(Trimmed down commit message, but it's still huge to be able to cover all releases in this update...) ---------------- VERSION 4.1.3 -------------- - fixed bug that could crash UFS/ExtX in inode_lookup. - More bounds checking in ISO9660 code - Image layer bounds checking - Update version of SQLITE-JDBC - Config file for YAFFS2 spare area - New method in image layer to return names - Yaffs2 cleanup. - Escape all strings in SQLite database - SQlite code uses NTTFS sequence number to match parent IDs ---------------- VERSION 4.1.2 -------------- Core: - TskAutoDB considers not finding a VS/FS a critical error. ---------------- VERSION 4.1.1 -------------- Core: - Added FILE_SHARE_WRITE to all windows open calls. - removed unused methods in CRC code that caused compile errors. - Added NTFS FNAME times to time2 struct in TSK_FS_META to make them easier to access -- should have done this a long time ago! - fls -m and tsk_gettimes output NTFS FNAME times to output for timelines. - hfind with EnCase hashsets works when DB is specified (and not only index) - TskAuto now goes into UNALLOC partitions by default too. - Added support to automatically find all Cellebrite raw dump files given the name of the first image. - Added NTFS sequence to parent address in directory and directory itself. - Updated SQLite code to use sequence when finding parent object ID. ---------------- VERSION 4.1.0 -------------- Core: - Added YAFFS2 support (patch from viaForensics). - Added Ext4 support (patch from kfairbanks) - changed all include paths to be 'tsk' instead of 'tsk3' -- IMPORTANT FOR ALL DEVELOPERS! ---------------- VERSION 4.0.2 -------------- New Features: - Added fiwalk tool from Simson. Not supported in Visual Studio yet. ---------------- VERSION 4.0.1 -------------- New Features: - Can open raw Windows devices with write mode sharing. - More DOS partition types are displayed. - Added fcat tool that takes in file name and exports content (equivalent to using ifind and icat together). - Added new API to TskImgDB that returns hash value associated with carved files. - performance improvements with FAT code (maps and dir_add) - performance improvements with NTFS code (maps) - added AONLY flag to block_walk - Updated blkls and blkcalc to use AONLY flag -- MUCH faster. ---------------- VERSION 4.0.0 -------------- New Features: - Added multithreaded support - Added C++ wrapper classes - Added JNI bindings / Java data model classes - 3314047: Added utf8-specific versions of 'toid' methods for img,vs,fs types - 3184429: More consistent printing of unset times (all zerso instead of 1970) - New database design that allows for multiple images in the same database - GPT volume system tries other sector sizes if first attempt fails. - Added hash calculation and lookup to AutoDB and JNI. - Upgraded SQLite to 3.7.9. - EnCase hash support - Libewf v2 support (it is now non-beta) - First file in a raw split or E01 can be specified and the rest of the files are found. - mactime displays times as 0 if the time is not set (isntead of 1970) - Changed behavior of 'mactime -y' to use ISO8601 format. - Updated HFS+ code from ATC-NY. - FAT orphan file improvements to reduce false positives. - TskAuto better reports errors.diff -r1.2 -r1.3 pkgsrc/security/sleuthkit/Makefile
