From eebfe3d580ff3640b2bbe181cc0811d33d5153ef Mon Sep 17 00:00:00 2001
From: "Barry J. Grundy" <bgrundyatlinuxleo.com>
Date: Wed, 24 Dec 2014 13:07:54 -0600
Subject: system/sleuthkit: Fix external type errors with EWF

Signed-off-by: Robby Workman <rworkman@slackbuilds.org>
---
 system/sleuthkit/README                       |  4 ++++
 system/sleuthkit/sleuthkit.SlackBuild         |  8 ++++++--
 system/sleuthkit/tsk4.1.3_external_type.patch | 11 +++++++++++
 3 files changed, 21 insertions(+), 2 deletions(-)
 create mode 100644 system/sleuthkit/tsk4.1.3_external_type.patch

(limited to 'system/sleuthkit')

diff --git a/system/sleuthkit/README b/system/sleuthkit/README
index 5d6c74064d..0f95ef37e4 100644
--- a/system/sleuthkit/README
+++ b/system/sleuthkit/README
@@ -9,3 +9,7 @@ the command line tools can be directly used to find evidence.
 
 Sleuthkit can optionally use libewf (for Expert Witness files) 
 and afflib (for Advanced Forensic Format files).
+
+Note: If you are building TSK for use with Plaso or the DFVFS, it is
+strongly recommended that you build libewf support into TSK by 
+installing libewf first.
diff --git a/system/sleuthkit/sleuthkit.SlackBuild b/system/sleuthkit/sleuthkit.SlackBuild
index af69b12c30..e30eb4a4ae 100644
--- a/system/sleuthkit/sleuthkit.SlackBuild
+++ b/system/sleuthkit/sleuthkit.SlackBuild
@@ -22,11 +22,12 @@
 # OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
 # ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
-# Updated v4.1.3 Feb 2014 Barry J. Grundy <bgrundy(at)linuxleo.com>
+# Updated v4.1.3 (external type patch) December 2014 
+# Barry J. Grundy <bgrundy(at)linuxleo.com>
 
 PRGNAM=sleuthkit
 VERSION=${VERSION:-4.1.3}
-BUILD=${BUILD:-1}
+BUILD=${BUILD:-2}
 TAG=${TAG:-_SBo}
 
 if [ -z "$ARCH" ]; then
@@ -71,6 +72,9 @@ find -L . \
  \( -perm 666 -o -perm 664 -o -perm 640 -o -perm 600 -o -perm 444 \
  -o -perm 440 -o -perm 400 \) -exec chmod 644 {} \;
 
+# Fix external type errors with EWF, external and unsupported types:
+patch -p0 < $CWD/tsk4.1.3_external_type.patch
+
 CFLAGS="$SLKCFLAGS" \
 CXXFLAGS="$SLKCFLAGS" \
 ./configure \
diff --git a/system/sleuthkit/tsk4.1.3_external_type.patch b/system/sleuthkit/tsk4.1.3_external_type.patch
new file mode 100644
index 0000000000..a3c05970ef
--- /dev/null
+++ b/system/sleuthkit/tsk4.1.3_external_type.patch
@@ -0,0 +1,11 @@
+--- tsk/img/tsk_img.h.orig	2014-02-02 09:56:12.947709027 +0100
++++ tsk/img/tsk_img.h	2014-02-02 09:55:34.569701897 +0100
+@@ -66,6 +66,8 @@
+ 
+         TSK_IMG_TYPE_EWF_EWF = 0x0040,  ///< EWF version
+ 
++        TSK_IMG_TYPE_EXTERNAL = 0x1000,  ///< external defined format which at least implements TSK_IMG_INFO, used by pytsk
++
+         TSK_IMG_TYPE_UNSUPP = 0xffff,   ///< Unsupported disk image type
+     } TSK_IMG_TYPE_ENUM;
+ 
-- 
cgit v1.2.3