How to Automate Managing Gateway Servers in K8s Environment (using OpenResty Edge)
ChangeLog for 1.21.4.x
Johnny Wang , 21 Jul 2024 (created 13 May 2022)Version 1.21.4.4 - 19 Jul 2024
- upgraded LuaJIT to v2.1-20230410.1.
- bugfix: disable hash computation optimization because of the possibility of severe degradation (CVE-2024-39702). This issue originates from the OpenResty LuaJIT branch. Thanks Zhongwei Yao from Kong INC. for reporting the issue, and thanks lijunlong for the patch.
Version 1.21.4.3 - 7 Nov 2023
- bugfix: applied the patch for security advisory to NGINX cores. (CVE-2023-44487).
Version 1.21.4.2 - 19 Jul 2023
win32/win64: upgraded zlib to 1.2.13.
win32/win64: upgraded OpenSSL to 1.1.1t.
upgraded lua-nginx-module to v0.10.25
- bugfix: used after free when encountering invalid http IF-Match header. Thanks lijunlong for the patch.
- bugfix: ssl_client_hello_by_lua generating chunk cache key and chunk name. Thanks willmafh for the patch.
- bugfix: cosocket did not exit when
worker_shutdown_timeout
handler is called. Thanks lijunlong for the patch. - feature: implement HTTP 3.0 support for
ngx.req.http_version()
. Thanks Yu.Zhu for the patch. - bugfix: fix receiveuntil rest bytes count. Thanks ZongRun for the patch.
- bugfix: add a timed recycling child process as a last resort. Thanks lijunlong for the patch.
- feature: add new FFI API
ngx_http_lua_ffi_msec
. Thanks lijunlong for the patch. - bugfix: did not wakeup coroutine when worker thread finished. Thanks kingluo for the patch.
- feature: add
ngx_http_lua_ffi_worker_pids
to get all workers pid map. Thanks attenuation for the patch. - bugfix:
run_worker_thread
arg is self-reference. Thanks fesily for the patch. - feature: introduced new API
tcpsock:bind()
. Thanks lijunlong for the patch. - feature: add
shdict
APIs into worker thread. Thanks jinhua luo for the patch. - bugfix: set flags for Darwin arm64. Thanks lijunlong for the patch.
- bugfix: improved handling of multiple headers changed in nginx 1.23.0. Thanks Hiroaki Nakamura for the patch.
- change: increased the maximum size to 65536 for the udp datagram. Thanks lijunlong for the patch.
- optimize: destroy pipe proc when freeing the request. Thanks lijunlong for the patch.
- optimize: add error log when closing the pipe failed. Thanks lijunlong for the patch.
- bugfix: fix potential null pointer dereference found by Coverity. Thanks Ilya Shipitsin for the patch.
- optimize: fixed dead code found by Coverity. Thanks Ilya Shipitsin for the patch.
- feature: in
content_by_lua_file
, return 503 for file read error. Thanks jizhuozhi for the patch. - bugfix: Apple Silicon FFI ABI limitation workaround. Thanks Chrono for the patch.
- bugfix: failed to compile when nginx https is disabled. Thanks lijunlong for the patch.
- feature: add
server_rewrite_by_lua*
. Thanks xiaobiaozhao for the patch. - cosocket: add function
tcpsock:setclientcert
, reimplementedtcpsock:sslhandshake
with FFI. Thanks Datong Sun for the patch. - optimize: use
ngx_hash_t
to optimize the built-in header look-up process forngx.header.HEADER
. Thanks lijunlong for the patch. - feature: add FFI implementation for
ngx.arg
getter. Thanks 罗泽轩 for the patch. - bugfix: fixed size of the array when initialized in the
init_worker_by*
phase. Thanks Jiahao Wang for the patch. - bugfix: ambiguous error message 'connection in dubious state' when connection is closed. Thanks lijunlong for the patch.
- bugfix: passing the wrong chunkname argument to
luaL_loadbuffer
. Thanks lijunlong for the patch. - optimize: change lua chunkname to config filename and line number for
{init,header_filter,body_filter}_by_lua_block
and so on. Thanks lijunlong for the patch. - change: the error message should use the first line rather than the last line of the code block when loading lua code block fails. Thanks lijunlong for the patch.
- bugfix: segment fault when get header via
ngx.req.raw_header
with malformed requests. Thanks Gordon McKinney for the patch. - change: remove useless code for get old_cpath. Thanks Tinglong Yang for the patch.
