[Forensics-changes] [SCM] Tools for forensics analysis branch, debian, updated. debian/3.0.1-2-8-gc6947bd

Cristian Greco cristian.debian at gmail.com
Wed Jul 29 15:59:51 UTC 2009 

The following commit has been merged in the debian branch:
commit 8fdc78a16ccb08bd067b8081a1454d0ddeaacc23
Author: Cristian Greco <cristian.debian at gmail.com>
Date:   Fri Jul 24 02:20:20 2009 +0200

    debian/{control,rules}: build-depeds on quilt and use a real patch management system. debian/patches/000000_lintian.diff: moved to fix-hyphens-manpages.patch (plus lintian fixes). debian/patches/283709_dstat.diff.disabled: deleted. debian/patches/411026_sorter.diff: renamed fix-hfind-manpage.patch (added description).
    
    Signed-off-by: Cristian Greco <cristian.debian at gmail.com>

diff --git a/debian/control b/debian/control
index c067de0..bf783f6 100644
--- a/debian/control
+++ b/debian/control
@@ -2,7 +2,7 @@ Source: sleuthkit
 Section: admin
 Priority: optional
 Maintainer: Martin A. Godisch <godisch at debian.org>
-Build-Depends: debhelper (>= 5), autotools-dev, libz-dev, libssl-dev
+Build-Depends: debhelper (>= 5), quilt (>= 0.40), autotools-dev, libz-dev, libssl-dev
 Standards-Version: 3.8.2
 Homepage: http://www.sleuthkit.org/sleuthkit/
 
diff --git a/debian/patches/000000_lintian.diff b/debian/patches/000000_lintian.diff
deleted file mode 100644
index dd0df12..0000000
--- a/debian/patches/000000_lintian.diff
+++ /dev/null
@@ -1,54 +0,0 @@
---- sleuthkit-3.0.0.orig/man/jcat.1
-+++ sleuthkit-3.0.0/man/jcat.1
-@@ -30,7 +30,7 @@
- Display version
- .IP -v
- verbose output
--.IP image [images]
-+.IP "image [images]"
- One (or more if split) disk or partition images whose format is given with '-i'.
- .IP [inode]
- The inode where the file system journal can be found. 
---- sleuthkit-3.0.0.orig/man/blkcalc.1
-+++ sleuthkit-3.0.0/man/blkcalc.1
-@@ -20,8 +20,7 @@
- option is given, then the
- .B unit_addr
- value is the disk unit address in the regular image (i.e. from 
--.B dd
--).
-+\fBdd\fR).
- If the unit is unallocated, its address in an unallocated image
- is given.  If the 
- .B -u
---- sleuthkit-3.0.0.orig/man/blkcat.1
-+++ sleuthkit-3.0.0/man/blkcat.1
-@@ -21,7 +21,7 @@
- .SH ARGUMENTS
- .IP -a
- Display the contents in ASCII
--.IP -f fstype
-+.IP "-f fstype"
- Specify image as a specific file type.  If 'swap' is given
- here, the image will be displayed in pages of size 4096 bytes.  If 'raw'
- is given, then 512-bytes is used as the default size.  The '-u' flag
-@@ -33,7 +33,7 @@
- .IP -s
- Display statistics on the image (unit size, file block size,  \
- and number of fragments).
--.IP -u unit_size
-+.IP "-u unit_size"
- Specify the size of the default data unit for raw, blkls, and swap 
- images.
- .IP "-i imgtype"
---- sleuthkit-3.0.0.orig/man/ifind.1
-+++ sleuthkit-3.0.0/man/ifind.1
-@@ -51,7 +51,7 @@
- Verbose output to stderr.
- .IP -V
- Display version.
--.IP -z ZONE
-+.IP "-z ZONE"
- If '-p -l' were given, this will set the timezone for the correct times.
