This update for libzypp, zypper provides the following fixes: Update libzypp to version 16.17.20 Security issues fixed: - PackageProvider: Validate delta rpms before caching - PackageProvider: Validate downloaded rpm package signatures before caching Other bugs fixed: - lsof: use "-K i" if lsof supports it - Handle http error 502 Bad Gateway in curl backend - RepoManager: Explicitly request repo2solv to generate application pseudo packages. - libzypp-devel should not require cmake - HardLocksFile: Prevent against empty commit without Target having been been loaded - Avoid zombie tar processes Update to zypper to version 1.13.45 Security issue fixed: - Improve signature check callback messages - add/modify repo: Add options to tune the GPG check settings Other bugs fixed: - XML lt;install-summarygt; attribute `packages-to-change` added - man: Strengthen that `--config FILE" affects zypper.conf, not zypp.conf - Prevent nested calls to exit if aborted by a signal - ansi.h: Prevent ESC sequence strings from going out of scope - Fix: zypper bash completion expands non-existing options - do not recommend cron - Improve signature check callback messages - add/modify repo: Add options to tune the GPG check settings