- bugfix:
ngx.run_worker_thread
injected API into the wrong table. Thanks jinhua luo for the patch. - feature: add API to fetch raw nginx SSL pointer of the downstream request. Thanks James Callahan for the patch.
- feature: SSL/TLS: support for passphrase protected key. Thanks lijunlong for the patch.
- feature: expose the 'Last-Modified' response header as
ngx.header["Last-Modified"]
. Thanks lijunlong for the patch. - bugfix: posted event handler was called after event memory was freed. Thanks lijunlong for the patch.
- optimize: don't calculate hash when clearing the request header. Thanks spacewander for the patch.
- feature: check the number of parameters for
ngx.thread.wait
. Thanks tan jinhua for the patch. - change: use
nil
instead offalse
whenlpush
&rpush
overflow. Thanks yang.yang for the patch. - feature: prevent calling
ngx.exit()
with invalid values. Thanks Thibault Charbonnier for the patch. - feature: added FFI-based function
ngx_http_lua_ffi_req_is_internal
. Thanks chronolaw for the patch. - feature: added http const
HTTP_NOT_IMPLEMENTED
. Thanks Landon Manning for the patch.
upgraded stream-lua-nginx-module to v0.0.12
- feature: introduced new API
ngx_stream_lua_ffi_monotonic_msec
. Thanks lijunlong for the patch. - feature: add
CONTEXT_YIELDABLE
constant to stream subsys. Thanks 罗泽轩 for the patch. - bugfix: wrong size for the pending timers. Thanks lijunlong for the patch.
- feature: add
ngx_stream_lua_ffi_worker_pids
to get all workers pid map. Thanks attenuation for the patch. - bugfix: Apple Silicon FFI ABI limitation workaround. Thanks Chrono for the patch.
- feature: SSL/TLS supports passphrase protected private key. Thanks lijunlong for the patch.
- bugfix: posted event handler was called after event memory was freed. Thanks lijunlong for the patch.
- feature: introduced new API
upgraded lua-resty-core to v0.1.27
- optimize: avoid NYI in the
get_string_buf
function. Thanks Jiahao Wang for the patch. - feature: implemented
monotonic_msec()
andmonotonic_time()
inresty.core.time
. Thanks lijunlong for the patch. - bugfix: get
ngx_lua_version
before 'not ngx.config'. Thanks willmafh for the patch. - feature: add
ngx.worker.pids
to get all workers pid map. Thanks attenuation for the patch. - optimize: destroy pipe when freeing request. Thanks lijunlong for the patch.
- optimize: localize
pcall
function inbase.lua
to improve performance. Thanks Chrono for the patch. - feature: implemented
get_supported_versions()
inclienthello
phase. Thanks Attenuation for the patch. - bugfix: Apple Silicon FFI ABI limitation workaround. Thanks Chrono for the patch.
- bugfix: did not get the correct error message for when require module. Thanks lijunlong for the patch.
- feature: added support for
ssl_server_rewrite_by_lua
. Thanks lijunlong for the patch. - cosocket: add function
tcpsock:setclientcert
, reimplementedtcpsock:sslhandshake
with FFI. Thanks Datong Sun for the patch. - feature: provide a way to reuse table in
ngx.req.get_uri_args
. Thanks 罗泽轩 for the patch. - feature: add FFI implementation for
ngx.arg
getter. Thanks 罗泽轩 for the patch. - optimize: localize
bit.bor
inclienthello.lua
to improve performance. Thanks Chrono for the patch. - optimize: reimplemented the coroutine wrapper using the FFI API. Thanks lijunlong for the patch.
- feature: support passphrase protected private key. Thanks lijunlong for the patch.
- feature: reimplemented
ngx.req.is_internal
with LuaJIT FFI. Thanks chronolaw for the patch. - optimize: removed the extra return. Thanks lijunlong for the patch.
- optimize: avoid NYI in the
upgraded luajit2 to v2.1-20230119
- Avoid negation of signed integers in C that may hold INT*_MIN.
- Correct fix for stack check when recording BC_VARG.
- Disable FMA by default. Use -Ofma or jit.opt.start("+fma") to enable.
- FFI: Fix dangling reference to CType. Improve checks.
- ARM64: Fix code generation for IR_SLOAD with typecheck + conversion.
