From 256ccae9cf84349bb16308ada8995a665ab5634c Mon Sep 17 00:00:00 2001 From: Lars Vogdt Date: Tue, 26 May 2020 21:14:44 +0000 Subject: [PATCH] Accepting request 809080 from home:mcepl:branches:systemsmanagement - Add CVE-2020-1733_avoid_mkdir_p.patch to fix CVE-2020-1733 (bsc#1164140) - Add metadata information to this file to mark which SUSE bugzilla have been already fixed. - bsc#1164140 CVE-2020-1733 - insecure temporary directory when running become_user from become directive - bsc#1164139 CVE-2020-1734 shell enabled by default in a pipe lookup plugin subprocess - bsc#1164137 CVE-2020-1735 - path injection on dest parameter in fetch module - bsc#1164134 CVE-2020-1736 atomic_move primitive sets permissive permissions - bsc#1164138 CVE-2020-1737 - Extract-Zip function in win_unzip module does not check extracted path - bsc#1164136 CVE-2020-1738 module package can be selected by the ansible facts - bsc#1164133 CVE-2020-1739 - svn module leaks password when specified as a parameter - bsc#1164135 CVE-2020-1740 - secrets readable after ansible-vault edit - bsc#1165393 CVE-2020-1746 - information disclosure issue in ldap_attr and ldap_entry modules - bsc#1166389 CVE-2020-1753 - kubectl connection plugin leaks sensitive information - CVE-2020-10684 - code injection when using ansible_facts as a subkey - bsc#1167440 CVE-2020-10685 - modules which use files encrypted with vault are not properly cleaned up - CVE-2020-10691 - archive traversal vulnerability in ansible-galaxy collection install [2] - update to version 2.9.6 (maintenance release) including OBS-URL: https://build.opensuse.org/request/show/809080 OBS-URL: https://build.opensuse.org/package/show/systemsmanagement/ansible?expand=0&rev=183 --- CVE-2020-1733_avoid_mkdir_p.patch | 54 ++++++ ansible-rpmlintrc | 8 +- ansible.changes | 59 +++++-- ansible.spec | 262 ++++++++++++++---------------- 4 files changed, 231 insertions(+), 152 deletions(-) create mode 100644 CVE-2020-1733_avoid_mkdir_p.patch diff --git a/CVE-2020-1733_avoid_mkdir_p.patch b/CVE-2020-1733_avoid_mkdir_p.patch new file mode 100644 index 0000000..3bd138d --- /dev/null +++ b/CVE-2020-1733_avoid_mkdir_p.patch @@ -0,0 +1,54 @@ +From 0a85e91329d4c048e7e4b2cd478f2c17a3dac988 Mon Sep 17 00:00:00 2001 +From: Brian Coca +Date: Mon, 13 Apr 2020 17:16:29 -0400 +Subject: [PATCH 1/4] avoid mkdir -p (#68921) + +* also consolidated temp dir name generation, added pid for more 'uniqness' +* generalize error message +* added notes about remote expansion + +CVE-2020-1733 +fixes #67791 + +(cherry picked from commit 8077d8e40148fe77e2393caa5f2b2ea855149d63) +--- + changelogs/fragments/remote_mkdir_fix.yml | 2 ++ + lib/ansible/plugins/action/__init__.py | 11 ++++++++--- + lib/ansible/plugins/shell/__init__.py | 14 ++++++++++---- + lib/ansible/plugins/shell/powershell.py | 2 ++ + 4 files changed, 22 insertions(+), 7 deletions(-) + create mode 100644 changelogs/fragments/remote_mkdir_fix.yml + +--- /dev/null ++++ b/changelogs/fragments/remote_mkdir_fix.yml +@@ -0,0 +1,2 @@ ++bugfixes: ++ - Ensure we get an error when creating a remote tmp if it already exists. CVE-2020-1733 +--- a/lib/ansible/plugins/action/__init__.py ++++ b/lib/ansible/plugins/action/__init__.py +@@ -340,7 +340,11 @@ class ActionBase(with_metaclass(ABCMeta, + else: + # NOTE: shell plugins should populate this setting anyways, but they dont do remote expansion, which + # we need for 'non posix' systems like cloud-init and solaris +- tmpdir = self._remote_expand_user(self.get_shell_option('remote_tmp', default='~/.ansible/tmp'), sudoable=False) ++ try: ++ tmpdir = self._connection._shell.get_option('remote_tmp') ++ except AnsibleError: ++ tmpdir = '~/.ansible/tmp' ++ tmpdir = self._remote_expand_user(tmpdir, sudoable=False) + + become_unprivileged = self._is_become_unprivileged() + basefile = self._connection._shell._generate_temp_dir_name() +--- a/lib/ansible/plugins/shell/__init__.py ++++ b/lib/ansible/plugins/shell/__init__.py +@@ -79,6 +79,10 @@ class ShellBase(AnsiblePlugin): + def _generate_temp_dir_name(): + return 'ansible-tmp-%s-%s-%s' % (time.time(), os.getpid(), random.randint(0, 2**48)) + ++ @staticmethod ++ def _generate_temp_dir_name(): ++ return 'ansible-tmp-%s-%s-%s' % (time.time(), os.getpid(), random.randint(0, 2**48)) ++ + def env_prefix(self, **kwargs): + return ' '.join(['%s=%s' % (k, shlex_quote(text_type(v))) for k, v in kwargs.items()]) + diff --git a/ansible-rpmlintrc b/ansible-rpmlintrc index 98d130b..9e274d2 100644 --- a/ansible-rpmlintrc +++ b/ansible-rpmlintrc @@ -4,7 +4,7 @@ addFilter("non-executable-script.*/usr/lib/python.*/site-packages/ansible/module addFilter("non-executable-script.*/usr/lib/python.*/site-packages/ansible/(cli|galaxy|module_utils|plugins/action|runner|utils)/.*.py"); # no really a lib - ignore rpmlint for this package explicitely addFilter("explicit-lib-dependency python3-passlib"); -# standard files, needed for python -addFilter("files-duplicate /usr/lib/python.*/site-packages/ansible/.*"); -# same for the ansible-test sub-package -addFilter("files-duplicate /usr/lib/python.*/site-packages/ansible_test/.*"); +# # standard files, needed for python +# addFilter("files-duplicate /usr/lib/python.*/site-packages/ansible/.*"); +# # same for the ansible-test sub-package +# addFilter("files-duplicate /usr/lib/python.*/site-packages/ansible_test/.*"); diff --git a/ansible.changes b/ansible.changes index b982a77..e697cb6 100644 --- a/ansible.changes +++ b/ansible.changes @@ -1,3 +1,11 @@ +------------------------------------------------------------------- +Tue May 26 13:02:10 UTC 2020 - Matej Cepl + +- Add CVE-2020-1733_avoid_mkdir_p.patch to fix CVE-2020-1733 + (bsc#1164140) +- Add metadata information to this file to mark which SUSE + bugzilla have been already fixed. + ------------------------------------------------------------------- Tue May 12 23:34:59 UTC 2020 - Michael Ströder @@ -15,16 +23,30 @@ Fri Apr 17 06:49:56 UTC 2020 - Michael Ströder - update to version 2.9.7 with many bug fixes, especially for these security issues: - * CVE-2020-1733 - insecure temporary directory when running become_user from become directive - * CVE-2020-1735 - path injection on dest parameter in fetch module - * CVE-2020-1737 - Extract-Zip function in win_unzip module does not check extracted path - * CVE-2020-1739 - svn module leaks password when specified as a parameter - * CVE-2020-1740 - secrets readable after ansible-vault edit - * CVE-2020-1746 - information disclosure issue in ldap_attr and ldap_entry modules - * CVE-2020-1753 - kubectl connection plugin leaks sensitive information [1] - * CVE-2020-10684 - code injection when using ansible_facts as a subkey - * CVE-2020-10685 - modules which use files encrypted with vault are not properly cleaned up - * CVE-2020-10691 - archive traversal vulnerability in ansible-galaxy collection install [2] + - bsc#1164140 CVE-2020-1733 - insecure temporary directory when + running become_user from become directive + - bsc#1164139 CVE-2020-1734 shell enabled by default in a pipe + lookup plugin subprocess + - bsc#1164137 CVE-2020-1735 - path injection on dest parameter + in fetch module + - bsc#1164134 CVE-2020-1736 atomic_move primitive sets + permissive permissions + - bsc#1164138 CVE-2020-1737 - Extract-Zip function in win_unzip + module does not check extracted path + - bsc#1164136 CVE-2020-1738 module package can be selected by + the ansible facts + - bsc#1164133 CVE-2020-1739 - svn module leaks password when + specified as a parameter + - bsc#1164135 CVE-2020-1740 - secrets readable after + ansible-vault edit + - bsc#1165393 CVE-2020-1746 - information disclosure issue in + ldap_attr and ldap_entry modules + - bsc#1166389 CVE-2020-1753 - kubectl connection plugin leaks + sensitive information + - CVE-2020-10684 - code injection when using ansible_facts as a subkey + - bsc#1167440 CVE-2020-10685 - modules which use files + encrypted with vault are not properly cleaned up + - CVE-2020-10691 - archive traversal vulnerability in ansible-galaxy collection install [2] ------------------------------------------------------------------- Mon Apr 6 20:45:04 UTC 2020 - lars@linux-schulserver.de - 2.9.6 @@ -36,7 +58,10 @@ Mon Apr 6 20:45:04 UTC 2020 - lars@linux-schulserver.de - 2.9.6 ------------------------------------------------------------------- Thu Mar 5 08:23:57 UTC 2020 - Michael Ströder -- update to version 2.9.6 (maintenance release) +- update to version 2.9.6 (maintenance release) including + these security issues: + - bsc#1171162 CVE-2020-10729 two random password lookups in + same task return same value ------------------------------------------------------------------- Thu Feb 13 21:38:06 UTC 2020 - Michael Ströder @@ -47,7 +72,12 @@ Thu Feb 13 21:38:06 UTC 2020 - Michael Ströder Tue Jan 28 12:38:16 UTC 2020 - Michael Ströder - update to version 2.9.4 (maintenance release) - fix in yum module + - fix in yum module + - security fixes: + - bsc#1157968 CVE-2019-14904 vulnerability in solaris_zone + module via crafted solaris zone + - bsc#1157969 CVE-2019-14905 malicious code could craft + filename in nxos_file_copy module ------------------------------------------------------------------- Thu Jan 16 17:34:28 UTC 2020 - Michael Ströder @@ -131,6 +161,8 @@ Fri Nov 1 21:11:03 UTC 2019 - Johannes Kastl Full changelog is packaged at /usr/share/doc/packages/ansible/changelogs/ and also available online at https://github.com/ansible/ansible/blob/stable-2.9/changelogs/CHANGELOG-v2.9.rst +- Fixed among other this security bug: + - bsc#1112959 CVE-2018-16837 Information leak in "user" module patch added ------------------------------------------------------------------- Sun Oct 27 14:15:53 UTC 2019 - lars@linux-schulserver.de @@ -169,6 +201,8 @@ Wed Aug 7 16:30:47 CEST 2019 - Matej Cepl - Update to version 2.8.3: Full changelog is packaged, but also at https://github.com/ansible/ansible/blob/stable-2.8/changelogs/CHANGELOG-v2.8.rst + - (bsc#1137528) CVE-2019-10156: ansible: templating causing an + unexpected key file to be set on remote node - (bsc#1142690) Adds CVE-2019-10206-data-disclosure.patch fixing CVE-2019-10206: ansible-playbook -k and ansible cli tools prompt passwords by expanding them from templates as they could @@ -607,6 +641,7 @@ Sun Dec 16 00:20:24 UTC 2018 - Matthias Eliasson * dnf module properly load and initialize dnf package manager plugins * docker_swarm_service: use docker defaults for the user parameter if it is set to null Bugfixes: + * bsc#1118896 CVE-2018-16876 Information disclosure in vvv+ mode with no_log on (https://github.com/ansible/ansible/pull/49569) * ACME modules: improve error messages in some cases (include error returned by server). * Added unit test for VMware module_utils. * Also check stdout for interpreter errors for more intelligent messages to user diff --git a/ansible.spec b/ansible.spec index c762fb5..c3c13ac 100644 --- a/ansible.spec +++ b/ansible.spec @@ -1,9 +1,7 @@ # # spec file for package ansible # -# Copyright (c) 2019 SUSE LLC -# Copyright 2013 by Lars Vogdt -# Copyright 2014 by Boris Manojlovic +# Copyright (c) 2020 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,8 +15,7 @@ # Please submit bugfixes or comments via https://bugs.opensuse.org/ # -# Disable shebang munging for specific paths. These files are data files. -# ansible-test munges the shebangs itself. + %global __brp_mangle_shebangs_exclude_from %{_prefix}/lib/python[0-9]+\.