package/thrift: security bump to v0.13

Drop patch because the linker error no longer appears on br-x86-64-musl.

v0.13.0 fixes the following CVEs:

CVE-2019-0205: In Apache Thrift all versions up to and including 0.12.0,
a server or client may run into an endless loop when feed with specific
input data. Because the issue had already been partially fixed in version
0.11.0, depending on the installed version it affects only certain
language bindings.

CVE-2019-0210: In Apache Thrift 0.9.3 to 0.12.0, a server implemented
in Go using TJSONProtocol or TSimpleJSONProtocol may panic when feed with
invalid input data.

Also update the hash file to the new two-spaces convention

Signed-off-by: Titouan Christophe <titouan.christophe@railnova.eu>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/thrift/0001-Force-to-keep-TPipedTransport-peek-to-avoid-linker-e.patch

@@ -1,31 +0,0 @@
-From f87ae3963e651fe9f4b3125192c77aae86c007e0 Mon Sep 17 00:00:00 2001
-From: Patrick Havelange <patrick.havelange@essensium.com>
-Date: Mon, 21 Jan 2019 09:49:23 +0100
-Subject: [PATCH] Force to keep TPipedTransport::peek() to avoid linker error.
-
-Otherwise got the "defined in discarded section" linker error
-with x86-64-musl toolchain. This is probably a toolchain issue - the
-compiler shouldn't remove that function.
-
-Signed-off-by: Patrick Havelange <patrick.havelange@essensium.com>
-Upstream-status: Not Applicable
----
- lib/cpp/src/thrift/transport/TTransportUtils.h | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/lib/cpp/src/thrift/transport/TTransportUtils.h b/lib/cpp/src/thrift/transport/TTransportUtils.h
-index f3b4c5a..7589182 100644
---- a/lib/cpp/src/thrift/transport/TTransportUtils.h
-+++ b/lib/cpp/src/thrift/transport/TTransportUtils.h
-@@ -114,7 +114,7 @@ public:
- 
-   bool isOpen() { return srcTrans_->isOpen(); }
- 
--  bool peek() {
-+  bool __attribute__ ((used)) peek() {
-     if (rPos_ >= rLen_) {
-       // Double the size of the underlying buffer if it is full
-       if (rLen_ == rBufSize_) {
--- 
-2.17.1
-

package/thrift/thrift.hash

@@ -1,4 +1,4 @@
-# From https://www.apache.org/dist/thrift/0.12.0/thrift-0.12.0.tar.gz.sha256
-sha256  c336099532b765a6815173f62df0ed897528a9d551837d627c1f87fadad90428	thrift-0.12.0.tar.gz
+# From https://www.apache.org/dist/thrift/0.13.0/thrift-0.13.0.tar.gz.sha256
+sha256  7ad348b88033af46ce49148097afe354d513c1fca7c607b59c33ebb6064b5179  thrift-0.13.0.tar.gz
 # License files, locally calculated
-sha256  23df881cec3192d1f4474633c14eb2ec30a45b84f8daeb82b9de5d2bd3ac8218        LICENSE
+sha256  23df881cec3192d1f4474633c14eb2ec30a45b84f8daeb82b9de5d2bd3ac8218  LICENSE

package/thrift/thrift.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-THRIFT_VERSION = 0.12.0
+THRIFT_VERSION = 0.13.0
 THRIFT_SITE = http://www.us.apache.org/dist/thrift/$(THRIFT_VERSION)
 THRIFT_LICENSE = Apache-2.0
 THRIFT_LICENSE_FILES = LICENSE