From 7498dc13d30d3ae932ed0e4a6480696a071e38ec Mon Sep 17 00:00:00 2001
From: IKEDA Soji <ikeda@conversion.co.jp>
Date: Fri, 5 Apr 2019 10:37:00 +0900
Subject: [PATCH 1/4] ARC: Comments in Authentication-Results field prevents
 check on srvid. Fixed by parsing the field according to standards.

---
 src/lib/Sympa/Message.pm | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/src/lib/Sympa/Message.pm b/src/lib/Sympa/Message.pm
index 94326e757..2576037e4 100644
--- a/src/lib/Sympa/Message.pm
+++ b/src/lib/Sympa/Message.pm
@@ -8,8 +8,8 @@
 # Copyright (c) 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005,
 # 2006, 2007, 2008, 2009, 2010, 2011 Comite Reseau des Universites
 # Copyright (c) 2011, 2012, 2013, 2014, 2015, 2016, 2017 GIP RENATER
-# Copyright 2017, 2018 The Sympa Community. See the AUTHORS.md file at the
-# top-level directory of this distribution and at
+# Copyright 2017, 2018, 2019 The Sympa Community. See the AUTHORS.md file at
+# the top-level directory of this distribution and at
 # <https://github.com/sympa-community/sympa.git>.
 #
 # This program is free software; you can redistribute it and/or modify
@@ -37,6 +37,7 @@ use Mail::Address;
 use MIME::Charset;
 use MIME::EncWords;
 use MIME::Entity;
+use MIME::Field::ParamVal;
 use MIME::Parser;
 use MIME::Tools;
 use Scalar::Util qw();
@@ -685,7 +686,9 @@ sub check_arc_chain {
     # since we can't add a new seal
 
     my @ars =
-        grep {m{^\s*\Q$srvid\E;}} $self->get_header('Authentication-Results');
+        grep { my $d = $_->param('_'); $d and lc $d eq lc $srvid }
+        map { MIME::Field::ParamVal->parse($_) }
+        $self->get_header('Authentication-Results');
 
     unless (@ars) {
         $log->syslog('debug2',
@@ -694,9 +697,10 @@ sub check_arc_chain {
     }
     # already checked?
     foreach my $ar (@ars) {
-        if ($ar =~ m{\barc=(pass|fail|none)\b}i) {
-            $log->syslog('debug2', "ARC already $1");
+        my $param_arc = $ar->param('arc');
+        if ($param_arc and $param_arc =~ m{\A(pass|fail|none)\b}i) {
             $self->{shelved}->{arc_cv} = $1;
+            $log->syslog('debug2', 'ARC already checked: %s', $param_arc);
             return;
         }
     }

From 5dca2d4b40b6637adf20b5cee461d12a22241331 Mon Sep 17 00:00:00 2001
From: IKEDA Soji <ikeda@conversion.co.jp>
Date: Sat, 6 Apr 2019 18:12:58 +0900
Subject: [PATCH 2/4] [-bug] arc_seal() crashes if seal is skipped.

---
 src/lib/Sympa/Message.pm | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/src/lib/Sympa/Message.pm b/src/lib/Sympa/Message.pm
index 2576037e4..8fc6f9e40 100644
--- a/src/lib/Sympa/Message.pm
+++ b/src/lib/Sympa/Message.pm
@@ -612,9 +612,11 @@ sub arc_seal {
 
     # Seal is done. Add new headers for the seal
     my @seal = $arc->as_strings();
-    foreach my $ahdr (@seal) {
-        my ($ah, $av) = split /:\s*/, $ahdr, 2;
-        $self->add_header($ah, $av, 0);
+    if (grep { $_ and /\AARC-Seal:/i } @seal) {
+        foreach my $ahdr (reverse @seal) {
+            my ($ah, $av) = split /:\s*/, $ahdr, 2;
+            $self->add_header($ah, $av, 0);
+        }
     }
     #$self->{_body} = $new_body;
     delete $self->{_entity_cache};    # Clear entity cache.

From 68c2443b2e5ba762a434e2aac958558838f66563 Mon Sep 17 00:00:00 2001
From: IKEDA Soji <ikeda@conversion.co.jp>
Date: Sun, 7 Apr 2019 11:01:52 +0900
Subject: [PATCH 3/4] Adding debug log.

---
 src/lib/Sympa/Message.pm | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/lib/Sympa/Message.pm b/src/lib/Sympa/Message.pm
index 8fc6f9e40..cc3295b15 100644
--- a/src/lib/Sympa/Message.pm
+++ b/src/lib/Sympa/Message.pm
@@ -605,6 +605,8 @@ sub arc_seal {
         $log->syslog('err', 'Cannot ARC seal message');
         return undef;
     }
+    $log->syslog('debug2', 'ARC %s: %s', $arc->{result},
+        $arc->{result_reason});
 
     # don't need this since DKIM just did it
     #    my ($dummy, $new_body) = split /\r\n\r\n/, $msg_as_string, 2;

From f1bd0bd656dc5d1f4670bfbf7e9995c8549eb7ec Mon Sep 17 00:00:00 2001
From: IKEDA Soji <ikeda@conversion.co.jp>
Date: Sat, 13 Apr 2019 15:57:14 +0900
Subject: [PATCH 4/4] Version of a dependency Mail::DKIM::ARC::Signer to 0.55
 due to bug fix. See https://rt.cpan.org/Public/Bug/Display.html?id=129066

---
 cpanfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/cpanfile b/cpanfile
index 71138bb1b..f4bb0e40f 100644
--- a/cpanfile
+++ b/cpanfile
@@ -258,7 +258,7 @@ feature 'Mail::DKIM::Verifier', 'Required in order to use DKIM features (both fo
 };
 
 feature 'Mail::DKIM::ARC::Signer', 'Required in order to use ARC features to add ARC seals.' => sub {
-    requires 'Mail::DKIM::ARC::Signer', '>= 0.51';
+    requires 'Mail::DKIM::ARC::Signer', '>= 0.55';
 };
 
 feature 'Net::DNS', 'This is required if you set a value for "dmarc_protection_mode" which requires DNS verification.' => sub {