diff --git a/.files b/.files
index cacf205..bcd4c72 100644
Binary files a/.files and b/.files differ
diff --git a/.rev b/.rev
index 0102010..db7639d 100644
--- a/.rev
+++ b/.rev
@@ -739,4 +739,12 @@ numbers for further reference.
update to version 2.9.9 with fix for a regression introduced in 2.9.8
804063
+
+ 60923666cd094a86345d68dbd4bde299
+ 2.9.9
+
+ maxlin_factory
+
+ 809115
+
diff --git a/CVE-2020-1733_avoid_mkdir_p.patch b/CVE-2020-1733_avoid_mkdir_p.patch
new file mode 100644
index 0000000..3bd138d
--- /dev/null
+++ b/CVE-2020-1733_avoid_mkdir_p.patch
@@ -0,0 +1,54 @@
+From 0a85e91329d4c048e7e4b2cd478f2c17a3dac988 Mon Sep 17 00:00:00 2001
+From: Brian Coca
+Date: Mon, 13 Apr 2020 17:16:29 -0400
+Subject: [PATCH 1/4] avoid mkdir -p (#68921)
+
+* also consolidated temp dir name generation, added pid for more 'uniqness'
+* generalize error message
+* added notes about remote expansion
+
+CVE-2020-1733
+fixes #67791
+
+(cherry picked from commit 8077d8e40148fe77e2393caa5f2b2ea855149d63)
+---
+ changelogs/fragments/remote_mkdir_fix.yml | 2 ++
+ lib/ansible/plugins/action/__init__.py | 11 ++++++++---
+ lib/ansible/plugins/shell/__init__.py | 14 ++++++++++----
+ lib/ansible/plugins/shell/powershell.py | 2 ++
+ 4 files changed, 22 insertions(+), 7 deletions(-)
+ create mode 100644 changelogs/fragments/remote_mkdir_fix.yml
+
+--- /dev/null
++++ b/changelogs/fragments/remote_mkdir_fix.yml
+@@ -0,0 +1,2 @@
++bugfixes:
++ - Ensure we get an error when creating a remote tmp if it already exists. CVE-2020-1733
+--- a/lib/ansible/plugins/action/__init__.py
++++ b/lib/ansible/plugins/action/__init__.py
+@@ -340,7 +340,11 @@ class ActionBase(with_metaclass(ABCMeta,
+ else:
+ # NOTE: shell plugins should populate this setting anyways, but they dont do remote expansion, which
+ # we need for 'non posix' systems like cloud-init and solaris
+- tmpdir = self._remote_expand_user(self.get_shell_option('remote_tmp', default='~/.ansible/tmp'), sudoable=False)
++ try:
++ tmpdir = self._connection._shell.get_option('remote_tmp')
++ except AnsibleError:
++ tmpdir = '~/.ansible/tmp'
++ tmpdir = self._remote_expand_user(tmpdir, sudoable=False)
+
+ become_unprivileged = self._is_become_unprivileged()
+ basefile = self._connection._shell._generate_temp_dir_name()
+--- a/lib/ansible/plugins/shell/__init__.py
++++ b/lib/ansible/plugins/shell/__init__.py
+@@ -79,6 +79,10 @@ class ShellBase(AnsiblePlugin):
+ def _generate_temp_dir_name():
+ return 'ansible-tmp-%s-%s-%s' % (time.time(), os.getpid(), random.randint(0, 2**48))
+
++ @staticmethod
++ def _generate_temp_dir_name():
++ return 'ansible-tmp-%s-%s-%s' % (time.time(), os.getpid(), random.randint(0, 2**48))
++
+ def env_prefix(self, **kwargs):
+ return ' '.join(['%s=%s' % (k, shlex_quote(text_type(v))) for k, v in kwargs.items()])
+
diff --git a/ansible-rpmlintrc b/ansible-rpmlintrc
index 98d130b..9e274d2 100644
--- a/ansible-rpmlintrc
+++ b/ansible-rpmlintrc
@@ -4,7 +4,7 @@ addFilter("non-executable-script.*/usr/lib/python.*/site-packages/ansible/module
addFilter("non-executable-script.*/usr/lib/python.*/site-packages/ansible/(cli|galaxy|module_utils|plugins/action|runner|utils)/.*.py");
# no really a lib - ignore rpmlint for this package explicitely
addFilter("explicit-lib-dependency python3-passlib");
-# standard files, needed for python
-addFilter("files-duplicate /usr/lib/python.*/site-packages/ansible/.*");
-# same for the ansible-test sub-package
-addFilter("files-duplicate /usr/lib/python.*/site-packages/ansible_test/.*");
+# # standard files, needed for python
+# addFilter("files-duplicate /usr/lib/python.*/site-packages/ansible/.*");
+# # same for the ansible-test sub-package
+# addFilter("files-duplicate /usr/lib/python.*/site-packages/ansible_test/.*");
diff --git a/ansible.changes b/ansible.changes
index b982a77..e697cb6 100644
--- a/ansible.changes
+++ b/ansible.changes
@@ -1,4 +1,12 @@
-------------------------------------------------------------------
+Tue May 26 13:02:10 UTC 2020 - Matej Cepl
+
+- Add CVE-2020-1733_avoid_mkdir_p.patch to fix CVE-2020-1733
+ (bsc#1164140)
+- Add metadata information to this file to mark which SUSE
+ bugzilla have been already fixed.
