<{*9X^9S+_%G+w*h~{=lB9gcp@LllX(iaH{vK7@ed(#2hsoI_$s(X>)kbi
z58+7##o=2M9;=X&r|{3<C9O-~6iy3moGz!QNKBy5Dy}T^-wzazbNGr&+{TCTq}-aO
zEBmv596Y!n{1IY4hx4Sony{8%3MNsw)Wqg8zCk>`#Z|%TJ6y;2g=Y7rbm;=i6I`m>
z*=SP|8Ak9?d}MH^J~MC&w+qdVKL`0rTdCFK7Vi9la9EX}h`a&!L^8pOKO`83Sfw?H
zOBh8cdh;<{5nr9O@^Y`I*c}?1u-f~HUKeU+69{2M4r~xqJA`lqt5D?;Arx^JNfePc
z2~Ts5)(%Lm*;;zh9N$C4lb$4o^dh}U9}-LYl78etK8}y)6Zk})$sgvE_+&nXr<uf*
zO~s_9&D3&CJ)CYZ=GF3MUP(l*4bc$2BgtgA=vZcYR?$4sud(h*cO6NFz0hpubWO4r
zS|w@z;<=t`F}`FZ8Aa@5bg-0-3Y^D9(wX!SpZydviA*O|WCf`s`^YEc2x%aV<QO?l
zPLNaNG&xJok@Mtha)sO`cgZ~|O6n%{lLkqtQie2HnkLPbiX}@bm9|Rzr8ClH>4vPx
zZRNgls$3w?m6yq{%3I{!@<F*#z93(eFUjA?-^$kl@^$%p`G$N`zAfLC?<qu)6-_ae
z2&JuJR~$-;GFHh_yvh<~wep(sC*@t`J!Pk|TiK)RQ$AEaQoc}*DQA>(%6a8$+L`vE
z!)Q9qrUlfZkJH68KsjAPm(pc)IbBIt(P!wh^f|hYzCw4?J#-)afCdiGkLjoMAU#A6
z)6eM<+CUrWF?yWdv_;wyYz4N3wpF%`wym~fwri@Y_EATx6V*r5S*oSZSF6<;b*Z{W
zU9Y~VzNEgaZc^V-x2oIJ?dm?YQ9Y?%P_JsxsMbM?*7|A*+6XN}%h9H5Zq2JzX-l=0
zT3tZftnJkHYX`NH+F9*C+BNOE_Jj7Lc1ydXx6wQ4v3i`IpgZ(LJxL#<XX>-{QoUMV
zuCLTr>8tfM`g(n%zDa*W->ko_@6a3d@ASKdYUl<t+8FJONTa>c(MU5U7+#~wSZ%B`
z>Ww#z?Zyscm+`)_*Vu0a4jPAy!^R2YU&aOFs&UJ>WBkOxB&M)7EQa-Fv8*5K&jzqK
zmcSe=ktMOwESu%9sVtX0%JSI^HjB+>MXZF)VRP9$=4C!s&irf<dxAa5ma`S?X%=L4
bY$Myn4zM%qGMavp6n;mM)UeU=WLN$NVzHkB

diff --git a/ext/mac-ui-macgap1-wrapper/bin/ZeroTier One.app/Contents/_CodeSignature/CodeResources b/ext/mac-ui-macgap1-wrapper/bin/ZeroTier One.app/Contents/_CodeSignature/CodeResources
index 145569235..5e334db0c 100644
--- a/ext/mac-ui-macgap1-wrapper/bin/ZeroTier One.app/Contents/_CodeSignature/CodeResources	
+++ b/ext/mac-ui-macgap1-wrapper/bin/ZeroTier One.app/Contents/_CodeSignature/CodeResources	
@@ -39,7 +39,7 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			7dgumnPDtoIzhi9QoaFhDvCo9ys=
+			aP0mIANPPnnTMmxYlELioz9ZO1I=
 			</data>
 			<key>optional</key>
 			<true/>
@@ -82,7 +82,7 @@
 		<dict>
 			<key>hash</key>
 			<data>
-			7dgumnPDtoIzhi9QoaFhDvCo9ys=
+			aP0mIANPPnnTMmxYlELioz9ZO1I=
 			</data>
 			<key>optional</key>
 			<true/>
diff --git a/ext/mac-ui-macgap1-wrapper/src/MacGap/en.lproj/Window.xib b/ext/mac-ui-macgap1-wrapper/src/MacGap/en.lproj/Window.xib
index 2c46b79fd..fa70acaa5 100644
--- a/ext/mac-ui-macgap1-wrapper/src/MacGap/en.lproj/Window.xib
+++ b/ext/mac-ui-macgap1-wrapper/src/MacGap/en.lproj/Window.xib
@@ -13,22 +13,22 @@
             </connections>
         </customObject>
         <customObject id="-1" userLabel="First Responder" customClass="FirstResponder"/>
-        <customObject id="-3" userLabel="Application"/>
+        <customObject id="-3" userLabel="Application" customClass="NSObject"/>
         <window title="Window" allowsToolTipsWhenApplicationIsInactive="NO" autorecalculatesKeyViewLoop="NO" oneShot="NO" animationBehavior="default" id="1">
-            <windowStyleMask key="styleMask" titled="YES" closable="YES" miniaturizable="YES"/>
-            <rect key="contentRect" x="575" y="564" width="500" height="700"/>
+            <windowStyleMask key="styleMask" titled="YES" closable="YES" miniaturizable="YES" resizable="YES"/>
+            <rect key="contentRect" x="575" y="564" width="500" height="500"/>
             <rect key="screenRect" x="0.0" y="0.0" width="1920" height="1178"/>
-            <value key="minSize" type="size" width="500" height="700"/>
-            <value key="maxSize" type="size" width="500" height="700"/>
             <view key="contentView" id="2" customClass="ContentView">
-                <rect key="frame" x="0.0" y="0.0" width="500" height="700"/>
+                <rect key="frame" x="0.0" y="0.0" width="500" height="500"/>
                 <autoresizingMask key="autoresizingMask"/>
                 <subviews>
                     <webView id="5">
-                        <rect key="frame" x="0.0" y="0.0" width="500" height="700"/>
+                        <rect key="frame" x="0.0" y="0.0" width="500" height="500"/>
                         <autoresizingMask key="autoresizingMask" widthSizable="YES" heightSizable="YES"/>
                         <animations/>
-                        <webPreferences key="preferences" defaultFontSize="12" defaultFixedFontSize="12"/>
+                        <webPreferences key="preferences" defaultFontSize="12" defaultFixedFontSize="12">
+                            <nil key="identifier"/>
+                        </webPreferences>
                     </webView>
                 </subviews>
                 <animations/>

