tremor: security bump to fix CVE-2018-5146

Prevent out-of-bounds write in codebook decoding.

Codebooks that are not an exact divisor of the partition size are now
truncated to fit within the partition.

Upstream has migrated from subversion to git, so change to git and bump the
version to include the fix for CVE-2018-5146.

While we're at it, also add a hash file.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 80266c95052024381898cada4c51d44207fddd80)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/tremor/tremor.hash

@@ -0,0 +1,3 @@
+# Locally computed
+sha256 ba94cfdf886399c550f76908285bfa9e322f24085de6f1810c2abea565c13a15  tremor-7c30a66346199f3f09017a09567c6c8a3a0eedc8.tar.gz
+sha256 d2ab5758336489da61c12cc5bb757da5339c4ae9001f9bb0562b4370249af814  COPYING

package/tremor/tremor.mk

@@ -4,9 +4,9 @@
 #
 ################################################################################
 
-TREMOR_SITE = http://svn.xiph.org/trunk/Tremor
-TREMOR_SITE_METHOD = svn
-TREMOR_VERSION = 19427
+TREMOR_VERSION = 7c30a66346199f3f09017a09567c6c8a3a0eedc8
+TREMOR_SITE = https://git.xiph.org/tremor.git
+TREMOR_SITE_METHOD = git
 TREMOR_LICENSE = BSD-3c
 TREMOR_LICENSE_FILES = COPYING