[0-9]+/site-packages/ansible_test/_data/.* %if 0%{?rhel} || 0%{?fedora} # RHEL and Fedora add -s to the shebang line. We do *not* use -s -E -S or -I @@ -30,42 +27,18 @@ %define py2_shbang_opts %{nil} %define py3_shbang_opts %{nil} %endif - # While Windows Powershell meanwhile exists, it is not in Factory/Leap for now. # So let's exclude /usr/bin/pwsh from the dependencies %define __requires_exclude ^%{_bindir}/pwsh$ - # Python 2 or Python 3? %if 0%{?suse_version} >= 1315 %bcond_without python3 %else %bcond_with python3 %endif - -%if %{with python3} -%define __python python3 -%define python python3 -%else -%define python python -%endif - -# Disable/Enable tests only on newer distributions, which have the +# Disable/Enable tests only on newer distributions, which have the # needed dependencies. %define with_tests 0 - - -Name: ansible -Version: 2.9.9 -Release: 0 -Summary: SSH-based configuration management, deployment, and task execution system -License: GPL-3.0-or-later -Group: Development/Languages/Python -URL: https://ansible.com/ -Source: https://releases.ansible.com/ansible/ansible-%{version}.tar.gz -Source1: https://releases.ansible.com/ansible/ansible-%{version}.tar.gz.sha -Source99: ansible-rpmlintrc -BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-buildroot -BuildArch: noarch # # Fedora # @@ -92,6 +65,74 @@ Provides: bundled(python-selectors2) = 1.1.1 Provides: bundled(python-six) = 1.12.0 %endif # +# RHEL +# +%if 0%{?rhel} +%if 0%{?rhel} >= 8 +%global with_python2 0 +%global with_python3 1 +BuildRequires: %{py3_dist coverage} +BuildRequires: git-core +BuildRequires: python3-PyYAML +BuildRequires: python3-cryptography +BuildRequires: python3-devel +BuildRequires: python3-docutils +BuildRequires: python3-jinja2 +BuildRequires: python3-mock +BuildRequires: python3-pytest +BuildRequires: python3-pytest-mock +BuildRequires: python3-pytest-xdist +BuildRequires: python3-requests +BuildRequires: python3-setuptools +BuildRequires: python3-six +BuildRequires: python3-systemd +Requires: python3-PyYAML +Requires: python3-cryptography +Requires: python3-jinja2 +Requires: python3-six +Requires: sshpass +%else +%if 0%{?rhel} >= 7 +%global with_python2 1 +%global with_python3 0 +BuildRequires: PyYAML +BuildRequires: git +BuildRequires: pytest +BuildRequires: python-boto3 +BuildRequires: python-coverage +BuildRequires: python-jinja2 +BuildRequires: python-jmespath +BuildRequires: python-mock +BuildRequires: python-paramiko +BuildRequires: python-passlib +BuildRequires: python-requests +BuildRequires: python-setuptools +BuildRequires: python-six +BuildRequires: python-sphinx +BuildRequires: python2-cryptography +BuildRequires: python2-devel +Requires: PyYAML +Requires: python-jinja2 +Requires: python-paramiko +Requires: python-six +Requires: python2-cryptography +Requires: sshpass +%endif # Requires for RHEL 7 +%endif # Requires for RHEL 8 +# Bundled provides +Provides: bundled(python-backports-ssl_match_hostname) = 3.7.0.1 +Provides: bundled(python-distro) = 1.4.0 +Provides: bundled(python-ipaddress) = 1.0.22 +Provides: bundled(python-selectors2) = 1.1.1 +Provides: bundled(python-six) = 1.12.0 +%endif +%if %{with python3} +%define __python python3 +%define python python3 +%else +%define python python +%endif +# # SUSE/openSUSE # %if 0%{?suse_version} @@ -105,7 +146,7 @@ Provides: bundled(python-six) = 1.12.0 # disable