- 
- .SH "EXAMPLES"
diff --git a/debian/patches/283709_dstat.diff.disabled b/debian/patches/283709_dstat.diff.disabled
deleted file mode 100644
index 8cec656..0000000
--- a/debian/patches/283709_dstat.diff.disabled
+++ /dev/null
@@ -1,33 +0,0 @@
-diff -urN sleuthkit-2.06.orig/man/man1/dstat.1 sleuthkit-2.06/man/man1/dstat.1
---- sleuthkit-2.06.orig/man/dstat.1	2006-09-01 18:09:16.000000000 +0200
-+++ sleuthkit-2.06/man/dstat.1	2006-09-09 08:05:28.000000000 +0200
-@@ -1,16 +1,16 @@
- .\" Process this file with
- .\" groff -man -Tascii foo.1
- .\"
--.TH DSTAT 1 "JAN 2005" "User Manuals"
-+.TH DATASTAT 1 "JAN 2005" "User Manuals"
- .SH NAME
--dstat \- Display details of a data structure (i.e. block or sector)
-+datastat \- Display details of a data structure (i.e. block or sector)
- .SH SYNOPSIS
--.B dstat [-f
-+.B datastat [-f
- .I fstype 
- .B ] [-i imgtype] [-o imgoffset] [-vV] 
- .I image [images] addr
- .SH DESCRIPTION
--.B dstat
-+.B datastat
- displays the allocation status of the given data address.
- 
- The options are as follows:
-@@ -35,6 +35,7 @@
- .SH "SEE ALSO"
- .BR dd (1),
- .SH HISTORY
--.BR "dstat" " first appeared in " "TASK" " v1.0."
-+.BR "datastat" " first appeared in " "TASK" " v1.0 as " "dstat" "."
-+It has been renamed to datastat in Debian GNU/Linux because of the Debian package dstat.
- .SH AUTHOR
- Brian Carrier <carrier at sleuthkit.org>
diff --git a/debian/patches/411026_sorter.diff b/debian/patches/fix-hfind-manpage.patch
similarity index 51%
rename from debian/patches/411026_sorter.diff
rename to debian/patches/fix-hfind-manpage.patch
index 0709a0e..c5870ef 100644
--- a/debian/patches/411026_sorter.diff
+++ b/debian/patches/fix-hfind-manpage.patch
@@ -1,12 +1,14 @@
---- sleuthkit-2.09/man/hfind.1.orig	2007-12-10 18:45:37.000000000 +0100
-+++ sleuthkit-2.09/man/hfind.1	2007-12-10 18:46:11.000000000 +0100
-@@ -131,8 +131,9 @@
+Author: Martin A. Godisch <godisch at debian.org>
+Description: Adjust a verbose description in hfind(1) (see #411026).
+--- a/man/hfind.1
++++ b/man/hfind.1
+@@ -132,8 +132,9 @@
  	<...>
  
  
 -.SH REQUIREMENTS
 -hfind needs the UNIX sorter program located in /usr/bin/.
-+.SH SEE ALSO
++.SH "SEE ALSO"
 +.BR sorter (1)
 +.P
  The NIST National Software Reference Library (NSRL) can be found at
diff --git a/debian/patches/fix-hyphens-manpages.patch b/debian/patches/fix-hyphens-manpages.patch
new file mode 100644
index 0000000..a3c6113
--- /dev/null
+++ b/debian/patches/fix-hyphens-manpages.patch
@@ -0,0 +1,863 @@
+Author: Cristian Greco <cristian.debian at gmail.com>
+Description: fixes various lintian warnings about hyphens used as minus sign.
+--- a/man/mactime.1
++++ b/man/mactime.1
+@@ -16,14 +16,14 @@
+ .SH DESCRIPTION
+ .B mactime
+ creates an ASCII time line of file activity based on the body file
+-specified by '-b' or from STDIN.  The time line is written to STDOUT.  
++specified by '\-b' or from STDIN.  The time line is written to STDOUT.
+ The body file must be in the time machine format that is created 
+-by 'ils -m', 'fls -m', or the mac-robber tool.  
++by 'ils \-m', 'fls \-m', or the mac-robber tool.
