new file mode 100644
@@ -0,0 +1,34 @@
+From 59fcd85066bea536f259b6396a7a0a939a4fb369 Mon Sep 17 00:00:00 2001
+From: itchyny <itchyny@cybozu.co.jp>
+Date: Mon, 8 Jun 2026 22:14:48 +0900
+Subject: [PATCH] Fix heap-buffer-overflow in raw file loading
+
+When `jv_string_append_buf` overflows the string length limit,
+it returns an invalid `jv`; `jv_load_file` then re-entered it
+on the invalid value and overran the heap. Break out of the loop
+once the value is invalid.
+
+Fixes CVE-2026-49839.
+
+Signed-off-by: Anton Skorup <antonsk@axis.com>
+Upstream-Status: Backport [https://github.com/jqlang/jq/commit/e987df0d463d85fd70825e042a082427e8275b86]
+---
+ src/jv_file.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/src/jv_file.c b/src/jv_file.c
+index b10bcc0..40137c3 100644
+--- a/src/jv_file.c
++++ b/src/jv_file.c
+@@ -57,6 +57,8 @@ jv jv_load_file(const char* filename, int raw) {
+
+ if (raw) {
+ data = jv_string_append_buf(data, buf, n);
++ if (!jv_is_valid(data))
++ break;
+ } else {
+ jv_parser_set_buf(parser, buf, n, !feof(file));
+ jv value;
+--
+2.43.0
+
@@ -18,6 +18,7 @@ SRC_URI = "git://github.com/jqlang/jq.git;protocol=https;branch=master;tag=jq-${
file://CVE-2026-33948.patch \
file://CVE-2026-39979.patch \
file://CVE-2026-47770.patch \
+ file://CVE-2026-49839.patch \
"
inherit autotools ptest