+
+-------------------------------------------------------------------
Tue May 12 23:34:59 UTC 2020 - Michael Ströder
- update to version 2.9.9
@@ -15,16 +23,30 @@ Fri Apr 17 06:49:56 UTC 2020 - Michael Ströder
- update to version 2.9.7 with many bug fixes,
especially for these security issues:
- * CVE-2020-1733 - insecure temporary directory when running become_user from become directive
- * CVE-2020-1735 - path injection on dest parameter in fetch module
- * CVE-2020-1737 - Extract-Zip function in win_unzip module does not check extracted path
- * CVE-2020-1739 - svn module leaks password when specified as a parameter
- * CVE-2020-1740 - secrets readable after ansible-vault edit
- * CVE-2020-1746 - information disclosure issue in ldap_attr and ldap_entry modules
- * CVE-2020-1753 - kubectl connection plugin leaks sensitive information [1]
- * CVE-2020-10684 - code injection when using ansible_facts as a subkey
- * CVE-2020-10685 - modules which use files encrypted with vault are not properly cleaned up
- * CVE-2020-10691 - archive traversal vulnerability in ansible-galaxy collection install [2]
+ - bsc#1164140 CVE-2020-1733 - insecure temporary directory when
+ running become_user from become directive
+ - bsc#1164139 CVE-2020-1734 shell enabled by default in a pipe
+ lookup plugin subprocess
+ - bsc#1164137 CVE-2020-1735 - path injection on dest parameter
+ in fetch module
+ - bsc#1164134 CVE-2020-1736 atomic_move primitive sets
+ permissive permissions
+ - bsc#1164138 CVE-2020-1737 - Extract-Zip function in win_unzip
+ module does not check extracted path
+ - bsc#1164136 CVE-2020-1738 module package can be selected by
+ the ansible facts
+ - bsc#1164133 CVE-2020-1739 - svn module leaks password when
+ specified as a parameter
+ - bsc#1164135 CVE-2020-1740 - secrets readable after
+ ansible-vault edit
+ - bsc#1165393 CVE-2020-1746 - information disclosure issue in
+ ldap_attr and ldap_entry modules
+ - bsc#1166389 CVE-2020-1753 - kubectl connection plugin leaks
+ sensitive information
+ - CVE-2020-10684 - code injection when using ansible_facts as a subkey
+ - bsc#1167440 CVE-2020-10685 - modules which use files
+ encrypted with vault are not properly cleaned up
+ - CVE-2020-10691 - archive traversal vulnerability in ansible-galaxy collection install [2]
-------------------------------------------------------------------
Mon Apr 6 20:45:04 UTC 2020 - lars@linux-schulserver.de - 2.9.6
@@ -36,7 +58,10 @@ Mon Apr 6 20:45:04 UTC 2020 - lars@linux-schulserver.de - 2.9.6
-------------------------------------------------------------------
Thu Mar 5 08:23:57 UTC 2020 - Michael Ströder
-- update to version 2.9.6 (maintenance release)
+- update to version 2.9.6 (maintenance release) including
+ these security issues:
+ - bsc#1171162 CVE-2020-10729 two random password lookups in
+ same task return same value
