[ANNOUNCEMENT] Yocto Project 4.0.7 is Released

Lee Chee Yang


We are pleased to announce the Yocto Project 4.0.7 Release is now available for download.





A gpg signed version of these release notes is available at:




Full Test Report:




Thank you for everyone's contributions to this release.


Chee Yang


Yocto Project Build and Release


- --------------------------

yocto-4.0.7 Release Notes

- --------------------------



- --------------------------


- --------------------------


Repository Name: poky

Repository Location: https://git.yoctoproject.org/poky

Branch: kirkstone

Tag: yocto-4.0.7

Git Revision: 65dafea22018052fe7b2e17e6e4d7eb754224d38

Release Artefact: poky-65dafea22018052fe7b2e17e6e4d7eb754224d38

sha: 6b1b67600b84503e2d5d29bcd6038547339f4f9413b830cd2408df825eda642d

Download Locations:




Repository Name: openembedded-core

Repository Location: https://git.openembedded.org/openembedded-core

Branch: kirkstone

Tag: yocto-4.0.7

Git Revision: a8c82902384f7430519a31732a4bb631f21693ac

Release Artefact: oecore-a8c82902384f7430519a31732a4bb631f21693ac

sha: 6f2dbc4ea1e388620ef77ac3a7bbb2b5956bb8bf9349b0c16cd7610e9996f5ea

Download Locations:




Repository Name: meta-mingw

Repository Location: https://git.yoctoproject.org/meta-mingw

Branch: kirkstone

Tag: yocto-4.0.7

Git Revision: a90614a6498c3345704e9611f2842eb933dc51c1

Release Artefact: meta-mingw-a90614a6498c3345704e9611f2842eb933dc51c1

sha: 49f9900bfbbc1c68136f8115b314e95d0b7f6be75edf36a75d9bcd1cca7c6302

Download Locations:




Repository Name: meta-gplv2

Repository Location: https://git.yoctoproject.org/meta-gplv2

Branch: kirkstone

Tag: yocto-4.0.7

Git Revision: d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a

Release Artefact: meta-gplv2-d2f8b5cdb285b72a4ed93450f6703ca27aa42e8a

sha: c386f59f8a672747dc3d0be1d4234b6039273d0e57933eb87caa20f56b9cca6d

Download Locations:




Repository Name: bitbake

Repository Location: https://git.openembedded.org/bitbake

Branch: 2.0

Tag: yocto-4.0.7

Git Revision: 7e268c107bb0240d583d2c34e24a71e373382509

Release Artefact: bitbake-7e268c107bb0240d583d2c34e24a71e373382509

sha: c3e2899012358c95962c7a5c85cf98dc30c58eae0861c374124e96d9556bb901

Download Locations:




Repository Name: yocto-docs

Repository Location: https://git.yoctoproject.org/yocto-docs

Branch: kirkstone

Tag: yocto-4.0.7

Git Revision: 5883e897c34f25401b358a597fb6e18d80f7f90b



- ---------------


- ---------------

Alejandro Hernandez Samaniego

Alex Kiernan

Alex Stewart

Alexander Kanavin

Antonin Godard

Benoît Mauduit

Bhabu Bindu

Bruce Ashfield

Carlos Alberto Lopez Perez

Changqing Li

Chen Qi

Daniel Gomez

Florin Diaconescu

He Zhe

Hitendra Prajapati

Jagadeesh Krishnanjanappa

Jan Kircher

Jermain Horsman

Jose Quaresma

Joshua Watt


Kai Kang

Khem Raj


Marta Rybczynska

Martin Jansa

Mathieu Dubois-Briand

Michael Opdenacker

Narpat Mali

Ovidiu Panait

Pavel Zhukov

Peter Marko

Petr Kubizňák

Quentin Schulz

Randy MacLeod

Ranjitsinh Rathod

Richard Purdie

Robert Andersson

Ross Burton

Sandeep Gundlupet Raju

Saul Wold

Steve Sakoman

Vivek Kumbhar

Wang Mingyu

Xiangyu Chen

Yash Shinde

Yogita Urade



- ---------------

Known Issues

- ---------------




- ---------------

Security Fixes

- ---------------

binutils: Fix CVE-2022-4285

curl: Fix CVE-2022-43551 CVE-2022-43552

ffmpeg: Fix CVE-2022-3109 CVE-2022-3341

go: Fix CVE-2022-41715 CVE-2022-41717

libX11: Fix CVE-2022-3554 CVE-2022-3555

libarchive: Fix CVE-2022-36227

libksba: Fix CVE-2022-47629

libpng: Fix CVE-2019-6129

libxml2: Fix CVE-2022-40303 CVE-2022-40304

openssl: Fix CVE-2022-3996

python3-git: Fix CVE-2022-24439

python3-setuptools: Fix CVE-2022-40897

python3-wheel: Fix CVE-2022-40898

qemu: Fix CVE-2022-4144

sqlite: Fix CVE-2022-46908

systemd: Fix CVE-2022-45873

vim: Fix CVE-2023-0049 CVE-2023-0051 CVE-2023-0054 CVE-2023-0088

webkitgtk: Fix CVE-2022-32886 CVE-2022-32891 CVE-2022-32912



- ---------------


- ---------------

Revert "gstreamer1.0: disable flaky gstbin:test_watch_for_state_change test"

