Pkgs

toolchain

No description available.

Install package

min add toolchain

Other

Updated 4 months ago

Spec hash: b5f676bc…9dc1
Built from: Source
Source archive: None
Source archive SHA256: —
Dependencies: 0 build · 4 runtime

Quick links

[ Docs ] [ Changelog ] [ Repo ] [ Security ] [ SBOM ]

What is toolchain?

No description available.

How to use this package

Quick install

Installs the package into the current environment for this session. Use --build or --runtime to persist it as a build-time or runtime dependency.

min add toolchain

Declare as a task dependency in minimal.toml

Listing the package under tasks.<name>.packages makes it available inside that task’s sandbox.

[tasks.dev]
packages = ["toolchain"]

Build-time vs runtime

Choose build-time for tools needed during compilation, runtime for dynamic libraries loaded at runtime.

min add --build toolchain
min add --runtime toolchain

Dependencies (4)

Dependencies
Name	Version	Kind
binutils	2.46.1	runtime
gcc CVE:1	15.2.0	runtime
glibc CVE:3	2.42	runtime
linux_headers	6.12.43	runtime

Dependants (271)

Dependants
Name	Version
abseil-cpp	20250814.1
age	1.3.1
agent-browser	0.15.1
alex	3.5.1.0
alsa-lib	1.2.15.3
ast-grep	0.42.1
at-spi2-core	2.54.2
atk	2.38.0
atuin	18.12.1
autoconf	2.73
automake	1.18.1
bat	0.26.1
bc	7.0.3
biff	0.1.1
binutils-arm-none-eabi	2.43.1
bison	3.8.2
boost CVE:2	1.91.0-1
bottom	0.12.3
broot	1.56.2
btop	1.4.7
bun	1.3.14
bzip2	1.0.8
bzip3	1.5.3
c-ares	1.34.6
caddy	2.11.4
cairo	1.18.4
check	0.15.2
clipper2	2.0.1
cloud-hypervisor	52.0
cloud-sql-proxy	2.22.0
cmake	4.2.3
cmatrix	2.0
codex	0.130.0
cosign	3.0.6
crane	0.21.5
cups	2.4.19
curl	8.20.0
cython	3.2.1
dav1d	1.5.3
dbus	1.16.2
dejagnu	1.6.3
delta	0.18.2
dfu-util	0.11
diffoscope	306
difftastic	0.67.0
dnsutils	9.20.20
duf	0.9.1
dust	1.2.4
e2fsprogs	1.47.4
elfutils	0.194
emacs CVE:1	30.2
emacs-config-dev1	2.8
eudev	3.2.14
expat	2.7.5
expect	5.45.4
eza	0.23.4
fd	10.4.2
ffmpeg	8.1.1
file	5.47
fio	3.42
fish	4.5.0
flex CVE:1	2.6.4
fontconfig	2.17.1
foundationdb	7.3.69
freetype	2.14.1
fribidi	1.0.16
fzf	0.72.0
gawk	5.4.0
gawk-bootstrap	5.3.2
gcc-arm-none-eabi	14.2.0
gdbm	1.26
gettext	1.0
gh	2.93.0
ghc	9.10.3
ghc-bootstrap	9.8.1
ghostscript	10.06.0
git	2.54.0
glib	2.86.4
glow	2.1.2
gnutls CVE:1	3.8.9
go	1.26.4
golangci-lint	2.12.2
gopls	0.21.1
govulncheck	1.1.4
gperf	3.1
graphviz	14.1.1
groff	1.23.0
grype	0.108.0
gtest	1.17.0
gurk	0.8.1
gws	0.11.0
gzip	1.14
happy	1.20.1.1
harfbuzz	14.2.0
helix	25.07.1
hex-patch	1.12.5
hexhog	0.1.3
htop CVE:3	3.5.1
hwdata	0.406
icu	78.3
imgcatr	0.1.4