-------------------------------------------------------------------
Thu Feb 13 21:38:06 UTC 2020 - Michael Ströder
@@ -47,7 +72,12 @@ Thu Feb 13 21:38:06 UTC 2020 - Michael Ströder
Tue Jan 28 12:38:16 UTC 2020 - Michael Ströder
- update to version 2.9.4 (maintenance release)
- fix in yum module
+ - fix in yum module
+ - security fixes:
+ - bsc#1157968 CVE-2019-14904 vulnerability in solaris_zone
+ module via crafted solaris zone
+ - bsc#1157969 CVE-2019-14905 malicious code could craft
+ filename in nxos_file_copy module
-------------------------------------------------------------------
Thu Jan 16 17:34:28 UTC 2020 - Michael Ströder
@@ -131,6 +161,8 @@ Fri Nov 1 21:11:03 UTC 2019 - Johannes Kastl
Full changelog is packaged at /usr/share/doc/packages/ansible/changelogs/
and also available online at
https://github.com/ansible/ansible/blob/stable-2.9/changelogs/CHANGELOG-v2.9.rst
+- Fixed among other this security bug:
+ - bsc#1112959 CVE-2018-16837 Information leak in "user" module patch added
-------------------------------------------------------------------
Sun Oct 27 14:15:53 UTC 2019 - lars@linux-schulserver.de
@@ -169,6 +201,8 @@ Wed Aug 7 16:30:47 CEST 2019 - Matej Cepl
- Update to version 2.8.3:
Full changelog is packaged, but also at
https://github.com/ansible/ansible/blob/stable-2.8/changelogs/CHANGELOG-v2.8.rst
+ - (bsc#1137528) CVE-2019-10156: ansible: templating causing an
+ unexpected key file to be set on remote node
- (bsc#1142690) Adds CVE-2019-10206-data-disclosure.patch fixing
CVE-2019-10206: ansible-playbook -k and ansible cli tools
prompt passwords by expanding them from templates as they could
@@ -607,6 +641,7 @@ Sun Dec 16 00:20:24 UTC 2018 - Matthias Eliasson
* dnf module properly load and initialize dnf package manager plugins
* docker_swarm_service: use docker defaults for the user parameter if it is set to null
Bugfixes:
+ * bsc#1118896 CVE-2018-16876 Information disclosure in vvv+ mode with no_log on (https://github.com/ansible/ansible/pull/49569)
* ACME modules: improve error messages in some cases (include error returned by server).
* Added unit test for VMware module_utils.
* Also check stdout for interpreter errors for more intelligent messages to user
diff --git a/ansible.spec b/ansible.spec
index c762fb5..c3c13ac 100644
--- a/ansible.spec
+++ b/ansible.spec
@@ -1,9 +1,7 @@
#
# spec file for package ansible
#
-# Copyright (c) 2019 SUSE LLC
-# Copyright 2013 by Lars Vogdt
-# Copyright 2014 by Boris Manojlovic
+# Copyright (c) 2020 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -17,8 +15,7 @@
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
-# Disable shebang munging for specific paths. These files are data files.
-# ansible-test munges the shebangs itself.
+
%global __brp_mangle_shebangs_exclude_from %{_prefix}/lib/python[0-9]+\.[0-9]+/site-packages/ansible_test/_data/.*