(pettai)
| @@ -1,20 +1,18 @@ | @@ -1,20 +1,18 @@ | |||
| 1 | # $NetBSD: Makefile,v 1.2 2013/10/30 15:22:36 pettai Exp $ | 1 | # $NetBSD: Makefile,v 1.3 2014/03/13 23:41:31 pettai Exp $ | |
| 2 | 2 | |||
| 3 | DISTNAME= sleuthkit-3.2.3 | 3 | DISTNAME= sleuthkit-4.1.3 | |
| 4 | CATEGORIES= security sysutils | 4 | CATEGORIES= security sysutils | |
| 5 | MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=sleuthkit/} | 5 | MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=sleuthkit/} | |
| 6 | 6 | |||
| 7 | MAINTAINER= pettai@NetBSD.org | 7 | MAINTAINER= pettai@NetBSD.org | |
| 8 | HOMEPAGE= http://www.sleuthkit.org/ | 8 | HOMEPAGE= http://www.sleuthkit.org/ | |
| 9 | COMMENT= The Sleuth Kit (TSK) opensource forensic toolkit | 9 | COMMENT= The Sleuth Kit (TSK) opensource forensic toolkit | |
| 10 | LICENSE= cpl-1.0 AND gnu-gpl-v2 | 10 | LICENSE= cpl-1.0 AND gnu-gpl-v2 | |
| 11 | 11 | |||
| 12 | GNU_CONFIGURE= yes | 12 | GNU_CONFIGURE= yes | |
| 13 | USE_LANGUAGES= c c++ | 13 | USE_LANGUAGES= c c++ | |
| 14 | USE_LIBTOOL= yes | 14 | USE_LIBTOOL= yes | |
| 15 | USE_TOOLS+= gmake file perl:run | 15 | USE_TOOLS+= gmake file perl:run | |
| 16 | 16 | |||
| 17 | REPLACE_PERL= tools/timeline/mactime tools/sorter/sorter | |||
| 18 | ||||
| 19 | .include "../../sysutils/file/buildlink3.mk" | 17 | .include "../../sysutils/file/buildlink3.mk" | |
| 20 | .include "../../mk/bsd.pkg.mk" | 18 | .include "../../mk/bsd.pkg.mk" |
| @@ -1,6 +1,7 @@ | @@ -1,6 +1,7 @@ | |||
| 1 | $NetBSD: distinfo,v 1.2 2014/02/24 13:10:12 wiedi Exp $ | 1 | $NetBSD: distinfo,v 1.3 2014/03/13 23:41:31 pettai Exp $ | |
| 2 | 2 | |||
| 3 | SHA1 (sleuthkit-3.2.3.tar.gz) = 85d100ffde54f051916a4ea9452563ff85fad4ac | 3 | SHA1 (sleuthkit-4.1.3.tar.gz) = 9350bb59bb5fbe41d6e29a8d0494460b937749ef | |
| 4 | RMD160 (sleuthkit-3.2.3.tar.gz) = ee9849ff34bd7d1ce90819f22f1e09a71e4d0e8c | 4 | RMD160 (sleuthkit-4.1.3.tar.gz) = 223c6ffe22259ca057b6d9634813536e7ccd9dba | |
| 5 | Size (sleuthkit-3.2.3.tar.gz) = 2039699 bytes | 5 | Size (sleuthkit-4.1.3.tar.gz) = 7952733 bytes | |
| 6 | SHA1 (patch-tools_autotools_tsk__recover.cpp) = 1541241ddbc66d4cdd9f63d97715e576ad36f194 | 6 | SHA1 (patch-configure) = 3ecfeb1af019fc7b365374c06e82aeb4b9900e6d | |
| 7 | SHA1 (patch-tools_autotools_tsk__recover.cpp) = c82f8c366ae2675ee6c0c948c466b40f27bc1163 |
| @@ -1,82 +1,86 @@ | @@ -1,82 +1,86 @@ | |||
| 1 | @comment $NetBSD: PLIST,v 1.1 2013/10/29 23:33:02 pettai Exp $ | 1 | @comment $NetBSD: PLIST,v 1.2 2014/03/13 23:41:31 pettai Exp $ | |
| 2 | bin/blkcalc | 2 | bin/blkcalc | |