From be44b15eacc7f34365d86e717e847b86000cbec4 Mon Sep 17 00:00:00 2001
From: Adam Ierymenko <adam.ierymenko@gmail.com>
Date: Mon, 30 Nov 2015 16:15:23 -0800
Subject: [PATCH 4/7] Fix for GitHub issue #252

---
 ext/installfiles/linux/DEBIAN/control.in | 1 +
 1 file changed, 1 insertion(+)

diff --git a/ext/installfiles/linux/DEBIAN/control.in b/ext/installfiles/linux/DEBIAN/control.in
index d774b61e9..dab6587f5 100644
--- a/ext/installfiles/linux/DEBIAN/control.in
+++ b/ext/installfiles/linux/DEBIAN/control.in
@@ -3,6 +3,7 @@ Architecture: __ARCH__
 Maintainer: ZeroTier, Inc. <contact@zerotier.com>
 Priority: optional
 Version: __VERSION__
+Installed-Size: 1024
 Homepage: https://github.com/zerotier/ZeroTierOne
 Description: ZeroTier One network virtualization service
  ZeroTier One is a fast, secure, and easy to use peer to peer network

From 944fdfb65e260ed58a91097e42747ccb80c06f6f Mon Sep 17 00:00:00 2001
From: Adam Ierymenko <adam.ierymenko@gmail.com>
Date: Mon, 30 Nov 2015 16:44:32 -0800
Subject: [PATCH 5/7] Low-impact sanity check against GitHub issue #247 -- will
 likely prevent other weird recursions too.

---
 service/OneService.cpp | 22 +++++++++++++++++++++-
 1 file changed, 21 insertions(+), 1 deletion(-)

diff --git a/service/OneService.cpp b/service/OneService.cpp
index 3d0272376..33fb26acb 100644
--- a/service/OneService.cpp
+++ b/service/OneService.cpp
@@ -340,6 +340,26 @@ public:
 static BackgroundSoftwareUpdateChecker backgroundSoftwareUpdateChecker;
 #endif // ZT_AUTO_UPDATE
 
+static bool isBlacklistedLocalInterfaceForZeroTierTraffic(const char *ifn)
+{
+#if defined(__linux__) || defined(linux) || defined(__LINUX__) || defined(__linux)
+	if ((ifn[0] == 'l')&&(ifn[1] == 'o')) return true; // loopback
+	if ((ifn[0] == 'z')&&(ifn[1] == 't')) return true; // sanity check: zt#
+	if ((ifn[0] == 't')&&(ifn[1] == 'u')&&(ifn[2] == 'n')) return true; // tun# is probably an OpenVPN tunnel or similar
+	if ((ifn[0] == 't')&&(ifn[1] == 'a')&&(ifn[2] == 'p')) return true; // tap# is probably an OpenVPN tunnel or similar
+#endif
+
+#ifdef __APPLE__
+	if ((ifn[0] == 'l')&&(ifn[1] == 'o')) return true; // loopback
+	if ((ifn[0] == 'z')&&(ifn[1] == 't')) return true; // sanity check: zt#
+	if ((ifn[0] == 't')&&(ifn[1] == 'u')&&(ifn[2] == 'n')) return true; // tun# is probably an OpenVPN tunnel or similar
+	if ((ifn[0] == 't')&&(ifn[1] == 'a')&&(ifn[2] == 'p')) return true; // tap# is probably an OpenVPN tunnel or similar
+	if ((ifn[0] == 'u')&&(ifn[1] == 't')&&(ifn[2] == 'u')&&(ifn[3] == 'n')) return true; // ... as is utun#
+#endif
+
+	return false;
+}
+
 static std::string _trimString(const std::string &s)
 {
 	unsigned long end = (unsigned long)s.length();
@@ -753,7 +773,7 @@ public:
 					if ((getifaddrs(&ifatbl) == 0)&&(ifatbl)) {
 						struct ifaddrs *ifa = ifatbl;
 						while (ifa) {
-							if ((ifa->ifa_name)&&(ifa->ifa_addr)) {
+							if ((ifa->ifa_name)&&(ifa->ifa_addr)&&(!isBlacklistedLocalInterfaceForZeroTierTraffic(ifa->ifa_name))) {
 								bool isZT = false;
 								for(std::vector<std::string>::const_iterator d(ztDevices.begin());d!=ztDevices.end();++d) {
 									if (*d == ifa->ifa_name) {

