[Bug 2116293] [NEW] Python virtual environments broken by 3.13.3-1ubuntu0.2

Adam Benda 2116293 at bugs.launchpad.net
Wed Jul 9 21:37:52 UTC 2025 

Public bug reported:

### Summary

Security update to 3.13.3-1ubuntu0.2 breaks existing Python virtual environments with 
AttributeError: module 'posixpath' has no attribute 'ALLOW_MISSING'

The patch responsible is
https://git.launchpad.net/ubuntu/+source/python3.13/commit/?id=2c1a1a44fdc4afc66a76fa31913b8bc291d090f2


### Version info
 * Package: python3.13
 * Version: 3.13.3-1ubuntu0.2
 * Ubuntu Version: 25.04 Plucky
 * Architecture: amd64

### Description

The security update to python3 introduced a new constant os.path.ALLOW_MISSING that is used by the standard library module tarfile.py. However, existing Python virtual environments created before this update still use the old Python executable that doesn't know about this constant, while the system's standard library (which venvs share) expects it to exist.
This breaks any Python virtual environment that uses tarfile functionality, including tools like Poetry when installing packages.

### Steps to Reproduce

 * Create a Python virtual environment with python3.13 before the security update
 * Update the system python3.13 package to 3.13.3-1ubuntu0.2
 * Try to use tarfile with data filter in the existing virtual environment:

`~/.local/share/pypoetry/venv/bin/python`

```python
import tarfile
import tempfile
import os

# Create a temporary directory and file
tmpdir = tempfile.TemporaryDirectory()

test_file = os.path.join(tmpdir.name, "test.txt")
with open(test_file, "w") as f:
    f.write("Hello, world!")

# Create a tar archive
tar_path = os.path.join(tmpdir.name, "test.tar")
with tarfile.open(tar_path, "w") as tar:
    tar.add(test_file, arcname="test.txt")

# Try to extract with data filter (this should trigger the bug)
extract_dir = os.path.join(tmpdir.name, "extracted")
os.makedirs(extract_dir)

with tarfile.open(tar_path, "r") as tar:
    tar.extractall(extract_dir, filter="data") # AttributeError: module 'posixpath' has no attribute 'ALLOW_MISSING'
    print("No error occurred")
```

### Error Message

`AttributeError: module 'posixpath' has no attribute 'ALLOW_MISSING'`

### Traceback
File "/usr/lib/python3.13/tarfile.py", line 773, in _get_filtered_attrs
    dest_path = os.path.realpath(dest_path, strict=os.path.ALLOW_MISSING)
AttributeError: module 'posixpath' has no attribute 'ALLOW_MISSING'


### Expected Behavior
 * Security updates should not break existing virtual environments
 * The 3.13.3 python3 interpreter should keep the compatibility with 3.13.3 stdlib
 * Tools such as Poetry or venv do most likely depend on the sys.version_info that was kept the same


### References
 * Reported as https://github.com/python-poetry/poetry/issues/10460

** Affects: python3.13 (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to python3.13 in Ubuntu.
https://bugs.launchpad.net/bugs/2116293

Title:
  Python virtual environments broken by 3.13.3-1ubuntu0.2

Status in python3.13 package in Ubuntu:
  New

Bug description:
  ### Summary

  Security update to 3.13.3-1ubuntu0.2 breaks existing Python virtual environments with 
  AttributeError: module 'posixpath' has no attribute 'ALLOW_MISSING'

  The patch responsible is
  https://git.launchpad.net/ubuntu/+source/python3.13/commit/?id=2c1a1a44fdc4afc66a76fa31913b8bc291d090f2

  
  ### Version info
   * Package: python3.13
   * Version: 3.13.3-1ubuntu0.2
   * Ubuntu Version: 25.04 Plucky
   * Architecture: amd64

  ### Description

  The security update to python3 introduced a new constant os.path.ALLOW_MISSING that is used by the standard library module tarfile.py. However, existing Python virtual environments created before this update still use the old Python executable that doesn't know about this constant, while the system's standard library (which venvs share) expects it to exist.
  This breaks any Python virtual environment that uses tarfile functionality, including tools like Poetry when installing packages.

  ### Steps to Reproduce

   * Create a Python virtual environment with python3.13 before the security update
   * Update the system python3.13 package to 3.13.3-1ubuntu0.2
   * Try to use tarfile with data filter in the existing virtual environment:

  `~/.local/share/pypoetry/venv/bin/python`

  ```python
  import tarfile
  import tempfile
  import os

  # Create a temporary directory and file
  tmpdir = tempfile.TemporaryDirectory()

  test_file = os.path.join(tmpdir.name, "test.txt")
  with open(test_file, "w") as f:
      f.write("Hello, world!")

  # Create a tar archive
  tar_path = os.path.join(tmpdir.name, "test.tar")
  with tarfile.open(tar_path, "w") as tar:
      tar.add(test_file, arcname="test.txt")

  # Try to extract with data filter (this should trigger the bug)
  extract_dir = os.path.join(tmpdir.name, "extracted")
  os.makedirs(extract_dir)

  with tarfile.open(tar_path, "r") as tar:
      tar.extractall(extract_dir, filter="data") # AttributeError: module 'posixpath' has no attribute 'ALLOW_MISSING'
      print("No error occurred")
  ```

  ### Error Message

  `AttributeError: module 'posixpath' has no attribute 'ALLOW_MISSING'`

  ### Traceback
  File "/usr/lib/python3.13/tarfile.py", line 773, in _get_filtered_attrs
      dest_path = os.path.realpath(dest_path, strict=os.path.ALLOW_MISSING)
  AttributeError: module 'posixpath' has no attribute 'ALLOW_MISSING'

  
  ### Expected Behavior
   * Security updates should not break existing virtual environments
   * The 3.13.3 python3 interpreter should keep the compatibility with 3.13.3 stdlib
   * Tools such as Poetry or venv do most likely depend on the sys.version_info that was kept the same

  
  ### References
   * Reported as https://github.com/python-poetry/poetry/issues/10460

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/python3.13/+bug/2116293/+subscriptions

More information about the foundations-bugs mailing list