%if 0%{?rhel} || 0%{?fedora}
# RHEL and Fedora add -s to the shebang line. We do *not* use -s -E -S or -I
@@ -30,42 +27,18 @@
%define py2_shbang_opts %{nil}
%define py3_shbang_opts %{nil}
%endif
-
# While Windows Powershell meanwhile exists, it is not in Factory/Leap for now.
# So let's exclude /usr/bin/pwsh from the dependencies
%define __requires_exclude ^%{_bindir}/pwsh$
-
# Python 2 or Python 3?
%if 0%{?suse_version} >= 1315
%bcond_without python3
%else
%bcond_with python3
%endif
-
-%if %{with python3}
-%define __python python3
-%define python python3
-%else
-%define python python
-%endif
-
-# Disable/Enable tests only on newer distributions, which have the
+# Disable/Enable tests only on newer distributions, which have the
# needed dependencies.
%define with_tests 0
-
-
-Name: ansible
-Version: 2.9.9
-Release: 0
-Summary: SSH-based configuration management, deployment, and task execution system
-License: GPL-3.0-or-later
-Group: Development/Languages/Python
-URL: https://ansible.com/
-Source: https://releases.ansible.com/ansible/ansible-%{version}.tar.gz
-Source1: https://releases.ansible.com/ansible/ansible-%{version}.tar.gz.sha
-Source99: ansible-rpmlintrc
-BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-buildroot
-BuildArch: noarch
#
# Fedora
#
@@ -92,6 +65,74 @@ Provides: bundled(python-selectors2) = 1.1.1
Provides: bundled(python-six) = 1.12.0
%endif
#
+# RHEL
+#
+%if 0%{?rhel}
+%if 0%{?rhel} >= 8
+%global with_python2 0
+%global with_python3 1
+BuildRequires: %{py3_dist coverage}
+BuildRequires: git-core
+BuildRequires: python3-PyYAML
+BuildRequires: python3-cryptography
+BuildRequires: python3-devel
+BuildRequires: python3-docutils
+BuildRequires: python3-jinja2
+BuildRequires: python3-mock
+BuildRequires: python3-pytest
+BuildRequires: python3-pytest-mock
+BuildRequires: python3-pytest-xdist
+BuildRequires: python3-requests
+BuildRequires: python3-setuptools
+BuildRequires: python3-six
+BuildRequires: python3-systemd
+Requires: python3-PyYAML
+Requires: python3-cryptography
+Requires: python3-jinja2
+Requires: python3-six
+Requires: sshpass
+%else
+%if 0%{?rhel} >= 7
+%global with_python2 1
+%global with_python3 0
+BuildRequires: PyYAML
+BuildRequires: git
+BuildRequires: pytest
+BuildRequires: python-boto3
+BuildRequires: python-coverage
+BuildRequires: python-jinja2
+BuildRequires: python-jmespath
+BuildRequires: python-mock
+BuildRequires: python-paramiko
+BuildRequires: python-passlib
+BuildRequires: python-requests
+BuildRequires: python-setuptools
+BuildRequires: python-six
+BuildRequires: python-sphinx
+BuildRequires: python2-cryptography
+BuildRequires: python2-devel
+Requires: PyYAML
+Requires: python-jinja2
+Requires: python-paramiko
+Requires: python-six
+Requires: python2-cryptography
+Requires: sshpass
+%endif # Requires for RHEL 7
+%endif # Requires for RHEL 8
+# Bundled provides
+Provides: bundled(python-backports-ssl_match_hostname) = 3.7.0.1
+Provides: bundled(python-distro) = 1.4.0
+Provides: bundled(python-ipaddress) = 1.0.22
+Provides: bundled(python-selectors2) = 1.1.1
+Provides: bundled(python-six) = 1.12.0
+%endif
+%if %{with python3}
+%define __python python3
+%define python python3
+%else
+%define python python
+%endif
+#
# SUSE/openSUSE
#
%if 0%{?suse_version}
@@ -105,7 +146,7 @@ Provides: bundled(python-six) = 1.12.0
# disable building extensive docs per default:
%define with_docs 0
# Distribution version dependend stuff
-%if 0%{?suse_version} >= 1500
+%if 0%{?suse_version} >= 1500
# Enable VMWare support for newer openSUSE distributions here
# otherwise disable this by setting the value below to 0
%define with_vmware 1
@@ -117,6 +158,35 @@ Provides: bundled(python-six) = 1.12.0
%define with_vmware 0
%define with_tests 0
%endif
+%if ! %{with python3}
+Requires: %{python}-xml
+%endif
+%if 0%{?with_amazon}
+BuildRequires: %{python}-boto3
+BuildRequires: %{python}-botocore
+%endif
+%if 0%{?with_gitlab}
+BuildRequires: %{python}-gitlab
+BuildRequires: %{python}-httmock
+Recommends: %{python}-gitlab
+Recommends: %{python}-httmock
+%endif
+%if 0%{?with_tests}
+BuildRequires: %{python}-pbkdf2
+BuildRequires: %{python}-pytest
+BuildRequires: %{python}-python-memcached
+BuildRequires: %{python}-redis
+BuildRequires: %{python}-requests
+%endif
