Rails 4.2.11.2: uninitialized constant Module::DELEGATION_RESERVED_METHOD_NAMES

[bubaflub]

Steps to reproduce

1. Upgraded an existing rails app from 4.2.11.1 to 4.2.11.2.
2. Started a local dev server and tried to access localhost:3000
3. Receive 500 Internal Server Error

Logs show:

ActionView::Template::Error (uninitialized constant Module::DELEGATION_RESERVED_METHOD_NAMES):
  /Users/bob/bubaflub/truelink/app/controllers/application_controller.rb:597:in `redacted'
  /Users/bob/bubaflub/truelink/lib/redacted_middleware.rb:13:in `redacted'

Expected behavior

Shouldn't break an existing app.

Actual behavior

Breaks an existing app.

System configuration

Rails version: 4.2.11.2

Ruby version: 2.4.10 via rvm on Mac OS X 10.15.3

[bubaflub]

I believe the problem is that Module::DELEGATION_RESERVED_METHOD_NAMES only exists in activesupport version 5 and later:

rails/activesupport/lib/active_support/core_ext/module/delegation.rb

Lines 12 to 14 in ac6aa32

	DELEGATION_RESERVED_METHOD_NAMES = Set.new(
	RUBY_RESERVED_KEYWORDS + DELEGATION_RESERVED_KEYWORDS
	).freeze

Whereas activesupport version 4 doesn't have that method:

rails/activesupport/lib/active_support/core_ext/module/delegation.rb

Lines 8 to 12 in 753cc7d

	RUBY_RESERVED_WORDS = Set.new(
	%w(alias and BEGIN begin break case class def defined? do else elsif END
	end ensure false for if in module next nil not or redo rescue retry
	return self super then true undef unless until when while yield)
	).freeze

[dustym]

I have a PR up for this in #39302.

[bubaflub]

I'm curious to know how this passed through review and automated testing to make it to an official release.

[rbliss]

Looks like the release never passed the build in the first place. Which is also impacting PR #39302 @dustym submitted. The build for 4.2.x appears to need updating for lower versions of Ruby.

[tenderlove]

I am very sorry. I will make a release again.

[rafaelfranca]

Please note that Rails 4.2 is not supported. We are trying to do a favor to people still using that unsupported version by releasing a new version instead of just sending an advisory with a patch. The Rails 4.2 build is not passing anymore given the Ruby versions supported today are different of the versions supported on that series, so we can't expect the build will pass when we make a security release. That is how this passed through review and automated testing to make in to an unsupported official release.

[bubaflub]

I am very sorry. I will make a release again.

It's alright, mistakes happen! I'm was surprised that Rails 4.2 which is EOL received a security patch. And then I was surprised that it didn't work out of the box. I hope I didn't come off as blaming, I just wanted to see if there were process or automation fixes that should go in as well.

Looks like the release never passed the build in the first place... The build for 4.2.x appears to need updating for lower versions of Ruby.

As someone who is currently running Rails 4.2 + Ruby 2.4 I'd be happy to help get the build green again. I would just need some pointers in the right direction.

[rafaelfranca]

As someone who is currently running Rails 4.2 + Ruby 2.4 I'd be happy to help get the build green again. I would just need some pointers in the right direction.

Thank you for the offer but Rails 4.2 is not supported anymore and even just reviewing changes to the test suite would still require time and energy from the core team on a version that is not supported.

[dustym]

Thanks, @tenderlove!

[tenderlove]

I shipped 4.2.11.3 with #39302. Thanks for reporting this as well as the PR to fix it.

[VVD]

This commit 4c46a15 broke redmine 3.4 (/my/page):

--- rails-4.2.11.1/actionview/lib/action_view/template.rb       2019-03-11 21:21:15.000000000 +0300
+++ rails-4.2.11.3/actionview/lib/action_view/template.rb       2020-05-15 21:34:31.000000000 +0300
@@ -312,8 +312,12 @@
       end
 
       def locals_code #:nodoc:
+        # Only locals with valid variable names get set directly. Others will
+        # still be available in local_assigns.
+        locals = @locals.to_set - Module::DELEGATION_RESERVED_METHOD_NAMES
+        locals = locals.grep(/\A(?![A-Z0-9])(?:[[:alnum:]_]|[^\0-\177])+\z/)
         # Double assign to suppress the dreaded 'assigned but unused variable' warning
-        @locals.each_with_object('') { |key, code| code << "#{key} = #{key} = local_assigns[:#{key}];" }
+        locals.each_with_object('') { |key, code| code << "#{key} = #{key} = local_assigns[:#{key}];" }
       end
 
       def method_name #:nodoc:

production.log:

Started GET "/my/page" for IP at 2020-06-01 14:51:53 +0300
Processing by MyController#page as HTML
  Current user: VVD (id=XXXX)
  Rendered my/blocks/_issues.erb (37.8ms)
  Rendered my/page.html.erb within layouts/base (5375.3ms)
Completed 500 Internal Server Error in 5490ms (ActiveRecord: 541.4ms)

ActionView::Template::Error (undefined local variable or method `block' for #<#<Class:0x0000000817a16200>:0x0000000817a2e300>):
    1: <div class="contextual">
    2:   <%= link_to_function l(:label_options), "$('##{block}-settings').toggle();", :class => 'icon-only icon-settings', :titl
e => l(:label_options) %>
    3: </div>
    4: 
    5: <h3>
  app/views/my/blocks/_issues.erb:2:in `_app_views_my_blocks__issues_erb___1895067040708881672_17382521500'
  app/helpers/my_helper.rb:103:in `render_issuesassignedtome_block'
  app/helpers/my_helper.rb:64:in `render_block_content'
  app/helpers/my_helper.rb:35:in `render_block'
  app/helpers/my_helper.rb:27:in `block in render_blocks'
  app/helpers/my_helper.rb:26:in `each'
  app/helpers/my_helper.rb:26:in `render_blocks'
  app/views/my/page.html.erb:13:in `block in _app_views_my_page_html_erb__4123894328546915933_17378179780'
  app/views/my/page.html.erb:11:in `each'
  app/views/my/page.html.erb:11:in `_app_views_my_page_html_erb__4123894328546915933_17378179780'
  lib/redmine/sudo_mode.rb:63:in `sudo_mode'
  plugins/redmine_dmsf/lib/redmine_dmsf/webdav/custom_middleware.rb:68:in `call'

After manual revert this patch error gone.

[VVD]

?

[rafaelfranca]

Yes, it was expected to break this usage. Redmine need to be updated.