+ 
+ .SH ARGUMENTS
+ .IP "-b body"
+ Specify the location of a body file.  This file must be generated by
+-a tool such as 'fls -m' or 'ils -m'.  The 'mac-robber' and 'grave-robber'
++a tool such as 'fls \-m' or 'ils \-m'.  The 'mac-robber' and 'grave-robber'
+ tools can also be used to generate the file.
+ .IP "-g group file"
+ Specify the location of the group file.  mactime will display the group
+@@ -34,7 +34,7 @@
+ .IP "-i day|hour index file"
+ Specify the location of an index file to write to.  The first argument 
+ specifies the granularity, either an hourly summary or daily.  If the
+-\'-d\' flag is given, then the summary will be seperated by a ',' to
++\'\-d\' flag is given, then the summary will be seperated by a ',' to
+ import into a spread sheet. 
+ .IP -d
+ Display timeline and index files in comma delimited format.  This is used
+--- a/man/mmcat.1
++++ b/man/mmcat.1
+@@ -17,7 +17,7 @@
+ 
+ .SH ARGUMENTS
+ .IP "-t mmtype"
+-Specify the media management type.  Use '-t list' to list the supported types. If not given, autodetection methods are used.
++Specify the media management type.  Use '\-t list' to list the supported types. If not given, autodetection methods are used.
+ .IP "-o offset"
+ Specify the offset into the image where the volume containing the
+ partition system starts.  The relative offset of the partition system
+@@ -29,7 +29,7 @@
+ .IP -V
+ Display version
+ .IP "image [images]"
+-One (or more if split) disk images whose format is given with '-i'.
++One (or more if split) disk images whose format is given with '\-i'.
+ .IP "part_num"
+ Address of partition to process.  See the mmls output to determine the address of the partitions. 
+ 
+--- a/man/mmls.1
++++ b/man/mmls.1
+@@ -17,7 +17,7 @@
+ 
+ .SH ARGUMENTS
+ .IP "-t mmtype"
+-Specify the media management type.  Use '-t list' to list the supported types. If not given, autodetection methods are used.
++Specify the media management type.  Use '\-t list' to list the supported types. If not given, autodetection methods are used.
+ .IP "-o offset"
+ Specify the offset into the image where the volume containing the
+ partition system starts.  The relative offset of the partition system
+@@ -41,10 +41,10 @@
+ .IP -M
+ Hide metadata volumes
+ .IP "image [images]"
+-One (or more if split) disk images whose format is given with '-i'.
++One (or more if split) disk images whose format is given with '\-i'.
+ 
+ .PP
+-\'mmls\' is similar to 'fdisk -lu' in Linux with a few differences.  
++\'mmls\' is similar to 'fdisk \-lu' in Linux with a few differences.
+ Namely, it will show which sectors are not being used so that those
+ can be searched for hidden data.  It also gives the length value so
+ that it can be plugged into 'dd' more easily for extracting the
+@@ -52,7 +52,7 @@
+ NetBSD and will display the output in sectors and not cylinders.  
+ Lastly, it works on non-Linux systems.
+ 
+-If none of -a, -A, -m, or -M are given then all volume types will
++If none of \-a, \-A, \-m, or \-M are given then all volume types will
+ be listed.  If any of them are given, then only the types specified
+ on the command line will be listed.  Allocated volumes are those
+ that are listed in a partition table in the volume system.  Unallocated
+@@ -61,7 +61,7 @@
+ the allocated and unallocated volumes and describe where the partition
+ tables and other metadata structures are located.  In some volume
+ systems, these structures are in allocated space and in others they
+-are in unallocated space.  They can be hidden with -M.
++are in unallocated space.  They can be hidden with \-M.
+ 
+ .SH "EXAMPLES"
+ To list the partition table of a Windows system using autodetect:
+@@ -70,7 +70,7 @@
+ 
+ To list the contents of a BSD system that starts in sector 12345 of a split image:
+ 
+-# mmls -t bsd -o 12345 -i split disk-1.dd disk-2.dd
++# mmls \-t bsd \-o 12345 \-i split disk-1.dd disk-2.dd
+ 
+ .SH AUTHOR
+ Brian Carrier <carrier at sleuthkit dot org>
+--- a/man/mmstat.1
++++ b/man/mmstat.1
+@@ -17,7 +17,7 @@
+ 
+ .SH ARGUMENTS
+ .IP "-t mmtype"
+-Specify the media management type.  Use '-t list' to list the supported types. If not given, autodetection methods are used.