+%if 0%{?with_vmware}
+BuildRequires: %{python}-pyvmomi
+Recommends: %{python}-pyvmomi
+%endif
+%if 0%{?with_winrm}
+BuildRequires: %{python}-pexpect
+BuildRequires: %{python}-pywinrm
+Recommends: %{python}-pywinrm
+%endif
BuildRequires: %{python}-Jinja2
BuildRequires: %{python}-PyYAML
BuildRequires: %{python}-coverage
@@ -135,112 +205,34 @@ Requires: %{python}-paramiko
Requires: %{python}-passlib
Requires: %{python}-pycrypto >= 2.6
Requires: %{python}-setuptools > 0.6
-%if ! %{with python3}
-Requires: %{python}-xml
-%endif
Recommends: %{python}-boto3
Recommends: %{python}-botocore
Recommends: %{python}-dnspython
Recommends: %{python}-dopy
Recommends: %{python}-httplib2
Recommends: %{python}-keyczar
-Recommends: %{python}-python-memcached
Recommends: %{python}-pbkdf2
+Recommends: %{python}-python-memcached
Recommends: %{python}-pywinrm
Recommends: %{python}-redis
Recommends: %{python}-requests
Recommends: %{python}-six
Recommends: sshpass
-%if 0%{?with_amazon}
-BuildRequires: %{python}-boto3
-BuildRequires: %{python}-botocore
-%endif
-%if 0%{?with_gitlab}
-BuildRequires: %{python}-gitlab
-BuildRequires: %{python}-httmock
-Recommends: %{python}-gitlab
-Recommends: %{python}-httmock
%endif
-%if 0%{?with_tests}
-BuildRequires: %{python}-python-memcached
-BuildRequires: %{python}-pbkdf2
-BuildRequires: %{python}-pytest
-BuildRequires: %{python}-redis
-BuildRequires: %{python}-requests
-%endif
-%if 0%{?with_vmware}
-BuildRequires: %{python}-pyvmomi
-Recommends: %{python}-pyvmomi
-%endif
-%if 0%{?with_winrm}
-BuildRequires: %{python}-pywinrm
-BuildRequires: %{python}-pexpect
-Recommends: %{python}-pywinrm
-%endif
-%endif
-#
-# RHEL
-#
-%if 0%{?rhel}
-# Bundled provides
-Provides: bundled(python-backports-ssl_match_hostname) = 3.7.0.1
-Provides: bundled(python-distro) = 1.4.0
-Provides: bundled(python-ipaddress) = 1.0.22
-Provides: bundled(python-selectors2) = 1.1.1
-Provides: bundled(python-six) = 1.12.0
-%if 0%{?rhel} >= 8
-%global with_python2 0
-%global with_python3 1
-BuildRequires: python3-devel
-BuildRequires: python3-setuptools
-BuildRequires: python3-docutils
-BuildRequires: python3-jinja2
-BuildRequires: python3-PyYAML
-BuildRequires: python3-cryptography
-BuildRequires: python3-six
-BuildRequires: python3-pytest
-BuildRequires: python3-pytest-xdist
-BuildRequires: python3-pytest-mock
-BuildRequires: python3-requests
-BUildRequires: %{py3_dist coverage}
-BuildRequires: python3-mock
-BuildRequires: python3-systemd
-BuildRequires: git-core
-Requires: python3-jinja2
-Requires: python3-PyYAML
-Requires: python3-cryptography
-Requires: python3-six
-Requires: sshpass
-%else
-%if 0%{?rhel} >= 7
-%global with_python2 1
-%global with_python3 0
-BuildRequires: python2-devel
-BuildRequires: python-setuptools
-BuildRequires: python-sphinx
-BuildRequires: python-jinja2
-BuildRequires: PyYAML
-BuildRequires: python2-cryptography
-BuildRequires: python-six
-BuildRequires: pytest
-BuildRequires: python-requests
-BuildRequires: python-coverage
-BuildRequires: python-mock
-BuildRequires: python-boto3
-BuildRequires: git
-BuildRequires: python-paramiko
-BuildRequires: python-jmespath
-BuildRequires: python-passlib
-Requires: python-jinja2
-Requires: PyYAML
-Requires: python2-cryptography
-Requires: python-six
-Requires: sshpass
-Requires: python-paramiko
-%endif # Requires for RHEL 7
-%endif # Requires for RHEL 8
-%endif
-
+Name: ansible
+Version: 2.9.9
+Release: 0
+Summary: SSH-based configuration management, deployment, and task execution system
+License: GPL-3.0-or-later
+Group: Development/Languages/Python
+URL: https://ansible.com/
+Source: https://releases.ansible.com/ansible/ansible-%{version}.tar.gz
+Source1: https://releases.ansible.com/ansible/ansible-%{version}.tar.gz.sha
+Source99: ansible-rpmlintrc
+# PATCH-FIX-UPSTREAM CVE-2020-1733_avoid_mkdir_p.patch bsc#1171823 mcepl@suse.com
+# gh#ansible/ansible#67791 avoid race condition and insecure directory creation
+Patch0: CVE-2020-1733_avoid_mkdir_p.patch
+BuildArch: noarch
# extented documentation
%if 0%{?with_docs}
BuildRequires: asciidoc
@@ -256,7 +248,6 @@ not require any software or daemons to be installed on remote nodes. Extension
modules can be written in any language and are transferred to managed machines
automatically.