From ceaef19fb70523852441c8dd3ba647fa6ad217b9 Mon Sep 17 00:00:00 2001
From: Adam Ierymenko <adam.ierymenko@gmail.com>
Date: Mon, 30 Nov 2015 17:20:12 -0800
Subject: [PATCH 6/7] Fix for GitHub issue #260 -- fix for (non-exploitable)
 crash in network preferred relay code

---
 node/Peer.hpp   |  1 -
 node/Switch.cpp | 10 ++++++----
 2 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/node/Peer.hpp b/node/Peer.hpp
index 7b8d18eae..5816db69f 100644
--- a/node/Peer.hpp
+++ b/node/Peer.hpp
@@ -263,7 +263,6 @@ public:
 		return (l * (((unsigned int)tsr / (ZT_PEER_DIRECT_PING_DELAY + 1000)) + 1));
 	}
 
-
 	/**
 	 * Update latency with a new direct measurment
 	 *
diff --git a/node/Switch.cpp b/node/Switch.cpp
index 74e2f4c61..bf0d1aff1 100644
--- a/node/Switch.cpp
+++ b/node/Switch.cpp
@@ -820,10 +820,12 @@ bool Switch::_trySend(const Packet &packet,bool encrypt,uint64_t nwid)
 				for(std::vector< std::pair<Address,InetAddress> >::const_iterator r(nconf->relays().begin());r!=nconf->relays().end();++r) {
 					if (r->first != peer->address()) {
 						SharedPtr<Peer> rp(RR->topology->getPeer(r->first));
-						const unsigned int q = rp->relayQuality(now);
-						if ((rp)&&(q < bestq)) { // SUBTILE: < == don't use these if they are nil quality (unsigned int max), instead use a root
-							bestq = q;
-							rp.swap(relay);
+						if (rp) {
+							const unsigned int q = rp->relayQuality(now);
+							if (q < bestq) { // SUBTILE: < == don't use these if they are nil quality (unsigned int max), instead use a root
+								bestq = q;
+								rp.swap(relay);
+							}
 						}
 					}
 				}

From a4cfe4cd1650ea7e9aada0b004fd7aade2e43ced Mon Sep 17 00:00:00 2001
From: Adam Ierymenko <adam.ierymenko@gmail.com>
Date: Tue, 1 Dec 2015 10:19:10 -0800
Subject: [PATCH 7/7] Fix Linux init script to properly specify runlevels.

---
 ext/installfiles/linux/init.d/zerotier-one | 19 +++++++++----------
 1 file changed, 9 insertions(+), 10 deletions(-)

diff --git a/ext/installfiles/linux/init.d/zerotier-one b/ext/installfiles/linux/init.d/zerotier-one
index c8e7615e1..b0a8aa418 100755
--- a/ext/installfiles/linux/init.d/zerotier-one
+++ b/ext/installfiles/linux/init.d/zerotier-one
@@ -7,21 +7,20 @@
 #              networks. See https://www.zerotier.com/ for more information.
 
 ### BEGIN INIT INFO
-# Provides: zerotier-one
-# Required-Start: $local_fs $network
-# Required-Stop: $local_fs
-# Default-Start:  2345
-# Default-Stop: 90
-# Short-Description: start ZeroTier One
-# Description: ZeroTier One provides public and private distributed ethernet \
-#              networks. See https://www.zerotier.com/ for more information.
+# Provides:          zerotier-one
+# Required-Start:    $local_fs $network
+# Required-Stop:     $local_fs
+# Default-Start:     2 3 4 5
+# Default-Stop:      0 1 6
+# Short-Description: Start ZeroTier One
+# Description:       ZeroTier One provides public and private distributed ethernet \
+#                    networks. See https://www.zerotier.com/ for more information.
 ### END INIT INFO
 
 #
 # This script is written to avoid distro-specific dependencies, so it does not
 # use the rc bash script libraries found on some systems. It should work on
-# just about anything, even systems using Upstart. Upstart native support may
-# come in the future.
+# just about anything.
 #
 
 zthome=/var/lib/zerotier-one