- Avoid assertion in case of stack overflow from stitched trace.
- Ensure correct stack top for OOM error message.
- ARM64: Fix IR_SLOAD assembly.
- Fix trace join to BC_JLOOP originating from BC_ITERN.
- bugfix: fix
math.floor()
andmath.ceil()
. Thanks Aditya Bisht for the patch. - Add -F option to override filename in jit.bcsave (luajit -b).
- Patch luajit.pc with INSTALL_INC, if customized.
- LJ_GC64: Fix
lua_concat()
. - Prevent use of RTLD_DEFAULT when NO_RTLD_DEFAULT is defined.
- Improve GC estimation for userdata with attached managed memory.
- Add missing GC steps to string buffer methods.
- x86/x64: Limit VLOAD fusion to simple cases.
- OSX/iOS/ARM64: Fix generation of Mach-O object files.
- Prevent trace start at BC_ITERL after compiled BC_ITERN.
- ARM64: Allow building with unwinding disabled.
- FFI: Fix sizeof expression in C parser for reference types.
- FFI: Fix ffi.alignof() for reference types.
- FFI: Allow ffi.metatype() for typedefs with attributes.
- OSX/iOS/ARM64: Fix bytecode embedding in Mach-O object file.
- LJ_GC64: Fix IR_VARG offset for fixed number of results.
- x86/x64: Fix math.ceil(-0.9) result sign.
- Make embedded bytecode readable and forward-compatible.
- Update console build instructions.
- Avoid zero-sized arrays in jit_State.
- Don't use jit_State during build with JIT disabled.
- DynASM/ARM64: Fix LSL/BFI* encoding with variable registers.
- Fix ITERN loop detection when hook checks are enabled.
- Prevent C compiler undefined-behavior optimization.
- Fix alias analysis for table length forwarding.
- Fix loop initialization in table.foreach().
- LJ_GC64: Fix HREFK optimization.
- Fix recording of __concat metamethod.
- Cleanup of system and architecture support docs.
upgraded resty-cli to v0.29
- change: save the original
ngx.exit
tongx.orig_exit
. Thanks lijunlong for the patch.
- change: save the original
upgraded lua-cjson to 2.1.0.11
- bugfix: empty_array can not work on Apple because cjson did not compare light userdata address with masked address. Thanks Datong Sun for the patch.
- bugfix: windows luarocks doesn't export
cjson.safe
. Thanks momoterraw for the patch.
upgraded headers-more-nginx-module to v0.34
- bugfix: nginx crash when accessing uninitialized pointer. Thanks lijunlong for the patch.
- bugfix: update handling of multiple headers changed in nginx 1.23.0. Thanks Hiroaki Nakamura for the patch.
- bugfix: fixed build error with nginx >= 1.23.0. Thanks somni for the patch.
upgraded lua-resty-upstream-healthcheck to v0.07
- change: improved healthcheck status for prometheus. Thanks Jonas Badstübner for the patch.
- bugfix:
opts.host
has not been assigned to ctx. Thanks yueziii for the patch. - feature: allowing check on different port. Thanks Franck Lombardi for the patch.
- feature: add HTTPS health check. Thanks Yannic Rieger for the patch.
- feature: add prometheus metrics format status. Thanks Yannic Bastian Rieger for the patch.
upgraded opm to v0.0.7
- change: web: show the package installation command in the package details page. Thanks guisheng zhou for the patch.
- bugfix: 'install_dir' should not be
/usr/local/openresty/site
but/usr/local/openresty/bin
. Thanks lijunlong for the patch. - feature: web: support github login and deferred deletion. Thanks xlibor for the patch.
upgraded ngx_devel_kit to v0.3.2
- change: fixed a typo in
ndk_upstream_list.c
. Thanks lijunlong for the patch.
- change: fixed a typo in
upgraded lua-resty-lock to v0.09
- optimize: return setmetatable is NYI. Thanks lijunlong for the patch.
upgraded srcache-nginx-module to v0.33
- bugfix: update handling of cache_control changed in nginx 1.23.0. Thanks Hiroaki Nakamura for the patch.
- change: add status code 307, 308 to the default value of
srcache_store_statuses
. Thanks Jérémy Lal for the patch.
upgraded lua-resty-websocket to v0.10
- feature: add mtls client cert support. Thanks Qi for the patch.
