jq: add upstream patch to fix CVE-2016-4074

srcpkgs/jq/patches/CVE-2016-4074.patch

@@ -0,0 +1,35 @@
+From 904ee3bf26f863b7b31c4085f511e54c0307e537 Mon Sep 17 00:00:00 2001
+From: W-Mark Kubacki <wmark@hurrikane.de>
+Date: Fri, 19 Aug 2016 19:50:39 +0200
+Subject: [PATCH] Skip printing what's below a MAX_PRINT_DEPTH
+
+This addresses #1136, and mitigates a stack exhaustion when printing
+a very deeply nested term.
+---
+ jv_print.c | 8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+
+--- jv_print.c
++++ jv_print.c
+@@ -13,6 +13,10 @@
+ #include "jv_dtoa.h"
+ #include "jv_unicode.h"
+ 
++#ifndef MAX_PRINT_DEPTH
++#define MAX_PRINT_DEPTH (256)
++#endif
++
+ #define ESC "\033"
+ #define COL(c) (ESC "[" c "m")
+ #define COLRESET (ESC "[0m")
+@@ -150,7 +154,9 @@ static void jv_dump_term(struct dtoa_context* C, jv x, int flags, int indent, FI
+       }
+     }
+   }
+-  switch (jv_get_kind(x)) {
++  if (indent > MAX_PRINT_DEPTH) {
++    put_str("<skipped: too deep>", F, S, flags & JV_PRINT_ISATTY);
++  } else switch (jv_get_kind(x)) {
+   default:
+   case JV_KIND_INVALID:
+     if (flags & JV_PRINT_INVALID) {

srcpkgs/jq/template

@@ -1,12 +1,12 @@
 # Template file for 'jq'
 pkgname=jq
 version=1.5
-revision=6
+revision=7
 build_style=gnu-configure
 makedepends="oniguruma-devel"
 checkdepends="valgrind"
 short_desc="Command-line JSON processor"
-maintainer="Christian Neukirchen <chneukirchen@gmail.com>"
+maintainer="Leah Neukirchen <leah@vuxu.org>"
 license="MIT"
 homepage="http://stedolan.github.io/jq/"
 distfiles="https://github.com/stedolan/jq/releases/download/jq-${version}/jq-${version}.tar.gz"