From bc5330c3243df55d6231799676c3a4ac16a2f072 Mon Sep 17 00:00:00 2001
From: Martin Weinelt <hexa@darmstadt.ccc.de>
Date: Wed, 7 Feb 2024 19:32:26 +0100
Subject: [PATCH] expat: 2.5.0 -> 2.6.0

https://github.com/libexpat/libexpat/blob/R_2_6_0/expat/Changes
https://blog.hartwork.org/posts/expat-2-6-0-released/

Fixes: CVE-2023-54245, CVE-2024-52426
---
 pkgs/development/libraries/expat/default.nix | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/pkgs/development/libraries/expat/default.nix b/pkgs/development/libraries/expat/default.nix
index 248e3774f4cd2..babb19e6cfb04 100644
--- a/pkgs/development/libraries/expat/default.nix
+++ b/pkgs/development/libraries/expat/default.nix
@@ -14,13 +14,16 @@
 # cgit) that are needed here should be included directly in Nixpkgs as
 # files.
 
-stdenv.mkDerivation rec {
+let
+  version = "2.6.0";
+  tag = "R_${lib.replaceStrings ["."] ["_"] version}";
+in stdenv.mkDerivation rec {
   pname = "expat";
-  version = "2.5.0";
+  inherit version;
 
   src = fetchurl {
-    url = "https://github.com/libexpat/libexpat/releases/download/R_${lib.replaceStrings ["."] ["_"] version}/${pname}-${version}.tar.xz";
-    sha256 = "1gnwihpfz4x18rwd6cbrdggmfqjzwsdfh1gpmc0ph21c4gq2097g";
+    url = "https://github.com/libexpat/libexpat/releases/download/${tag}/${pname}-${version}.tar.xz";
+    hash = "sha256-y19ajqIR4cq9Wb4KkzpS48Aswyboak04fY0hjn7kej4=";
   };
 
   strictDeps = true;
@@ -57,6 +60,7 @@ stdenv.mkDerivation rec {
   };
 
   meta = with lib; {
+    changelog = "https://github.com/libexpat/libexpat/blob/${tag}/expat/Changes";
     homepage = "https://libexpat.github.io/";
     description = "A stream-oriented XML parser library written in C";
     platforms = platforms.all;