- optimize: localize some
ngx.*
API to improve performance. Thanks Chrono for the patch. - bugfix: default to port 443 for wss urls. Thanks John Regan for the patch.
upgraded lua-resty-lrucache to v0.13
- optimize: remove NYI call in lurcache. Thanks lijunlong for the patch.
upgraded lua-resty-upload to v0.11
- feature: add an option to preserve body. Thanks Suika for the patch.
upgraded lua-resty-memcached to v0.17
- optimize: return
setmetatable
is NYI which can not be jit compiled. Thanks lijunlong for the patch. - optimize: reuse the
cmd_tab
to minimize the gc. Thanks lijunlong for the patch. - feature: implemented
{init,commit,cancel}_pipeline()
. Thanks syz for the patch. - feature: add support for connecting over TLS. Thanks Alessandro Ghedini for the patch.
- optimize: return
upgraded echo-nginx-module to v0.63
- optimize: fix potential null pointer dereference found by Coverity. Thanks Ilya Shipitsin for the patch.
- bugfix: fix potential null pointer dereference found by Coverity. Thanks Ilya Shipitsin for the patch.
- bugfix: fix minor issue found by Coverity in
src/ngx_http_echo_subrequest.c
. Thanks Ilya Shipitsin for the patch.
upgraded drizzle-nginx-module to v0.1.12
- bugfix: fix potential null pointer dereference found by Coverity. Thanks Ilya Shipitsin for the patch.
Version 1.21.4.1 - 18 May 2022
upgraded the nginx core to 1.21.4.
- see the changes here: http://nginx.org/en/CHANGES
win32/win64: upgraded zlib to 1.2.12.
win32/win64: upgraded OpenSSL to 1.1.1n.
feature: allow to be compiled with LibreSSL 3.0+. Thanks spacewander for the patch.
feature: add lua_ssl_conf_command directive for setting arbitrary OpenSSL configuration parameter particularly the TLSv1.3 ciphersuites. Thanks Zhefeng Chen for the patch.
feature: implemented the ssl_client_hello_by_lua* api for controlling the NGINX downstream SSL handshake dynamically with Lua. Thanks Zhefeng Chen for the patch.
feature: the number connections of privileged agent can be set by enable_privileged_agent(connections). Thanks wangyao for the patch.
feature: implemented the new ngx.run_worker_thread API to run Lua function in a seperated worker thread. Thanks kingluo for the patch.
upgraded lua-nginx-module to 0.10.21
- bugfix: ngx.pipe waits until timeout because child process forgot to close pipe after dup2. Thanks Junlong Li for the patch.
- bugfix: posted event handler was called after event memory was freed. Thanks Junlong Li for the patch.
- bugfix: prevent illegal memory access in ngx_http_lua_util.c. Thanks Jiahao Wang for the patch.
- optimize: removed superfluous code from shdict_store. Thanks Odin Hultgren Van Der Horst for the patch.
- bugfix: fix nginx crash caused by a bad format specifier. Thanks balus for the patch.
- bugfix: fixed memcpy param overlap detected by asan. Thanks pengyanfeng for the patch.
- bugfix: fix possible null pointer dereference found by Coverity. Thanks doujiang24 for the patch.
- bugfix: we should use luaL_typename() with lua stack index. Thanks balus for the patch.
- bugfix: fixed potential leak on memory allocation errors. we have to clean just created SSL context manually, thus appropriate call added. Thanks nandsky for the patch.
- bugfix: nginx crash when resolve an not exist domain in thread create by ngx.thread.spawn. Thanks lijunlong for the patch.
- bugfix: should reset the value_len to 0 when reuse the expired list type key in shared dict. Thanks ngtee8 for the patch.
- change: do not need to create the Lua request ctx data table from C. Thanks doujiang for the patch.
- bugfix: we should ignore match limit in DFA mode. Thanks Jianyong Chen for the patch.
- bugfix: buffer bloat and CPU 100% when download large file was filtered by body_filter_by_lua. Thanks lijunlong for the patch.
- bugfix: fixed missing 'const' qualifier causing compilation failure on freebsd. Thanks Jiahao Wang for the patch.
- bugfix: should not allow to create timer in the exit process phase. Thanks Jinhua Tan for the patch.
- feature: support environ in ngx.pipe on mac. Thanks tzssangglass for the patch.
upgraded stream-lua-nginx-module to 0.0.11
- bugfix: compilation failed when building without --with-stream_ssl_module. Thanks vislee for the patch.