| 3 | bin/blkcat | 3 | bin/blkcat | |
| 4 | bin/blkls | 4 | bin/blkls | |
| 5 | bin/blkstat | 5 | bin/blkstat | |
| 6 | bin/fcat | |||
| 6 | bin/ffind | 7 | bin/ffind | |
| 8 | bin/fiwalk | |||
| 7 | bin/fls | 9 | bin/fls | |
| 8 | bin/fsstat | 10 | bin/fsstat | |
| 9 | bin/hfind | 11 | bin/hfind | |
| 10 | bin/icat | 12 | bin/icat | |
| 11 | bin/ifind | 13 | bin/ifind | |
| 12 | bin/ils | 14 | bin/ils | |
| 13 | bin/img_cat | 15 | bin/img_cat | |
| 14 | bin/img_stat | 16 | bin/img_stat | |
| 15 | bin/istat | 17 | bin/istat | |
| 16 | bin/jcat | 18 | bin/jcat | |
| 17 | bin/jls | 19 | bin/jls | |
| 20 | bin/jpeg_extract | |||
| 18 | bin/mactime | 21 | bin/mactime | |
| 19 | bin/mmcat | 22 | bin/mmcat | |
| 20 | bin/mmls | 23 | bin/mmls | |
| 21 | bin/mmstat | 24 | bin/mmstat | |
| 22 | bin/sigfind | 25 | bin/sigfind | |
| 23 | bin/sorter | 26 | bin/sorter | |
| 24 | bin/srch_strings | 27 | bin/srch_strings | |
| 25 | bin/tsk_comparedir | 28 | bin/tsk_comparedir | |
| 26 | bin/tsk_gettimes | 29 | bin/tsk_gettimes | |
| 27 | bin/tsk_loaddb | 30 | bin/tsk_loaddb | |
| 28 | bin/tsk_recover | 31 | bin/tsk_recover | |
| 29 | include/tsk3/auto/tsk_auto.h | 32 | include/tsk/auto/tsk_auto.h | |
| 30 | include/tsk3/base/tsk_base.h | 33 | include/tsk/base/tsk_base.h | |
| 31 | include/tsk3/base/tsk_os.h | 34 | include/tsk/base/tsk_os.h | |
| 32 | include/tsk3/fs/tsk_ext2fs.h | 35 | include/tsk/fs/tsk_ext2fs.h | |
| 33 | include/tsk3/fs/tsk_fatfs.h | 36 | include/tsk/fs/tsk_fatfs.h | |
| 34 | include/tsk3/fs/tsk_ffs.h | 37 | include/tsk/fs/tsk_ffs.h | |
| 35 | include/tsk3/fs/tsk_fs.h | 38 | include/tsk/fs/tsk_fs.h | |
| 36 | include/tsk3/fs/tsk_hfs.h | 39 | include/tsk/fs/tsk_hfs.h | |
| 37 | include/tsk3/fs/tsk_iso9660.h | 40 | include/tsk/fs/tsk_iso9660.h | |
| 38 | include/tsk3/fs/tsk_ntfs.h | 41 | include/tsk/fs/tsk_ntfs.h | |
| 39 | include/tsk3/hashdb/tsk_hashdb.h | 42 | include/tsk/fs/tsk_yaffs.h | |
| 40 | include/tsk3/img/tsk_img.h | 43 | include/tsk/hashdb/tsk_hashdb.h | |
| 41 | include/tsk3/libtsk.h | 44 | include/tsk/img/tsk_img.h | |
| 42 | include/tsk3/tsk_incs.h | 45 | include/tsk/libtsk.h | |
| 43 | include/tsk3/vs/tsk_bsd.h | 46 | include/tsk/tsk_incs.h | |
| 44 | include/tsk3/vs/tsk_dos.h | 47 | include/tsk/vs/tsk_bsd.h | |
| 45 | include/tsk3/vs/tsk_gpt.h | 48 | include/tsk/vs/tsk_dos.h | |
| 46 | include/tsk3/vs/tsk_mac.h | 49 | include/tsk/vs/tsk_gpt.h | |
| 47 | include/tsk3/vs/tsk_sun.h | 50 | include/tsk/vs/tsk_mac.h | |
| 48 | include/tsk3/vs/tsk_vs.h | 51 | include/tsk/vs/tsk_sun.h | |
| 49 | lib/libtsk3.la | 52 | include/tsk/vs/tsk_vs.h | |
| 53 | lib/libtsk.la | |||
| 50 | man/man1/blkcalc.1 | 54 | man/man1/blkcalc.1 | |
| 51 | man/man1/blkcat.1 | 55 | man/man1/blkcat.1 | |
| 52 | man/man1/blkls.1 | 56 | man/man1/blkls.1 | |
| 53 | man/man1/blkstat.1 | 57 | man/man1/blkstat.1 | |
| 54 | man/man1/ffind.1 | 58 | man/man1/ffind.1 | |
| 55 | man/man1/fls.1 | 59 | man/man1/fls.1 | |
