- Fix CVE-2022-33070: Protobuf-c v1.4.0 was discovered to contain an
invalid arithmetic shift via the function parse_tag_and_wiretype in
protobuf-c/protobuf-c.c. This vulnerability allows attackers to cause
a Denial of Service (DoS) via unspecified vectors.
- Use official tarball (and so drop autoreconf)
- Update hash of COPYING (year updated with
471aaa5f6d)
https://github.com/protobuf-c/protobuf-c/releases/tag/v1.4.1
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit cbbd2dae9e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
1123b04f02