package/expat: security bump version to 2.6.3

Changelog:
https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes

Fixes CVE-2024-45490, CVE-2024-45491 & CVE-2024-45492.

Follow upstream switch of project repository to github:
https://sourceforge.net/p/expat/news/2022/01/project-moved-to-github/

Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/expat/Config.in

@@ -3,4 +3,4 @@ config BR2_PACKAGE_EXPAT
 	help
 	  The Expat XML Parser.
 
-	  http://expat.sourceforge.net
+	  https://libexpat.github.io/

package/expat/expat.hash

@@ -1,7 +1,3 @@
-# From https://sourceforge.net/projects/expat/files/expat/2.6.2/
-md5  0cb75c8feb842c0794ba89666b762a2d  expat-2.6.1.tar.xz
-sha1  d9e5f953dcacda3c9e69b4886382c3d8847b81bd  expat-2.6.1.tar.xz
-
 # Locally calculated
-sha256  ee14b4c5d8908b1bec37ad937607eab183d4d9806a08adee472c3c3121d27364  expat-2.6.2.tar.xz
+sha256  274db254a6979bde5aad404763a704956940e465843f2a9bd9ed7af22e2c0efc  expat-2.6.3.tar.xz
 sha256  122f2c27000472a201d337b9b31f7eb2b52d091b02857061a8880371612d9534  COPYING

package/expat/expat.mk

@@ -4,8 +4,8 @@
 #
 ################################################################################
 
-EXPAT_VERSION = 2.6.2
-EXPAT_SITE = http://downloads.sourceforge.net/project/expat/expat/$(EXPAT_VERSION)
+EXPAT_VERSION = 2.6.3
+EXPAT_SITE = https://github.com/libexpat/libexpat/releases/download/R_$(subst .,_,$(EXPAT_VERSION))
 EXPAT_SOURCE = expat-$(EXPAT_VERSION).tar.xz
 EXPAT_INSTALL_STAGING = YES
 EXPAT_LICENSE = MIT