building extensive docs per default: %define with_docs 0 # Distribution version dependend stuff -%if 0%{?suse_version} >= 1500 +%if 0%{?suse_version} >= 1500 # Enable VMWare support for newer openSUSE distributions here # otherwise disable this by setting the value below to 0 %define with_vmware 1 @@ -117,6 +158,35 @@ Provides: bundled(python-six) = 1.12.0 %define with_vmware 0 %define with_tests 0 %endif +%if ! %{with python3} +Requires: %{python}-xml +%endif +%if 0%{?with_amazon} +BuildRequires: %{python}-boto3 +BuildRequires: %{python}-botocore +%endif +%if 0%{?with_gitlab} +BuildRequires: %{python}-gitlab +BuildRequires: %{python}-httmock +Recommends: %{python}-gitlab +Recommends: %{python}-httmock +%endif +%if 0%{?with_tests} +BuildRequires: %{python}-pbkdf2 +BuildRequires: %{python}-pytest +BuildRequires: %{python}-python-memcached +BuildRequires: %{python}-redis +BuildRequires: %{python}-requests +%endif +%if 0%{?with_vmware} +BuildRequires: %{python}-pyvmomi +Recommends: %{python}-pyvmomi +%endif +%if 0%{?with_winrm} +BuildRequires: %{python}-pexpect +BuildRequires: %{python}-pywinrm +Recommends: %{python}-pywinrm +%endif BuildRequires: %{python}-Jinja2 BuildRequires: %{python}-PyYAML BuildRequires: %{python}-coverage @@ -135,112 +205,34 @@ Requires: %{python}-paramiko Requires: %{python}-passlib Requires: %{python}-pycrypto >= 2.6 Requires: %{python}-setuptools > 0.6 -%if ! %{with python3} -Requires: %{python}-xml -%endif Recommends: %{python}-boto3 Recommends: %{python}-botocore Recommends: %{python}-dnspython Recommends: %{python}-dopy Recommends: %{python}-httplib2 Recommends: %{python}-keyczar -Recommends: %{python}-python-memcached Recommends: %{python}-pbkdf2 +Recommends: %{python}-python-memcached Recommends: %{python}-pywinrm Recommends: %{python}-redis Recommends: %{python}-requests Recommends: %{python}-six Recommends: sshpass -%if 0%{?with_amazon} -BuildRequires: %{python}-boto3 -BuildRequires: %{python}-botocore %endif -%if 0%{?with_gitlab} -BuildRequires: %{python}-gitlab -BuildRequires: %{python}-httmock -Recommends: %{python}-gitlab -Recommends: %{python}-httmock -%endif -%if 0%{?with_tests} -BuildRequires: %{python}-python-memcached -BuildRequires: %{python}-pbkdf2 -BuildRequires: %{python}-pytest -BuildRequires: %{python}-redis -BuildRequires: %{python}-requests -%endif -%if 0%{?with_vmware} -BuildRequires: %{python}-pyvmomi -Recommends: %{python}-pyvmomi -%endif -%if 0%{?with_winrm} -BuildRequires: %{python}-pywinrm -BuildRequires: %{python}-pexpect -Recommends: %{python}-pywinrm -%endif -%endif -# -# RHEL -# -%if 0%{?rhel} -# Bundled provides -Provides: bundled(python-backports-ssl_match_hostname) = 3.7.0.1 -Provides: bundled(python-distro) = 1.4.0 -Provides: bundled(python-ipaddress) = 1.0.22 -Provides: bundled(python-selectors2) = 1.1.1 -Provides: bundled(python-six) = 1.12.0 -%if 0%{?rhel} >= 8 -%global with_python2 0 -%global with_python3 1 -BuildRequires: python3-devel -BuildRequires: python3-setuptools -BuildRequires: python3-docutils -BuildRequires: python3-jinja2 -BuildRequires: python3-PyYAML -BuildRequires: python3-cryptography -BuildRequires: python3-six -BuildRequires: python3-pytest -BuildRequires: python3-pytest-xdist -BuildRequires: python3-pytest-mock -BuildRequires: python3-requests -BUildRequires: %{py3_dist coverage} -BuildRequires: python3-mock -BuildRequires: python3-systemd -BuildRequires: git-core -Requires: python3-jinja2 -Requires: python3-PyYAML -Requires: python3-cryptography -Requires: python3-six -Requires: sshpass -%else -%if 0%{?rhel} >= 7 -%global with_python2 1 -%global with_python3 0 -BuildRequires: python2-devel -BuildRequires: python-setuptools -BuildRequires: python-sphinx -BuildRequires: python-jinja2 -BuildRequires: PyYAML -BuildRequires: python2-cryptography -BuildRequires: python-six -BuildRequires: pytest -BuildRequires: python-requests -BuildRequires: python-coverage -BuildRequires: python-mock -BuildRequires: python-boto3 -BuildRequires: git -BuildRequires: python-paramiko -BuildRequires: python-jmespath -BuildRequires: python-passlib -Requires: python-jinja2 -Requires: PyYAML -Requires: python2-cryptography -Requires: python-six -Requires: sshpass -Requires: python-paramiko -%endif # Requires for RHEL 7 -%endif # Requires for RHEL 8 -%endif - +Name: ansible +Version: 2.9.9 +Release: 0 +Summary: SSH-based configuration management, deployment, and task execution system +License: GPL-3.0-or-later +Group: Development/Languages/Python +URL: https://ansible.com/ +Source: https://releases.ansible.com/ansible/ansible-%{version}.tar.gz +Source1: https://releases.ansible.com/ansible/ansible-%{version}.tar.gz.sha +Source99: ansible-rpmlintrc +# PATCH-FIX-UPSTREAM CVE-2020-1733_avoid_mkdir_p.patch bsc#1171823 mcepl@suse.com +# gh#ansible/ansible#67791 avoid race condition and insecure directory creation +Patch0: CVE-2020-1733_avoid_mkdir_p.patch +BuildArch: noarch # extented documentation %if 0%{?with_docs} BuildRequires: asciidoc @@ -256,7 +248,6 @@ not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. - %package doc Summary: Documentation for Ansible Recommends: %{name} = %{version} @@ -270,7 +261,6 @@ not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. - %package test Summary: Tool for testing ansible plugin and module code Requires: %{name} = %{version} @@ -278,18 +268,17 @@ Requires: %{name} = %{version} # RHEL # %if 0%{?rhel} >= 7 -Requires: python-virtualenv BuildRequires: python-virtualenv +Requires: python-virtualenv %endif # # SUSE/openSUSE # %if 0%{?suse_version} >= 1500 -Requires: %{python}-virtualenv BuildRequires: %{python}-virtualenv +Requires: %{python}-virtualenv %endif - %description test This package installs the ansible-test command for testing modules and plugins developed for ansible. @@ -300,9 +289,10 @@ not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. - %prep %setup -q -n ansible-%{version} +%autopatch -p1 + for file in .git_keep .travis.yml ; do find . -name "$file" -delete done @@ -314,15 +304,15 @@ find ./ -type f -exec \ %build -%{__python} setup.py build +%{python} setup.py build %if 0%{?with_docs} - make %{?_smp_mflags} PYTHON=%{_bindir}/%{python} SPHINXBUILD=sphinx-build webdocs + %make_build PYTHON=%{_bindir}/%{python} SPHINXBUILD=sphinx-build webdocs %else - make %{?_smp_mflags} PYTHON=%{_bindir}/%{python} -Cdocs/docsite config cli keywords modules plugins testing + %make_build PYTHON=%{_bindir}/%{python} -Cdocs/docsite config cli keywords modules plugins testing %endif %install -%{__python} setup.py install --prefix=%{_prefix} --root=%{buildroot} +%{python} setup.py install --prefix=%{_prefix} --root=%{buildroot} mkdir -p %{buildroot}%{_sysconfdir}/ansible/ cp examples/hosts %{buildroot}%{_sysconfdir}/ansible/ @@ -370,7 +360,7 @@ for location in $DATADIR_LOCATIONS ; do done mkdir -p %{buildroot}%{_sysconfdir}/ansible/ mkdir -p %{buildroot}%{_sysconfdir}/ansible/roles/ -# fix for https://github.com/ansible/ansible/pull/24381 +# fix for https://github.com/ansible/ansible/pull/24381 # resp. https://bugzilla.opensuse.org/show_bug.cgi?id=1137479 mkdir -p %{buildroot}%{python3_sitelib}/ansible/galaxy/data/default/role/{files,templates} @@ -386,7 +376,7 @@ cp -pr docs/docsite/rst . %if 0%{?with_tests} && 0%{with python3} %check -%{__python3} bin/ansible-test units -v --python %{python3_version} +python3 bin/ansible-test units -v --python %{python3_version} %endif