GNU tar 1.35 changed the behaviour for the devmajor/devminor fields, breaking the download hash validation. For details, see: https://lists.gnu.org/archive/html/info-gnu/2023-07/msg00005.html https://patchwork.ozlabs.org/project/buildroot/patch/20231018141155.533944-1-vfazio@gmail.com/ To work around this issue, blacklist tar 1.35+ similar to how we do it for pre-1.27 versions so Buildroot falls back to building host-tar (which is currently 1.34). Signed-off-by: Peter Korsgaard <peter@korsgaard.com>