This update for libzypp, zypper, libsolv provides the following fixes: Security fixes in libzypp: - CVE-2018-7685: PackageProvider: Validate RPMs before caching - CVE-2017-9269: Be sure bad packages do not stay in the cache Changes in libzypp: - Update to version 17.6.4 - Automatically fetch repository signing key from gpgkey url - lsof: use "-K i" if lsof supports it - Check for not imported keys after multi key import from rpmdb - Flags: make it std=c++14 ready - Ignore /var, /tmp and /proc in zypper ps. - Show GPGME version in log - Adapt to changes in libgpgme11-11.1.0 breaking the signature verification - RepoInfo::provideKey: add report telling where we look for missing keys. - Support listing gpgkey URLs in repo files - Add new report to request user approval for importing a package key - Handle http error 502 Bad Gateway in curl backend - Add filesize check for downloads with known size - Removed superfluous space in translation - Prevent the system from sleeping during a commit - RepoManager: Explicitly request repo2solv to generate application pseudo packages. - libzypp-devel should not require cmake - Avoid zombies from ExternalProgram - Update ApiConfig - HardLocksFile: Prevent against empty commit without Target having been been loaded - lsof: use "-K i" if lsof supports it - Add filesize check for downloads with known size - Fix detection of metalink downloads and prevent aborting if a metalink file is larger than the expected data file. - Require libsolv-devel greater than = 0.6.35 during build - Make use of %license macro Security fix in zypper: - CVE-2017-9269: Improve signature check callback messages Changes in zypper: - Always set error status if any nr of unknown repositories are passed to lr and ref - Notify user about unsupported rpm V3 keys in an old rpm database - Detect read only filesystem on system modifying operations - Use %license - Handle repo aliases containing multiple ":" in the PackageArgs parser - Fix broken display of detailed query results. - Fix broken search for items with a dash. - Disable repository operations when searching installed packages. - Prevent nested calls to exit if aborted by a signal. - ansi.h: Prevent ESC sequence strings from going out of scope. - Fix some translation errors. - Support listing gpgkey URLs in repo files - Check for root privileges in zypper verify and si - XML less than install-summary greater than attribute `packages-to-change` added - Add expert options to all installer commands - Sort search results by multiple columns - man: Strengthen that `--config FILE" affects zypper.conf, not zypp.conf - Set error status if repositories passed to lr and ref are not known - Do not override table style in search - Fix out of bound read in MbsIterator - Add --supplements switch to search and info - Add setter functions for zypp cache related config values to ZConfig Changes in libsolv: - convert repo2solv.sh script into a binary tool - Make use of %license macro