inetutils CVE:4	2.6
iproute2	6.18.0
jansson	2.14
jaq	2.3.0
jnv	0.6.1
jq CVE:19	1.8.1
jsongrep	0.7.0
k9s	0.50.18
kittyview	0.1.4
lcms2	2.17
lean	4.28.0
less	692
libaom	3.13.1
libass	0.17.4
libcap	2.78
libcap-ng	0.9.3
libdrm	2.4.131
libevent	2.1.12-stable
libfdk-aac	2.0.3
libffi	3.5.2
libfuse	3.18.2
libgd	2.3.3
libglvnd	1.7.0
libidn2	2.3.8
libjpeg-turbo	3.1.4.1
libopus	1.6.1
libpipeline	1.5.8
libpng CVE:1	1.6.58
libpsl	0.21.5
libseccomp	2.6.0
libsodium	1.0.21
libssh2 CVE:6	1.11.1
libsvtav1	4.0.1
libtasn1	4.21.0
libtool	2.5.4
libunistring	1.4.1
liburcu	0.15.5
libusb	1.0.29
libuv	1.52.1
libvips	8.18.3
libvmaf	3.0.0
libvpx	1.16.0
libwebp	1.6.0
libx11	1.8.12
libx264	0.165.3222
libx265	4.1
libxau	1.0.12
libxcb	1.17.0
libxcomposite	0.4.6
libxcrypt	4.5.2
libxdamage	1.1.6
libxdmcp	1.1.5
libxext	1.3.6
libxfixes	6.0.1
libxkbcommon	1.13.1
libxml2	2.15.3
libxrandr	1.5.4
libxrender	0.9.12
libxshmfence	1.3.3
libxslt	1.1.45
libyaml	0.2.5
lief	0.17.6
llama.cpp CVE:1	b8941
llvm	21.1.8
llvm-bootstrap	21.1.8
lsd	1.2.0
lz4	1.10.0
m4	1.4.21
man-db	2.13.1
manifold	3.4.0
mesa	25.3.5
meson	1.10.1
minimal-sshd	—
mono	6.12.0.206
mtools	4.0.49
nano CVE:1	8.7
nasm	3.01
nats-cli	0.3.2
ncurses	6.5-20250830
nettle	3.10.1
next	16.2.6
nghttp2	1.68.1
nghttp3	1.15.0
ngspice	46
ngtcp2	1.22.1
nickel	1.16.0
nickel-lsp	1.16.0
ninja	1.13.2
node	25.8.2
node-lts	24.14.1
nspr	4.38.2
nss	3.121
nushell	0.110.0
onetbb	2022.3.0
oniguruma	6.9.10
openblas	0.3.31
opencv CVE:1	4.13.0
openjpeg CVE:1	2.5.4
openssh	10.3p1
openssl CVE:1	3.6.2
or-tools	9.15
otel-collector	0.150.1
pango	1.56.4
pasta	2026_01_20.386b5f5
patch	2.8
patchelf	—
pciutils	3.14.0
picocom	3.1
pixman	0.46.4
pkgconf	2.5.1
postgres	18.0
prek	0.3.10
probe-rs	0.31.0
procps-ng	4.0.5
procs	0.14.10
protobuf	34.1
pulumi	3.239.0
python CVE:6	3.14.5
railway	4.30.2
readline	8.3
ripgrep	15.1.0
ruby	4.0.5
rust	1.95.0
rust-arm-embedded	1.95.0
screen	5.0.1
scrt	0.3.3
sd	1.1.0
setuptools	82.0.1
shadow	4.18.0
skopeo	1.22.0
socat	1.8.1.1
spire	1.14.4
sqlite	3.50.4
sshfs	3.7.6
starship	1.25.1
stlink	1.8.0
stm32flash	0.7
strace	6.17
syft	1.42.4
tailscale	1.94.1
tar	1.35
tcl	8.6.16
teamtype	0.9.1
terraform	1.14.5
time	1.9
tmux	3.6a
tree-sitter	0.24.7
trivy	0.70.0
typst	0.14.2
unzip	6.0
ut	0.6.0
util-linux	2.42.1
uv	0.11.19
vim	9.2.0597
virtio-linux	6.12.43
weathr	1.3.0
wget	1.25.0
xcb-proto	1.17.0
xorgproto	2025.1
xtrans	1.6.0
xz	5.8.3
yazi	26.1.22
yq	4.52.5
z3	4.16.0
zellij	0.43.1
zig	0.16.0
zizmor	1.24.1
zlib	1.3.2
zoxide	0.9.9
zsh	5.9

No direct advisories

This package inherits 4 transitive advisories from its dependencies.

