aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBarry J. Grundy <bgrundyatlinuxleo.com>2014-12-24 13:07:54 -0600
committerRobby Workman <rworkman@slackbuilds.org>2014-12-25 02:10:29 -0600
commiteebfe3d580ff3640b2bbe181cc0811d33d5153ef (patch)
tree1ecfd201f207a1230a4c8c7b9df312c77d859c3d
parentba6b0592dbdbe52a142cc5aa6757fafa4a2c2b3b (diff)
system/sleuthkit: Fix external type errors with EWF
Signed-off-by: Robby Workman <rworkman@slackbuilds.org>
-rw-r--r--system/sleuthkit/README4
-rw-r--r--system/sleuthkit/sleuthkit.SlackBuild8
-rw-r--r--system/sleuthkit/tsk4.1.3_external_type.patch11
3 files changed, 21 insertions, 2 deletions
diff --git a/system/sleuthkit/README b/system/sleuthkit/README
index 5d6c74064d4b5..0f95ef37e4f13 100644
--- a/system/sleuthkit/README
+++ b/system/sleuthkit/README
@@ -9,3 +9,7 @@ the command line tools can be directly used to find evidence.
Sleuthkit can optionally use libewf (for Expert Witness files)
and afflib (for Advanced Forensic Format files).
+
+Note: If you are building TSK for use with Plaso or the DFVFS, it is
+strongly recommended that you build libewf support into TSK by
+installing libewf first.
diff --git a/system/sleuthkit/sleuthkit.SlackBuild b/system/sleuthkit/sleuthkit.SlackBuild
index af69b12c30fe4..e30eb4a4aeed1 100644
--- a/system/sleuthkit/sleuthkit.SlackBuild
+++ b/system/sleuthkit/sleuthkit.SlackBuild
@@ -22,11 +22,12 @@
# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-# Updated v4.1.3 Feb 2014 Barry J. Grundy <bgrundy(at)linuxleo.com>
+# Updated v4.1.3 (external type patch) December 2014
+# Barry J. Grundy <bgrundy(at)linuxleo.com>
PRGNAM=sleuthkit
VERSION=${VERSION:-4.1.3}
-BUILD=${BUILD:-1}
+BUILD=${BUILD:-2}
TAG=${TAG:-_SBo}
if [ -z "$ARCH" ]; then
@@ -71,6 +72,9 @@ find -L . \
\( -perm 666 -o -perm 664 -o -perm 640 -o -perm 600 -o -perm 444 \
-o -perm 440 -o -perm 400 \) -exec chmod 644 {} \;
+# Fix external type errors with EWF, external and unsupported types:
+patch -p0 < $CWD/tsk4.1.3_external_type.patch
+
CFLAGS="$SLKCFLAGS" \
CXXFLAGS="$SLKCFLAGS" \
./configure \
diff --git a/system/sleuthkit/tsk4.1.3_external_type.patch b/system/sleuthkit/tsk4.1.3_external_type.patch
new file mode 100644
index 0000000000000..a3c05970efe73
--- /dev/null
+++ b/system/sleuthkit/tsk4.1.3_external_type.patch
@@ -0,0 +1,11 @@
+--- tsk/img/tsk_img.h.orig 2014-02-02 09:56:12.947709027 +0100
++++ tsk/img/tsk_img.h 2014-02-02 09:55:34.569701897 +0100
+@@ -66,6 +66,8 @@
+
+ TSK_IMG_TYPE_EWF_EWF = 0x0040, ///< EWF version
+
++ TSK_IMG_TYPE_EXTERNAL = 0x1000, ///< external defined format which at least implements TSK_IMG_INFO, used by pytsk
++
+ TSK_IMG_TYPE_UNSUPP = 0xffff, ///< Unsupported disk image type
+ } TSK_IMG_TYPE_ENUM;
+