++Specify the media management type.  Use '\-t list' to list the supported types. If not given, autodetection methods are used.
+ .IP "-o offset"
+ Specify the offset into the image where the volume containing the
+ partition system starts.  The relative offset of the partition system
+@@ -29,7 +29,7 @@
+ .IP -V
+ Display version
+ .IP "image [images]"
+-One (or more if split) disk images whose format is given with '-i'.
++One (or more if split) disk images whose format is given with '\-i'.
+ 
+ .SH AUTHOR
+ Brian Carrier <carrier at sleuthkit dot org>
+--- a/man/sigfind.1
++++ b/man/sigfind.1
+@@ -33,15 +33,16 @@
+ .IP -V
+ Display version
+ .IP [hex_signature]
+-The binary signature that you are searching for.  It must be given in hexadecimal format.  This argument must exist if -t is not used.
++The binary signature that you are searching for.  It must be given in
++hexadecimal format.  This argument must exist if \-t is not used.
+ .IP file
+ Any raw data.
+ 
+ .SH "EXAMPLES"
+ 
+-sigfind -o 510 -l AA55 disk.dd
++sigfind \-o 510 \-l AA55 disk.dd
+ 
+-sigfind -t fat disk.dd
++sigfind \-t fat disk.dd
+ 
+ 
+ .SH AUTHOR
+--- a/man/sorter.1
++++ b/man/sorter.1
+@@ -37,17 +37,17 @@
+ 
+ .SH ARGUMENTS
+ The required arguments are as follows.  This will analyze one or more 
+-images and either save the results in the '-d' directory or list
+-the results to STDOUT (if '-l' is given).  
++images and either save the results in the '\-d' directory or list
++the results to STDOUT (if '\-l' is given).
+ 
+ .IP "-d dir"
+ Specify the location of where all files should be written.  This includes
+-the index files and subdirectories if the '-s' flag is given.  
+-This MUST be given, unless the '-l' list flag is given.  
++the index files and subdirectories if the '\-s' flag is given.
++This MUST be given, unless the '\-l' list flag is given.
+ .IP -l
+ List information to STDOUT (no files are ever written).  This is useful
+ for Incident Response, with the use of 'netcat'.  This cannot be used
+-if '-d' is used.  
++if '\-d' is used.
+ .IP images
+ The file names of the image(s) to analyze.  
+ 
+@@ -77,7 +77,7 @@
+ Specify the location of the ONLY configuration file.  The standard config
+ files will not be loaded if this option is given.  For example, in the
+ \'share/sort\' directory there is a file called 'images.sort'.  This file
+-contains only rules about graphic images.  If it is specified with -C, then
++contains only rules about graphic images.  If it is specified with \-C, then
+ only images will be saved about the image.  
+ .IP "-m mnt"
+ Specify the mounting point of the image being analyzed.  This is only
+@@ -119,8 +119,8 @@
+ Calculate the SHA-1 value for each file and save it in the category file.
+ .IP -s
+ Save the actual file content to sub-directories in the directory 
+-specified by '-d'.  For example, all JPG and GIF files would actually be
+-saved in the 'images' directory.  If '-h' is also given, thumbnails of
++specified by '\-d'.  For example, all JPG and GIF files would actually be
++saved in the 'images' directory.  If '\-h' is also given, thumbnails of
+ graphic images are also created.  
+ .IP -v
+ Display verbose information
+@@ -136,7 +136,7 @@
+ is a Perl script that interacts with other The Sleuth Kit tools.  It starts
+ by reading the configuration files from the installation directory.
