gnu: icecat: Update to 140.3.0-gnu1 [security fixes].

For Firefox/IceCat, this fixes at least CVE-2025-6427, CVE-2025-6428,
CVE-2025-6431, CVE-2025-6432, CVE-2025-6433, CVE-2025-6434, CVE-2025-6435 and
CVE-2025-6436.

For Thunderbird/Icedove, this fixes too many CVEs to be named here. Consult
<https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird> to
read the details.

* gnu/packages/image.scm (libpng-apng-for-librewolf): Rename to...
(libpng-apng-next): ... this.
* gnu/packages/librewolf.scm (librewolf) [inputs]: Adjust accordingly.
* gnu/packages/gnuzilla.scm (icecat-minimal): Update to 140.3.0.
[#:configure-flags]: Add --disable-fhs.  Remove --enable-official-branding.
[#:phases] {apply-guix-specific-patches}: Apply
icecat-fhs-configure-option.patch.
{remove-cargo-frozen-flag}: Remove --frozen from rust.mk.
{install}: Also install a policies.json file to disable the Sync feature.
{install-desktop-entry}: Adjust and streamline.
{install-icons}: Use the 'unofficial' branding directory.
[inputs]: Replace libpng-apng with libpng-apng-next.  Replace icu4c with
icu4c-77.
[native-search-paths]: Replace ICECAT_SYSTEM_DIR with MOZILLA_SYSTEM_DIR.
(icecat-source): Remove obsolete cleanups.  Switch tarball compression to
zstd.
(make-l10n-package): No longer set GUIX_PYTHONPATH.
[#:phases] {build}: Register the "tb_common" mach site.
[native-inputs]: Replace python-wrapper with python. Add python-aiohttp,
python-async-timeout and python-dateutil.
(mozilla-115-compare-locales, mozilla-115-locale, mozilla-115-locales)
(update-mozilla-115-locales, all-mozilla-115-locales, %icecat-115-base-version)
(%icecat-115-version, %icecat-115-build-id
(icecat-115-source): Delete variables.
(mozilla-l10n): Update to correct changeset.
(format-locales): New procedure.
(%icecat-locales): Update.
(%icecat-base-version): Set to the version of mozjs.
(%icecat-build-id): Bump.
(%icedove-build-id): Bump.
(%icedove-version): Set to 140.3.0.
(thunderbird-comm-source): Update accordingly.
[patches]: New field.
(comm-source->locales+changeset): Delete variable.
(%icedove-locales): Regenerate.
(thunderbird-comm-l10n): Adjust URI, and switch to a git-fetch, to be able to
use pre-releases (the official release tarballs lag behind those of Firefox).
(icedove-source): Compress resulting tarball via zstd. Adjust patching based
on changed file names and content. Make "comm" files writable. Patch
MOZ_APP_NAME in "devtools/startup/DevToolsStartup.sys.mjs". Adjust
services.settings.server value to avoid a warning.
Adjust l10n copying, given we're now using a checkout again.
(icedove-minimal) [#:phases] {configure}: Do not set PYTHON. Add
'ac_add_options --enable-rust-simd' flag.
{do-not-verify-vendored-rust-dependencies}: New phase.
{patch-cargo-checksums}: Sync with IceCat, add "comm" directory.
{remove-cargo-frozen-flag}: Sync phase with that of IceCat.
[inputs]: Sort. Add ffmpeg. Remove gtk+-2. Replace nss with nss-rapid.
Replace icu4c with icu4c-77.
[native-inputs]: Replace clang-15 with clang-20, llvm-15 with llvm-20. Replace
rust-cbindgen-0.24 with rust-cbindgen.
* gnu/packages/patches/icedove-observer-fix.patch: New file.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/patches/icecat-compare-paths.patch: Update.
* gnu/packages/patches/icecat-use-system-wide-dir.patch: Rework, with the goal
to of upstreaming it.

Change-Id: Ib420388b9e7c7b59baa74920951afbda99cfe5a2

gnu/packages/librewolf.scm

@@ -641,7 +641,7 @@
                   libjpeg-turbo
                   libnotify
                   libpciaccess
-                  libpng-apng-for-librewolf
+                  libpng-apng-next
                   libva
                   libvpx
                   libwebp