doc/rl-2605: Move entries from nixos to nixpkgs doc

doc/release-notes/rl-2605.section.md

@@ -6,6 +6,44 @@
 - GCC has been updated from GCC 14 to GCC 15.
   This introduces some backwards incompatible changes; Refer to the [upstream porting guide](https://gcc.gnu.org/gcc-15/porting_to.html) for details.
 
+- `glibc` has been updated to version 2.42.
+
+  This version no longer makes the stack executable when a shared library requires this. A symptom
+  is an error like
+
+  > cannot enable executable stack as shared object requires: Invalid argument
+
+  This is usually a bug. Please consider reporting it to the software maintainers.
+
+  In a lot of cases, the library requires the execstack by mistake only. The following workarounds exist:
+
+  * When building the shared library in question from source, use the following linker flags to force turning off the
+    executable flag:
+
+    ```nix
+    mkDerivation {
+      # …
+
+      env.NIX_LDFLAGS = "-z,noexecstack";
+    }
+    ```
+
+  * If the sources are not available, the execstack-flag can be cleared with `patchelf`:
+
+    ```
+    patchelf --clear-execstack binary-only.so
+    ```
+
+  * If the shared library to be loaded actually requires an executable stack and it isn't turned
+    on by the application loading it, you may force allowing that behavior by setting the
+    following environment variable:
+
+    ```
+    GLIBC_TUNABLES=glibc.rtld.execstack=2
+    ```
+
+    **Do not set this globally!** This makes your setup inherently less secure.
+
 - Node.js default version has been updated from 22 LTS to 24 LTS.
   This introduces some breaking changes; Refer to the [upstream migration article](https://nodejs.org/en/blog/migrations/v22-to-v24) for details.
 
@@ -74,6 +112,8 @@
 
 <!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->
 
+- `mdbook-linkcheck` has been removed as it is unmaintained and incompatible with the latest version of `mdbook`. Users can instead migrate to `mdbook-linkcheck2`.
+
 - The `nodePackages` package set has been removed entirely from nixpkgs. This package set was created to ease the maintenance burden of maintaining lots of
   NodeJS-based packages within nixpkgs, but became a burden itself. Over the past several releases, there has been a focus on removing it in favor of the more modern nixpkgs packaging strategies.
   After a long time, this package set has been deprecated and removed. If you are using its package set in your own config, please use the top-level packages instead.(i.e `pkgs.package-name` instead of `pkgs.nodePackages.package-name`).
@@ -111,6 +151,23 @@
 
 - `nodePackages.wavedrom-cli` has been removed, as it was unmaintained within nixpkgs.
 
+- MATE packages have been moved to top level (e.g. if you previously added `pkgs.mate.caja` to `environment.systemPackages`, you will need to change it to `pkgs.caja`).
+
+- `kratos` has been updated from 1.3.1 to [25.4.0](https://github.com/ory/kratos/releases/tag/v25.4.0). Upstream switched to a new versioning scheme (year.major.minor). Notable breaking changes:
+
+  - The `migrate sql` CLI command is now `migrate sql up`
+  - OIDC registration validation errors are now placed in the `default` node group instead of `oidc`
+  - Failed OIDC account linking returns HTTP 400 instead of 200
+
+- `pdns` has been updated to version [v5.0.x](https://doc.powerdns.com/authoritative/changelog/5.0.html), which introduces breaking changes. Check out the [Upgrade Notes](https://doc.powerdns.com/authoritative/upgrading.html#to-5-0-0) for details.
+
+- `geph` package's built-in GUI `geph5-client-gui` has been [removed](https://github.com/geph-official/geph5/commit/f2221fb8386312daf2cef05483ebb353ff48bdb4) by the upstream. All users who wish to continue using the GUI should install the `gephgui-wry`, which is consistent with the official release version.
+
+- `xfsprogs` was updated to version 6.18.0, which enables parent pointers and exchange-range by default. Upstream recommends not to use these features with kernels older than 6.18.
+   GRUB2 is likely unable to boot from filesystems with these features enabled.
+
+- `lunarvim` package has been removed, as it was abandoned upstream and relied on an old version of `neovim` to work properly.
+
 - `requireFile` now treats any `message` or `url` argument as a literal string, rather than subjecting it to Bash here-doc expansion.  This allows including strings like `$PWD` in the message without needing to know about and handle the undocumented Bash expansion.
 
 - `nodePackages.browserify` has been removed, as it was unmaintained within nixpkgs.
@@ -314,6 +371,8 @@
 
 - `linuxPackages.nvidiaPackages` now follows NVIDIA's official release branches by exposing `production`, `new_feature`, and `beta`. The convenience aliases `latest` (newer of `production` and `new_feature`) and `bleeding_edge` (newer of `latest` and `beta`) are provided; note that `beta` now refers strictly to the beta branch.
 
+- `stestrCheckHook` was added: This test hook runs `stestr run`. You can disable tests with `disabledTests` and `disabledTestsRegex`.
+
 - `balatro` now supports the Google Play and Xbox PC versions of the game.  Pass the `apk` or `Assets.zip` as `balatro.override { src = "…" }`.
 
 - `uptime-kuma` has been updated to v2, which requires an automated migration that can take a few hours. **A backup is highly recommended.**
@@ -324,6 +383,16 @@
 
 - The `libcxxhardeningextensive` hardening flag has been **disabled** by default. Enabling it by default in 25.11 was unintentional and may have had a negative effect on performance in some cases. `libcxxhardeningfast` remains enabled by default.
 
+- Wine has been updated to the 11.0 branch. Please check the [upstream announcement](https://gitlab.winehq.org/wine/wine/-/releases/wine-11.0) for more details.
+
+- Cinnamon has been updated to 6.6, please check the [upstream announcement](https://www.linuxmint.com/rel_zena_whatsnew.php) for more details.
+
+- `rspamd` has been updated to 4.0. Please check the upstream [migration](https://docs.rspamd.com/tutorials/migration/#migration-to-rspamd-400) documentation, especially if you run a sharded Redis deployment.
+
+- `hyphen` now supports over 40 language variants through `hyphenDicts` and now allows to enable all supported languages through `hyphenDicts.all`.
+
+- `budgie` has been updated to 10.10, please check the [upstream announcement](https://buddiesofbudgie.org/blog/budgie-10-10-released) for more details.
+
 - The packages `ibtool`, `actool` and `re-plistbuddy` have been added, providing reimplementations of the corresponding proprietary Apple tools. They are more compatible with the originals than the previously existing `xcbuild` package, and should enable more darwin software to be built from source.
 
 - Switch inhibitors were introduced, which add a pre-switch check that compares a list of strings between the previous and the new generation, and refuses to switch into the new generation when there is a difference between the two lists. This allows avoiding switching into a system when for instance the systemd version changed by adding `config.systemd.package.version` to the switch inhibitors for your system. You can still forcefully switch into any generation by setting `NIXOS_NO_CHECK=1`.
@@ -423,3 +492,4 @@ gnuradioMinimal.override {
 - The builder `php.buildComposerProject2` for PHP applications has been improved for better reliability and stability.
 
 - The `services.drupal` module has a few improvements aimed at making it better for installing custom Drupal instances, namely a new `webRoot` option for identifying custom webroots in source code, a new `configRoot` option for identifying and synchronizing config yamls onto NixOS, and some new settings for managing variable content and filepaths.
+