at: Change when files are copied

baremetal-image: Avoid overriding qemu variables from IMAGE_CLASSES

base.bbclass: Fix way to check ccache path

bc: extend to nativesdk

bind: upgrade to 9.18.10

busybox: always start do_compile with orig config files

busybox: rm temporary files if do_compile was interrupted

cairo: fix CVE patches assigned wrong CVE number

cairo: update patch for CVE-2019-6461 with upstream solution

classes/create-spdx: Add SPDX_PRETTY option

classes: image: Set empty weak default IMAGE_LINGUAS

combo-layer: add sync-revs command

combo-layer: dont use bb.utils.rename

combo-layer: remove unused import

curl: Correct LICENSE from MIT-open-group to curl

cve-check: write the cve manifest to IMGDEPLOYDIR

cve-update-db-native: avoid incomplete updates

cve-update-db-native: show IP on failure

dbus: Add missing CVE product name

devtool/upgrade: correctly handle recipes where S is a subdir of upstream tree

devtool: process local files only for the main branch

dhcpcd: backport two patches to fix runtime error

docs: kernel-dev: faq: update tip on how to not include kernel in image

docs: migration-4.0: specify variable name change for kernel inclusion in image recipe

efibootmgr: update compilation with musl

externalsrc: fix lookup for .gitmodules

ffmpeg: refresh patches to apply cleanly

freetype:update mirror site.

gcc: Refactor linker patches and fix linker on arm with usrmerge

glibc: stable 2.35 branch updates.

go-crosssdk: avoid host contamination by GOCACHE

gstreamer1.0: Fix race conditions in gstbin tests

gstreamer1.0: upgrade to 1.20.5

gtk-icon-cache: Fix GTKIC_CMD if-else condition

harfbuzz: remove bindir only if it exists

kernel-fitimage: Adjust order of dtb/dtbo files

kernel-fitimage: Allow user to select dtb when multiple dtb exists

kernel.bbclass: remove empty module directories to prevent QA issues

lib/buildstats: fix parsing of trees with reduced_proc_pressure directories

lib/oe/reproducible: Use git log without gpg signature

libarchive: upgrade to 3.6.2

libepoxy: remove upstreamed patch

libksba: upgrade to 1.6.3

libnewt: upgrade to 0.52.23

libpng: upgrade to 1.6.39

libseccomp: fix typo in DESCRIPTION

libxcrypt-compat: upgrade to 4.4.33

libxml2: fix test data checksums

linux-firmware: upgrade to 20221214

linux-yocto/5.10: update to v5.10.160

linux-yocto/5.15: fix perf build with clang

linux-yocto/5.15: libbpf: Fix build warning on ref_ctr_off

linux-yocto/5.15: ltp and squashfs fixes

linux-yocto/5.15: powerpc: Fix reschedule bug in KUAP-unlocked user copy

linux-yocto/5.15: update to v5.15.84

lsof: add update-alternatives logic

lttng-modules: upgrade to 2.13.8

manuals: add 4.0.5 and 4.0.6 release notes

manuals: document SPDX_PRETTY variable

mpfr: upgrade to 4.1.1

oeqa/concurrencytest: Add number of failures to summary output

oeqa/rpm.py: Increase timeout and add debug output

oeqa/selftest/externalsrc: add test for srctree_hash_files

openssh: remove RRECOMMENDS to rng-tools for sshd package

poky.conf: bump version for 4.0.7

python3: upgrade to 3.10.9

qemuboot.bbclass: make sure runqemu boots bundled initramfs kernel image

rm_work.bbclass: use HOSTTOOLS 'rm' binary exclusively

rm_work: adjust dependency to make do_rm_work_all depend on do_rm_work

ruby: merge .inc into .bb

ruby: upgrade to 3.1.3

selftest/virgl: use pkg-config from the host

systemd: backport another change from v252 to fix build with CVE-2022-45873.patch

tiff: Add packageconfig knob for webp

toolchain-scripts: compatibility with unbound variable protection

tzdata: upgrade to 2022g

valgrind: skip the boost_thread test on arm

vim: upgrade to 9.0.1211

webkitgtk: upgrade to 2.36.8

xserver-xorg: upgrade to 21.1.6

xwayland: libxshmfence is needed when dri3 is enabled

xwayland: upgrade to 22.1.7

yocto-check-layer: Allow OE-Core to be tested