Switch to using the release tarball instead of using the GitHub tag, as I
don't have the original tarball that was used to generate the distinfo
for the upgrade to 2.0. The release tarball has sha256 signatures posted
and they match with what is being committed now.
Reported by: Juraj Lutter <firstname.lastname@example.org>
Approved by: blanket approval, tivial build fixes