6 files changed, 90 insertions, 6 deletions
diff --git a/doc/manual/meson.build b/doc/manual/meson.build
index f53d41b5d..38aad55b5 100644
--- a/doc/manual/meson.build
+++ b/doc/manual/meson.build
@@ -126,20 +126,18 @@ manual = custom_target(
     'manual',
     'markdown',
   ],
+  install_dir : [
+    datadir / 'doc/nix',
+    false,
+  ],
   depfile : 'manual.d',
   env : {
     'RUST_LOG': 'info',
     'MDBOOK_SUBSTITUTE_SEARCH': meson.current_build_dir() / 'src',
   },
 )
-manual_html = manual[0]
 manual_md = manual[1]
 
-install_subdir(
-  manual_html.full_path(),
-  install_dir : datadir / 'doc/nix',
-)
-
 nix_nested_manpages = [
   [ 'nix-env',
     [
diff --git a/doc/manual/rl-next/alt-left-and-alt-right-in-repl.md b/doc/manual/rl-next/alt-left-and-alt-right-in-repl.md
new file mode 100644
index 000000000..66e89a15e
--- /dev/null
+++ b/doc/manual/rl-next/alt-left-and-alt-right-in-repl.md
@@ -0,0 +1,10 @@
+---
+synopsis: "`Alt+Left` and `Alt+Right` go back/forwards by words in `nix repl`"
+issues: [fj#501]
+cls: [1883]
+category: Fixes
+credits: 9999years
+---
+
+`nix repl` now recognizes `Alt+Left` and `Alt+Right` for navigating by words
+when entering input in `nix repl` on more terminals/platforms.
diff --git a/doc/manual/rl-next/fetchGit-regression.md b/doc/manual/rl-next/fetchGit-regression.md
new file mode 100644
index 000000000..f6b4fb9e5
--- /dev/null
+++ b/doc/manual/rl-next/fetchGit-regression.md
@@ -0,0 +1,23 @@
+---
+synopsis: restore backwards-compatibility of `builtins.fetchGit` with Nix 2.3
+issues: [5291, 5128]
+credits: [ma27]
+category: Fixes
+---
+
+Compatibility with `builtins.fetchGit` from Nix 2.3 has been restored as follows:
+
+* Until now, each `ref` was prefixed with `refs/heads` unless it starts with `refs/` itself.
+
+  Now, this is not done if the `ref` looks like a commit hash.
+
+* Specifying `builtins.fetchGit { ref = "a-tag"; /* … */ }` was broken because `refs/heads` was appended.
+
+  Now, the fetcher doesn't turn a ref into `refs/heads/ref`, but into `refs/*/ref`. That way,
+  the value in `ref` can be either a tag or a branch.
+
+* The ref resolution happens the same way as in git:
+
+  * If `refs/ref` exists, it's used.
+  * If a tag `refs/tags/ref` exists, it's used.
+  * If a branch `refs/heads/ref` exists, it's used.
diff --git a/doc/manual/rl-next/readline-support-removed.md b/doc/manual/rl-next/readline-support-removed.md
new file mode 100644
index 000000000..6e4faeb67
--- /dev/null
+++ b/doc/manual/rl-next/readline-support-removed.md
@@ -0,0 +1,17 @@
+---
+synopsis: readline support removed
+cls: [1885]
+category: Packaging
+credits: [9999years]
+---
+
+Support for building Lix with [`readline`][readline] instead of
+[`editline`][editline] has been removed. `readline` support hasn't worked for a
+long time (attempting to use it would lead to build errors) and would make Lix
+subject to the GPL if it did work. In the future, we're hoping to replace
+`editline` with [`rustyline`][rustyline] for improved ergonomics in the `nix
+repl`.
+
+[readline]: https://en.wikipedia.org/wiki/GNU_Readline
+[editline]: https://github.com/troglobit/editline
+[rustyline]: https://github.com/kkawakam/rustyline
diff --git a/doc/manual/rl-next/stack-traces.md b/doc/manual/rl-next/stack-traces.md
new file mode 100644
index 000000000..e16d6c886
--- /dev/null
+++ b/doc/manual/rl-next/stack-traces.md
@@ -0,0 +1,26 @@
+---
+synopsis: "Some Lix crashes now produce reporting instructions and a stack trace, then abort"
+cls: [1854]
+category: Improvements
+credits: jade
+---
+
+Lix, being a C++ program, can crash in a few kinds of ways.
+It can obviously do a memory access violation, which will generate a core dump and thus be relatively debuggable.
+But, worse, it could throw an unhandled exception, and, in the past, we would just show the message but not where it comes from, in spite of this always being a bug, since we expect all such errors to be translated to a Lix specific error.
+Now the latter kind of bug should print reporting instructions, a rudimentary stack trace and (depending on system configuration) generate a core dump.
+
+Sample output:
+
+```
+Lix crashed. This is a bug. We would appreciate if you report it along with what caused it at https://git.lix.systems/lix-project/lix/issues with the following information included:
+
+Exception: std::runtime_error: test exception
+Stack trace:
+ 0# nix::printStackTrace() in /home/jade/lix/lix3/build/src/nix/../libutil/liblixutil.so
+ 1# 0x000073C9862331F2 in /home/jade/lix/lix3/build/src/nix/../libmain/liblixmain.so
+ 2# 0x000073C985F2E21A in /nix/store/p44qan69linp3ii0xrviypsw2j4qdcp2-gcc-13.2.0-lib/lib/libstdc++.so.6
+ 3# 0x000073C985F2E285 in /nix/store/p44qan69linp3ii0xrviypsw2j4qdcp2-gcc-13.2.0-lib/lib/libstdc++.so.6
+ 4# nix::handleExceptions(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::function<void ()>) in /home/jade/lix/lix3/build/src/nix/../libmain/liblixmain.so
+ ...
+```
diff --git a/doc/manual/rl-next/verify-tls.md b/doc/manual/rl-next/verify-tls.md
new file mode 100644
index 000000000..608f3347e
--- /dev/null
+++ b/doc/manual/rl-next/verify-tls.md
@@ -0,0 +1,10 @@
+---
+synopsis: "`<nix/fetchurl.nix>` now uses TLS verification"
+category: Fixes
+prs: [11585]
+credits: edolstra
+---
+
+Previously `<nix/fetchurl.nix>` did not do TLS verification. This was because the Nix sandbox in the past did not have access to TLS certificates, and Nix checks the hash of the fetched file anyway. However, this can expose authentication data from `netrc` and URLs to man-in-the-middle attackers. In addition, Nix now in some cases (such as when using impure derivations) does *not* check the hash. Therefore we have now enabled TLS verification. This means that downloads by `<nix/fetchurl.nix>` will now fail if you're fetching from a HTTPS server that does not have a valid certificate.
+
+`<nix/fetchurl.nix>` is also known as the builtin derivation builder `builtin:fetchurl`. It's not to be confused with the evaluation-time function `builtins.fetchurl`, which was not affected by this issue.