+ There is a general configuration file and a specific one for each
+-operating system.  The specific one is determined from the '-f'
++operating system.  The specific one is determined from the '\-f'
+ flag.  Each configuration file contains rules for processing the
+ output of the 'file' command.  One type of line identifies which
+ category (i.e. 'images') a given 'file' output belongs to (i.e.
+@@ -157,7 +157,7 @@
+ header information).
+ The configuration file rules are used to identify which category
+ it belongs to.  An entry is added to the corresponding category
+-file (in the '-d dir' directory).  If the '-s' flag is given, then
++file (in the '\-d dir' directory).  If the '\-s' flag is given, then
+ a copy of the file is saved in a subdirectory of the same name as
+ the category.  If the HTML format is used, then hyper-links will
+ allow one to easily view saved files and view what is in each
+@@ -168,9 +168,9 @@
+ structure that 'file' does not know and 'unknown' is for files with
+ a structure that 'file' knows about.  These are saved for future
+ reference, but the unknown category can be ignored by using
+-the '-U' flag.
++the '\-U' flag.
+ 
+-A copy of the files can be saved by using the '-s' flag.  If so,
++A copy of the files can be saved by using the '\-s' flag.  If so,
+ then the files are saved in a subdirectory that is named with
+ the category name.  Each file is named using the file system image
+ name followed by the meta data address and the original file
+@@ -207,7 +207,7 @@
+ entries for common file types.  A specific operating system file also
+ exists, which is useful for extensions that are specific to a given OS.  
+ By default, the default file and the OS specific one will be used.  Using
+-the '-c' flag, an additional file can be used.  If the '-C' flag is used,
++the '\-c' flag, an additional file can be used.  If the '\-C' flag is used,
+ then only the supplied configuration file is used.
+ 
+ There are two rule types in the configuration files.  Each rule starts
+@@ -262,22 +262,22 @@
+ .SH EXAMPLES
+ To run sorter with no hash databases, the following can be used:
+ 
+-    # sorter -f ntfs -d data/sorter images/hda1.dd
++    # sorter \-f ntfs \-d data/sorter images/hda1.dd
+ 	
+-    # sorter -d data/sorter images/hda1.dd
++    # sorter \-d data/sorter images/hda1.dd
+ 
+-    # sorter -i raw -f ntfs -o 63 -d data/sorter images/hda.dd
++    # sorter \-i raw \-f ntfs \-o 63 \-d data/sorter images/hda.dd
+ 
+ To include the NSRL, an exclude, and an alert hash database:
+ 
+-    # sorter -f ntfs -d data/sorter -a /usr/hash/rootkit.db \
+-	  -x /usr/hash/win2k.db -n /usr/hash/nsrl/NSRLFile.txt \
++    # sorter \-f ntfs \-d data/sorter \-a /usr/hash/rootkit.db \
++	  \-x /usr/hash/win2k.db \-n /usr/hash/nsrl/NSRLFile.txt \
+ 	  images/hda1.dd
+ 
+ To just identify images using the supplied 'images.sort' file:
+ 
+-    # sorter -f ntfs -C /usr/local/sleuthkit/share/sort/images.sort \
+-	  -d data/sorter -h -s images/hda1.dd
++    # sorter \-f ntfs \-C /usr/local/sleuthkit/share/sort/images.sort \
++	  \-d data/sorter \-h \-s images/hda1.dd
+ 
+ .SH REQUIREMENTS
+ The NIST National Software Reference Library (NSRL) can be found at
+--- a/man/img_cat.1
++++ b/man/img_cat.1
+@@ -13,13 +13,13 @@
+ 
+ .SH ARGUMENTS
+ .IP "-i imgtype"
+-Identify the type of image file, such as raw, split, or aff.  Use '-i list' to list the supported types.  If not given, autodetection methods are used.
++Identify the type of image file, such as raw, split, or aff.  Use '\-i list' to list the supported types.  If not given, autodetection methods are used.
+ .IP -v
+ Verbose output of debugging statements to stderr
+ .IP -V
+ Display version
+ .IP "image [images]"
+-One (or more if split) disk or partition images whose format is given with '-i'.
++One (or more if split) disk or partition images whose format is given with '\-i'.