- bugfix: we should use luaL_typename() with lua stack index. Thanks Jianyong Chen for the patch.
- bugfix: fixed possible null pointer dereference found by Coverity. Thanks Ilya Shipitsin for the patch.
- bugfix: nginx crash when resolve an not exist domain. Thanks lijunlong for the patch.
- bugfix: should reset the value_len to 0 when reuse the expired list type key in shared dict. Thanks ngtee8 for the patch.
- bugfix: we should ignore match limit in DFA mode. Thanks balus for the patch.
- bugfix: some lua configurations (i.e.
lua_ssl_trusted_certificate
) were missing in the init_worker phase. Thanks doujiang for the patch. - bugfix: failed to start when non-ssl server configured with ssl_certificate_by_lua* directive. Thanks Zhefeng Chen for the patch.
- bugfix: old coroutine APIs were used in the
preread
andssl_cert
phase. Thanks Zhefeng Chen for the patch.
upgraded lua-resty-core to 0.1.23
upgraded lua-resty-websocket to 0.09
- bugfix: should abort when status code is invalid in wb:send_close(server). Thanks Gerrard-YNWA for the patch.
upgraded lua-resty-redis to 0.30
- feature: add a surface to support redis module. Thanks spacewander for the patch.
upgraded lua-resty-limit-traffic to 0.08
- optimize: resty.limit.conn call dict:incr with
init_ttl
argument. Thanks WindMGC for the patch.
- optimize: resty.limit.conn call dict:incr with
upgraded lua-resty-mysql to 0.25
- bugfix: fallback to default auth plugin if server doesn't have
CLIENT_PLUGIN_AUTH
capability. Thanks Wangchong Zhou for the patch.
- bugfix: fallback to default auth plugin if server doesn't have
upgraded set-misc-nginx-module to 0.33
- feature: added url safe base64 encoding/decoding. Thanks Pavel for the patch.
- bugfix: fix a possible resource leak of fd when exception occur. Thanks Hai Shi for the patch.
- feature: added new directive
set_hmac_sha256
. Thanks erankor for the patch.
upgraded encrypted-session-nginx-module to 0.09
- optimize: make it compatible with boringssl. Thanks lijunlong for the patch.
upgraded lua-resty-string to 0.15
- feature: added an optional len parameter for resty.md5.update(). Thanks lijunlong for the patch.
- feature: add
enable_padding
option for aes. Thanks beimingfish for the patch. - optimize: speed up
string.to_hex
by reusing hex buf. Thanks jinjiezhao for the patch.
upgraded lua-cjson to 2.1.0.10
- bugfix: fixed bugs suspected by cppcheck: shift signed 32-bit value by 31 bits and uninitialized variable. Thanks Jiahao Wang for the patch.
- bugfix: fixed a possible division by zero bugs found by cppcheck. Thanks Jiahao Wang for the patch.
- feature: support lua 5.2+.
upgraded luajit2 to 2.1-20220411
- Add missing check for LJ_KEYINDEX in ITERN recording.
- DynASM/ARM64: Fix NOP instruction for aligment.
- Fix soft-float IR_POW splitting.
- Fix BC_UCLO insertion for returns.
- Fix string buffer COW handling.
- Fix command-line argv handling.
- Always exit after machine code page protection change fails.
- Fix FOLD rule for BUFHDR append with intervening buffer use.
- Fix compiled error handling for buffer methods.
- FFI: Ensure library is loaded before de-serializing FFI types.
- Fix HREFK forwarding vs. table.clear().
- Fix FOLD rule for BUFHDR append.
- Fix tonumber("-0") in dual-number mode.
- Limit work done in SINK pass.
- Fix ABC FOLD rule with constants.
- Windows: Fix binary output of jit.bcsave to stdout.
- Fix FOLD rule for x-0.
- ARM64: Fix pcall() error case.
- refactor: removed duplicated table entries. Thanks lijunlong for the patch.
- OSX/ARM64: Fix external unwinding.
- Fix interaction of profiler and ITERN recording.
- Fix compilation of multi-result call to next().
- ARM64: Fix IR_HREF code generation.
- MIPS64: Fix soft-float IR_TOSTR.
- MIPS: Fix register allocation in assembly of HREF.