Include transitive

Showing 4 transitive advisories via toolchain's dependencies

Security advisories for this package
	Status	IDs	Package	Version	Severity	Published
Critical ( 0 )
High ( 3 )
	Affected: 2.42	CVE-2025-15281	glibc	`2.42`	High: 7.5	5 months ago
Summary No summary published for this advisory. Via: glibc Affected ranges `2.42` CVSS vector: `CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H` References Advisory: http://www.openwall.com/lists/oss-security/2026/01/20/3 Fix: https://sourceware.org/bugzilla/show_bug.cgi?id=33814
	Affected: 2.42	CVE-2026-0915	glibc	`2.42`	High: 7.5	5 months ago
Summary No summary published for this advisory. Via: glibc Affected ranges `2.42` CVSS vector: `CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N` References Report: https://sourceware.org/bugzilla/show_bug.cgi?id=33802 ARTICLE: http://www.openwall.com/lists/oss-security/2026/01/16/6
	Affected: 2.42	CVE-2026-0861	glibc	`2.42`	High: 8.4	5 months ago
Summary No summary published for this advisory. Via: glibc Affected ranges `2.42` CVSS vector: `CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H` References Fix: https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001 , http://www.openwall.com/lists/oss-security/2026/01/16/5 Evidence: https://sourceware.org/bugzilla/show_bug.cgi?id=33796
Medium ( 1 )
	Affected: 15.2.0	CVE-2023-4039	gcc	`15.2.0`	Medium: 4.8	3 years ago
Summary DISPUTEDA failure in the -fstack-protector feature in GCC-based toolchains that target AArch64 allows an attacker to exploit an existing buffer overflow in dynamically-sized local variables in your application without this being detected. This stack-protector failure only applies to C99-style dynamically-sized local variables or those created using alloca(). The stack-protector operates as intended for statically-sized local variables. The default behavior when the stack-protector detects an overflow is to terminate your application, resulting in controlled loss of availability. An attacker who can exploit a buffer overflow without triggering the stack-protector might be able to change program flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC project argues that this is a missed hardening bug and not a vulnerability by itself. Via: gcc Affected ranges `15.2.0` CVSS vector: `CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N`
Low ( 0 )
Unknown ( 0 )

