diff --git a/pkgs/development/libraries/libsass/default.nix b/pkgs/development/libraries/libsass/default.nix
index ce43ed734324..957201b83abc 100644
--- a/pkgs/development/libraries/libsass/default.nix
+++ b/pkgs/development/libraries/libsass/default.nix
@@ -1,22 +1,21 @@
-{ stdenv, fetchurl, fetchpatch, autoreconfHook }:
+{ stdenv, fetchFromGitHub, autoreconfHook }:
 
 stdenv.mkDerivation rec {
-  name = "libsass-${version}";
-  version = "3.5.5";
+  pname = "libsass";
+  version = "3.6.0";
 
-  src = fetchurl {
-    url = "https://github.com/sass/libsass/archive/${version}.tar.gz";
-    sha256 = "0w6v1xa00jvfyk4b29ir7dfkhiq72anz015gg580bi7x3n7saz28";
+  src = fetchFromGitHub {
+    owner = "sass";
+    repo = pname;
+    rev = version;
+    sha256 = "0c2cfmxv1h4f258l9ph6jrnk1ip5bngapzbw1x3vsqxw7hy20n4a";
+    # Remove unicode file names which leads to different checksums on HFS+
+    # vs. other filesystems because of unicode normalisation.
+    extraPostFetch = ''
+      rm -r $out/test/e2e/unicode-pwd
+    '';
   };
 
-  patches = [
-    (fetchpatch {
-      name = "CVE-2018-19827.patch";
-      url = "https://github.com/sass/libsass/commit/b21fb9f84096d9927780b86fa90629a096af358d.patch";
-      sha256 = "0ix12x9plmpgs3xda2fjdcykca687h16qfwqr57i5qphjr9vp33l";
-    })
-  ];
-
   preConfigure = ''
     export LIBSASS_VERSION=${version}
   '';