- Windows/x64: Document MSVC flags for C++ exception interoperability.
- FFI: Ensure returned string is alive in ffi.typeinfo().
- bugfix: fixed merge error which was introduced by commit 63dee93f4e. Thanks lijunlong for the patch.
- OSX/ARM64: Disable unwind info.
- Fix stack allocation after on-trace stack check.
- Fix ITERN blacklisting.
- Ensure ITERN forward progress on interpreter bailout.
- ARM64: Reorder interpreter stack frame and fix unwinding.
- Don't bail out to interpreter to JLOOP originating from ITERN.
- FFI: Don't load PC from non-function object in FFI continuation.
- FFI: Fix missing cts->L initialization in argv2ctype().
- OSX/ARM64: Disable external unwinding for now.
- Compile table traversals: next(), pairs(), BC_ISNEXT/BC_ITERN. This work sponsored by OpenResty INC.
- Use IR_HIOP for generalized two-register returns.
- Refactor table traversal.
- ARM: Fix symbol display in trace disassembly.
- Refactor IR_TMPREF generation.
- Refactor IR_VLOAD to take an offset.
- MIPS: Fix trace linking.
- feature: implemented string.buffer library.
- Consider slots used by upvalues in use-def analysis.
- Prevent loop in snap_usedef().
- Fix io.close().
- Fix minilua vararg stack handling.
- Avoid out-of-range number of results when compiling select(k, ...).
- Fix error message in lj_lib_checkintrange().
- Fix IRXLOAD_* mode bits description.
- Add IRCONV_NONE for pass-through INT to I64/U64 type change.
- Fix jit.dump() output for IR_CONV.
- Change: Resolve luaL_newstate() return NULL in ppc64le issue. Thanks ManirajDeivendran for the patch.
- Disable unreliable assertion for external frame unwinding.
- Flush and close output file after profiling run.
- Avoid conflict between 64 bit lightuserdata and ITERN key.
- Change: Resolve compilation error in ppc Thanks Maniraj Deivendran for the patch.
- bugfix: disabled the assertion since it might be a false alarm on fedora aarch64.
- feature: added the trace entry and normal exit events in the GC64 interpreter. Thanks doujiang24 for the patch.
- Throw any errors before stack changes in trace stitching.
- DynASM/x86: Add missing escape in pattern.
- DynASM/ARM64: Fix LSL/BFI* encoding with variable shifts.
- Fix MinGW static build.
- Fix dependencies.
- Fix IR_BUFHDR assembly.
- FFI: Support FFI numbers in string.format() and buf:putf().
- ARM64: More improvements to the generation of immediates.
- Abstract out on-demand loading of FFI library.
- FFI: Fix dangling reference to CType.
- PPC/PS3: Fix BC_ADD*/BC_SUB*.
- Fix use-def analysis for vararg functions.
- Fix use-def analysis for BC_VARG.
- DynASM/ARM64: Fix ADRP encoding with absolute address.
- Fix compiler warnings.
- DynASM/ARM64: Add .long expr. Add .quad/.addr expr + refs.
- DynASM/x86: Fix x64 .aword refs. Add .qword, .quad, .addr and .long.
- FFI/ARM64/OSX: Fix vararg call handling.
- Prevent compile of __concat with tailcall to fast function.
- Fix IR_RENAME snapshot number. Follow-up fix for a32aeadc.
- DynASM: Fix global label references
- DynASM/ARM64: Add VREG support.
- Fix build with busybox grep.
- NetBSD: Use PROT_MPROTECT() and disable getentropy().
- Allow disabling the serializer.
- BSD: Fix build with BSD grep.
- Fix .bat file builds.
- OSX: Fix build by hardcoding external frame unwinding.
- Reorganize lightuserdata interning code.
- Upgrade docs to HTML5. It's about time.
- FFI: Handle zero-fill of struct-of-NYI.
- ARM64: Improve generation of immediates.
- Detect inconsistent renames even in the presence of sunk values.
- Handle on-trace OOM errors from helper functions.
- Use weak guards for on-trace allocations.
- PPC: Fix GG_State loads.
- MIPS: Fix handling of long-range spare jumps.
- Cleanup and enable external unwinding for more platforms.
- Remove specific version numbers from the docs.
- iOS: Don't use getentropy() since it's disallowed in the App Store.
- Linux/ARM64: Make mremap() non-moving due to VA space woes.