[Bug 2116293] Re: Python virtual environments broken by 3.13.3-1ubuntu0.2

Utkarsh Gupta 2116293 at bugs.launchpad.net
Mon Jan 19 11:41:40 UTC 2026 

Ubuntu 25.04 (Plucky Puffin) has reached end of life, so this bug will
not be fixed for that specific release.

** Changed in: python3.13 (Ubuntu Plucky)
       Status: New => Won't Fix

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to python3.13 in Ubuntu.
https://bugs.launchpad.net/bugs/2116293

Title:
  Python virtual environments broken by 3.13.3-1ubuntu0.2

Status in python3.13 package in Ubuntu:
  New
Status in python3.13 source package in Plucky:
  Won't Fix

Bug description:
  ### Summary

  Security update to 3.13.3-1ubuntu0.2 breaks existing Python virtual environments with 
  AttributeError: module 'posixpath' has no attribute 'ALLOW_MISSING'

  The patch responsible is
  https://git.launchpad.net/ubuntu/+source/python3.13/commit/?id=2c1a1a44fdc4afc66a76fa31913b8bc291d090f2

  
  ### Version info
   * Package: python3.13
   * Version: 3.13.3-1ubuntu0.2
   * Ubuntu Version: 25.04 Plucky
   * Architecture: amd64

  ### Description

  The security update to python3 introduced a new constant os.path.ALLOW_MISSING that is used by the standard library module tarfile.py. However, existing Python virtual environments created before this update still use the old Python executable that doesn't know about this constant, while the system's standard library (which venvs share) expects it to exist.
  This breaks any Python virtual environment that uses tarfile functionality, including tools like Poetry when installing packages.

  ### Steps to Reproduce

   * Create a Python virtual environment with python3.13 before the security update
   * Update the system python3.13 package to 3.13.3-1ubuntu0.2
   * Try to use tarfile with data filter in the existing virtual environment:

  `~/.local/share/pypoetry/venv/bin/python`

  ```python
  import tarfile
  import tempfile
  import os

  # Create a temporary directory and file
  tmpdir = tempfile.TemporaryDirectory()

  test_file = os.path.join(tmpdir.name, "test.txt")
  with open(test_file, "w") as f:
      f.write("Hello, world!")

  # Create a tar archive
  tar_path = os.path.join(tmpdir.name, "test.tar")
  with tarfile.open(tar_path, "w") as tar:
      tar.add(test_file, arcname="test.txt")

  # Try to extract with data filter (this should trigger the bug)
  extract_dir = os.path.join(tmpdir.name, "extracted")
  os.makedirs(extract_dir)

  with tarfile.open(tar_path, "r") as tar:
      tar.extractall(extract_dir, filter="data") # AttributeError: module 'posixpath' has no attribute 'ALLOW_MISSING'
      print("No error occurred")
  ```

  ### Error Message

  `AttributeError: module 'posixpath' has no attribute 'ALLOW_MISSING'`

  ### Traceback
  File "/usr/lib/python3.13/tarfile.py", line 773, in _get_filtered_attrs
      dest_path = os.path.realpath(dest_path, strict=os.path.ALLOW_MISSING)
  AttributeError: module 'posixpath' has no attribute 'ALLOW_MISSING'

  
  ### Expected Behavior
   * Security updates should not break existing virtual environments
   * The 3.13.3 python3 interpreter should keep the compatibility with 3.13.3 stdlib
   * Tools such as Poetry or venv do most likely depend on the sys.version_info that was kept the same

  
  ### References
   * Reported as https://github.com/python-poetry/poetry/issues/10460

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/python3.13/+bug/2116293/+subscriptions

More information about the foundations-bugs mailing list