| 56 | man/man1/fsstat.1 | 60 | man/man1/fsstat.1 | |
| 57 | man/man1/hfind.1 | 61 | man/man1/hfind.1 | |
| 58 | man/man1/icat.1 | 62 | man/man1/icat.1 | |
| 59 | man/man1/ifind.1 | 63 | man/man1/ifind.1 | |
| 60 | man/man1/ils.1 | 64 | man/man1/ils.1 | |
| 61 | man/man1/img_cat.1 | 65 | man/man1/img_cat.1 | |
| 62 | man/man1/img_stat.1 | 66 | man/man1/img_stat.1 | |
| 63 | man/man1/istat.1 | 67 | man/man1/istat.1 | |
| 64 | man/man1/jcat.1 | 68 | man/man1/jcat.1 | |
| 65 | man/man1/jls.1 | 69 | man/man1/jls.1 | |
| 66 | man/man1/mactime.1 | 70 | man/man1/mactime.1 | |
| 67 | man/man1/mmcat.1 | 71 | man/man1/mmcat.1 | |
| 68 | man/man1/mmls.1 | 72 | man/man1/mmls.1 | |
| 69 | man/man1/mmstat.1 | 73 | man/man1/mmstat.1 | |
| 70 | man/man1/sigfind.1 | 74 | man/man1/sigfind.1 | |
| 71 | man/man1/sorter.1 | 75 | man/man1/sorter.1 | |
| 72 | man/man1/tsk_comparedir.1 | 76 | man/man1/tsk_comparedir.1 | |
| 73 | man/man1/tsk_gettimes.1 | 77 | man/man1/tsk_gettimes.1 | |
| 74 | man/man1/tsk_loaddb.1 | 78 | man/man1/tsk_loaddb.1 | |
| 75 | man/man1/tsk_recover.1 | 79 | man/man1/tsk_recover.1 | |
| 76 | share/tsk3/sorter/default.sort | 80 | share/tsk/sorter/default.sort | |
| 77 | share/tsk3/sorter/freebsd.sort | 81 | share/tsk/sorter/freebsd.sort | |
| 78 | share/tsk3/sorter/images.sort | 82 | share/tsk/sorter/images.sort | |
| 79 | share/tsk3/sorter/linux.sort | 83 | share/tsk/sorter/linux.sort | |
| 80 | share/tsk3/sorter/openbsd.sort | 84 | share/tsk/sorter/openbsd.sort | |
| 81 | share/tsk3/sorter/solaris.sort | 85 | share/tsk/sorter/solaris.sort | |
| 82 | share/tsk3/sorter/windows.sort | 86 | share/tsk/sorter/windows.sort |
$NetBSD: patch-configure,v 1.1 2014/03/13 23:41:31 pettai Exp $
--- configure.orig 2014-03-13 22:51:42.000000000 +0000
+++ configure
@@ -21983,7 +21983,7 @@ else
ax_java_support=no
fi
- if test "x$ax_java_support" == "xyes"; then
+ if test "x$ax_java_support" = "xyes"; then
X_JNI_TRUE=
X_JNI_FALSE='#'
else
| @@ -1,13 +1,14 @@ | @@ -1,13 +1,14 @@ | |||
| 1 | $NetBSD: patch-tools_autotools_tsk__recover.cpp,v 1.1 2014/02/24 13:10:12 wiedi Exp $ | 1 | $NetBSD: patch-tools_autotools_tsk__recover.cpp,v 1.2 2014/03/13 23:41:31 pettai Exp $ | |
| 2 | 2 | |||
| 3 | needs limits.h for PATH_MAX | 3 | needs limits.h for PATH_MAX | |
| 4 | --- tools/autotools/tsk_recover.cpp.orig 2011-10-07 19:12:29.000000000 +0000 | 4 | ||
| 5 | --- tools/autotools/tsk_recover.cpp.orig 2014-03-13 23:04:47.000000000 +0000 | |||
| 5 | +++ tools/autotools/tsk_recover.cpp | 6 | +++ tools/autotools/tsk_recover.cpp | |
| 6 | @@ -9,6 +9,7 @@ | 7 | @@ -9,6 +9,7 @@ | |
| 7 | ** | 8 | ** | |
| 8 | */ | 9 | */ | |
| 9 | 10 | |||
| 10 | +#include <limits.h> | 11 | +#include "limits.h" | |
| 11 | #include "tsk3/tsk_tools_i.h" | 12 | #include "tsk/tsk_tools_i.h" | |
| 12 | #include <locale.h> | 13 | #include <locale.h> | |
| 13 | #include <sys/stat.h> | 14 | #include <sys/stat.h> |