diff options
-rw-r--r-- | doc/manual/release-notes.xml | 25 |
1 files changed, 24 insertions, 1 deletions
diff --git a/doc/manual/release-notes.xml b/doc/manual/release-notes.xml index 6f81e7223ebc..9cbd1fbb869d 100644 --- a/doc/manual/release-notes.xml +++ b/doc/manual/release-notes.xml @@ -8,13 +8,36 @@ <!--==================================================================--> -<section xml:id="ssec-relnotes-1.4"><title>Release 1.4 (TBA)</title> +<section xml:id="ssec-relnotes-1.4"><title>Release 1.4 (February 26, 2013)</title> + +<para>This release fixes a security bug in multi-user operation. It +was possible for derivations to cause the mode of files outside of the +Nix store to be changed to 444 (read-only but world-readable) by +creating hard links to those files (<link +xlink:href="https://github.com/NixOS/nix/commit/5526a282b5b44e9296e61e07d7d2626a79141ac4">details</link>).</para> + +<para>There are also the following improvements:</para> <itemizedlist> <listitem><para>New built-in function: <function>builtins.hashString</function>.</para></listitem> + <listitem><para>Build logs are now stored in + <filename>/nix/var/log/nix/drvs/<replaceable>XX</replaceable>/</filename>, + where <replaceable>XX</replaceable> is the first two characters of + the derivation. This is useful on machines that keep a lot of build + logs (such as Hydra servers).</para></listitem> + + <listitem><para>The function <function>corepkgs/fetchurl</function> + can now make the downloaded file executable. This will allow + getting rid of all bootstrap binaries in the Nixpkgs source + tree.</para></listitem> + + <listitem><para>Language change: The expression <literal>"${./path} + ..."</literal> now evaluates to a string instead of a + path.</para></listitem> + </itemizedlist> </section> |