43 components

Software Bill of Materials — every package this build depends on
Packages	Version	Repository	Licence
acl ROOT	2.3.2	https://storage.googleapis.com/minimal-staging-archives/acl-2.3.2.tar.xz MIRROR	(GPL-2.0-only AND LGPL-2.1-only)
attr ROOT	2.5.2	https://storage.googleapis.com/minimal-staging-archives/attr-2.5.2.tar.gz MIRROR	(GPL-2.0-only AND LGPL-2.1-only)
bash	5.3	www.gnu.org/software/bash	GPL-3.0-only
bash-bootstrap	5.3	https://storage.googleapis.com/minimal-staging-archives/bash-5.3.tar.gz MIRROR	GPL-3.0-only
binutils	2.46.1	www.gnu.org/software/binutils	(GPL-2.0-only AND GPL-3.0-only AND LGPL-2.0-only)
bison	3.8.2	www.gnu.org/software/bison	GPL-3.0-only
bzip2	1.0.8	github.com/libarchive/bzip2	bzip2-1.0.6
coreutils	9.11	www.gnu.org/software/coreutils	GPL-3.0-only
diffutils	3.12	www.gnu.org/software/diffutils	GPL-3.0-only
expat	2.7.5	github.com/libexpat/libexpat	MIT
file ROOT	5.47	https://storage.googleapis.com/minimal-staging-archives/file-5.47.tar.gz MIRROR	BSD-2-Clause-Darwin
findutils	4.10.0	https://storage.googleapis.com/minimal-staging-archives/findutils-4.10.0.tar.xz MIRROR	GPL-3.0-only
flex	2.6.4	github.com/westes/flex	BSD-3-Clause-flex
gawk	5.4.0	www.gnu.org/software/gawk	GPL-3.0-only
gawk-bootstrap	5.3.2	https://storage.googleapis.com/minimal-staging-archives/gawk-5.3.2.tar.xz MIRROR	GPL-3.0-only
gcc	15.2.0	www.gnu.org/software/gcc	(GPL-2.0-only AND GPL-3.0-only AND LGPL-2.1-only)
gdbm	1.26	www.gnu.org/software/gdbm	GPL-3.0-only
glibc	2.42	www.gnu.org/software/glibc	(GPL-2.0-only AND LGPL-2.1-only)
gmp	6.3.0	www.gnu.org/software/gmp	LGPL-3.0-or-later OR GPL-2.0-or-later
grep	3.12	www.gnu.org/software/grep	GPL-3.0-only
gzip	1.14	www.gnu.org/software/gzip	GPL-3.0-only
libcap ROOT	2.78	https://storage.googleapis.com/minimal-staging-archives/libcap-2.78.tar.xz MIRROR	BSD-3-Clause OR GPL-2.0-only
libffi	3.5.2	github.com/libffi/libffi	MIT
linux_headers	6.12.43	github.com/torvalds/linux	GPL-2.0-only WITH Linux-syscall-note
lz4	1.10.0	github.com/lz4/lz4	BSD-2-Clause AND GPL-2.0-or-later
m4	1.4.21	www.gnu.org/software/m4	GPL-3.0-only
make	4.4.1	www.gnu.org/software/make	GPL-3.0-only
mpc	1.4.0	www.gnu.org/software/mpc	LGPL-3.0-or-later
mpfr	4.2.2	www.gnu.org/software/mpfr	GPL-3.0-only
ncurses	6.5-20250830	www.gnu.org/software/ncurses	X11-distribute-modifications-variant
openssl	3.6.2	github.com/openssl/openssl	Apache-2.0
pcre2	10.47	github.com/PCRE2Project/pcre2	BSD-3-Clause WITH PCRE2-exception
perl	5.42.0	github.com/Perl/perl5	Artistic-1.0-Perl OR GPL-1.0-or-later
pkgconf	2.5.1	github.com/pkgconf/pkgconf	pkgconf
python	3.14.5	github.com/python/cpython	Python-2.0.1
readline	8.3	www.gnu.org/software/readline	GPL-3.0-only
sed	4.9	www.gnu.org/software/sed	GPL-3.0-only
sqlite	3.50.4	github.com/sqlite/sqlite	blessing
tar	1.35	www.gnu.org/software/tar	GPL-3.0-only
util-linux	2.42.1	github.com/util-linux/util-linux	GPL-2.0-or-later AND LGPL-2.1-or-later AND BSD-3-Clause
xz	5.8.3	github.com/tukaani-project/xz	(0BSD AND GPL-2.0-only AND GPL-3.0-only AND LGPL-2.1-only)
zlib	1.3.2	github.com/madler/zlib	Zlib
zstd	1.5.7	github.com/facebook/zstd	BSD-3-Clause OR GPL-2.0-only

View packages at a commit

toolchain

Install package

Quick links

What is toolchain?

How to use this package

Quick install

Declare as a task dependency in minimal.toml

Build-time vs runtime

Dependencies (4)

Dependants (271)

Summary

Affected ranges

References

Summary

Affected ranges

References

Summary

Affected ranges

References

Summary

Affected ranges

43 components

Join the waitlist

Check your email