-
%package doc
Summary: Documentation for Ansible
Recommends: %{name} = %{version}
@@ -270,7 +261,6 @@ not require any software or daemons to be installed on remote nodes. Extension
modules can be written in any language and are transferred to managed machines
automatically.
-
%package test
Summary: Tool for testing ansible plugin and module code
Requires: %{name} = %{version}
@@ -278,18 +268,17 @@ Requires: %{name} = %{version}
# RHEL
#
%if 0%{?rhel} >= 7
-Requires: python-virtualenv
BuildRequires: python-virtualenv
+Requires: python-virtualenv
%endif
#
# SUSE/openSUSE
#
%if 0%{?suse_version} >= 1500
-Requires: %{python}-virtualenv
BuildRequires: %{python}-virtualenv
+Requires: %{python}-virtualenv
%endif
-
%description test
This package installs the ansible-test command for testing modules and plugins
developed for ansible.
@@ -300,9 +289,10 @@ not require any software or daemons to be installed on remote nodes. Extension
modules can be written in any language and are transferred to managed machines
automatically.
-
%prep
%setup -q -n ansible-%{version}
+%autopatch -p1
+
for file in .git_keep .travis.yml ; do
find . -name "$file" -delete
done
@@ -314,15 +304,15 @@ find ./ -type f -exec \
%build
-%{__python} setup.py build
+%{python} setup.py build
%if 0%{?with_docs}
- make %{?_smp_mflags} PYTHON=%{_bindir}/%{python} SPHINXBUILD=sphinx-build webdocs
+ %make_build PYTHON=%{_bindir}/%{python} SPHINXBUILD=sphinx-build webdocs
%else
- make %{?_smp_mflags} PYTHON=%{_bindir}/%{python} -Cdocs/docsite config cli keywords modules plugins testing
+ %make_build PYTHON=%{_bindir}/%{python} -Cdocs/docsite config cli keywords modules plugins testing
%endif
%install
-%{__python} setup.py install --prefix=%{_prefix} --root=%{buildroot}
+%{python} setup.py install --prefix=%{_prefix} --root=%{buildroot}
mkdir -p %{buildroot}%{_sysconfdir}/ansible/
cp examples/hosts %{buildroot}%{_sysconfdir}/ansible/
@@ -370,7 +360,7 @@ for location in $DATADIR_LOCATIONS ; do
done
mkdir -p %{buildroot}%{_sysconfdir}/ansible/
mkdir -p %{buildroot}%{_sysconfdir}/ansible/roles/
-# fix for https://github.com/ansible/ansible/pull/24381
+# fix for https://github.com/ansible/ansible/pull/24381
# resp. https://bugzilla.opensuse.org/show_bug.cgi?id=1137479
mkdir -p %{buildroot}%{python3_sitelib}/ansible/galaxy/data/default/role/{files,templates}
@@ -386,7 +376,7 @@ cp -pr docs/docsite/rst .
%if 0%{?with_tests} && 0%{with python3}
%check
-%{__python3} bin/ansible-test units -v --python %{python3_version}
+python3 bin/ansible-test units -v --python %{python3_version}
%endif