+ 
+ .SH AUTHOR
+ Brian Carrier <carrier at sleuthkit dot org>
+--- a/man/img_stat.1
++++ b/man/img_stat.1
+@@ -12,7 +12,7 @@
+ 
+ .SH ARGUMENTS
+ .IP "-i imgtype"
+-Identify the type of image file, such as raw or split.  Use '-i list' to list the supported types. If not given, autodetection methods are used.
++Identify the type of image file, such as raw or split.  Use '\-i list' to list the supported types. If not given, autodetection methods are used.
+ .IP "-t"
+ Print the image type only. 
+ .IP -v
+@@ -20,7 +20,7 @@
+ .IP -V
+ Display version
+ .IP "image [images]"
+-One (or more if split) disk or partition images whose format is given with '-i'.
++One (or more if split) disk or partition images whose format is given with '\-i'.
+ 
+ .SH AUTHOR
+ Brian Carrier <carrier at sleuthkit dot org>
+--- a/man/istat.1
++++ b/man/istat.1
+@@ -23,13 +23,13 @@
+ unallocated with size 0, but still has block pointers.
+ .IP "-f fstype"
+ Specify the file system type.  
+-Use '-f list' to list the supported file system types.
++Use '\-f list' to list the supported file system types.
+ If not given, autodetection methods are used.
+ .IP "-s seconds"
+ The time skew of the original system in seconds.  For example, if the
+-original system was 100 seconds slow, this value would be -100.
++original system was 100 seconds slow, this value would be \-100.
+ .IP "-i imgtype"
+-Identify the type of image file, such as raw or split.  Use '-i list' to list the supported types. 
++Identify the type of image file, such as raw or split.  Use '\-i list' to list the supported types.
+ If not given, autodetection methods are used.
+ .IP "-o imgoffset"
+ The sector offset where the file system starts in the image.  Non-512 byte
+@@ -43,7 +43,7 @@
+ GMT.  These strings are defined by the operating system and may
+ vary.  NOTE: This has changed since TCTUTILs.  
+ .IP "image [images]"
+-One (or more if split) disk or partition images whose format is given with '-i'.
++One (or more if split) disk or partition images whose format is given with '\-i'.
+ .IP inode
+ Meta-data number to display stats on
+ 
+--- a/man/jcat.1
++++ b/man/jcat.1
+@@ -20,9 +20,9 @@
+ 
+ .SH ARGUMENTS
+ .IP "-f fstype"
+-Specify the file system type.  Use '-f list' to list the supported file system types. If not given, autodetection methods are used.
++Specify the file system type.  Use '\-f list' to list the supported file system types. If not given, autodetection methods are used.
+ .IP "-i imgtype"
+-Identify the type of image file, such as raw or split.  Use '-i list' to list the supported types. If not given, autodetection methods are used.
++Identify the type of image file, such as raw or split.  Use '\-i list' to list the supported types. If not given, autodetection methods are used.
+ .IP "-o imgoffset"
+ The sector offset where the file system starts in the image.  Non-512 byte
+ sectors can be specified using '@' (32 at 2048).
+@@ -30,8 +30,8 @@
+ Display version
+ .IP -v
+ verbose output
+-.IP image [images]
+-One (or more if split) disk or partition images whose format is given with '-i'.
++.IP "image [images]"
++One (or more if split) disk or partition images whose format is given with '\-i'.
+ .IP [inode]
+ The inode where the file system journal can be found. 
+ 
+@@ -40,7 +40,7 @@
+ 
+ .SH "EXAMPLES"
+ 
+-jcat -f linux-ext3 img.dd 34 | xxd
++jcat \-f linux-ext3 img.dd 34 | xxd
+ 
+ .SH AUTHOR
+ Brian Carrier <carrier at sleuthkit dot org>
+--- a/man/jls.1
++++ b/man/jls.1
+@@ -17,9 +17,9 @@
+ .SH ARGUMENTS
+ .IP "-f fstype"
+ Specify the file system type.  
+-Use '-f list' to list the supported file system types. If not given, autodetection methods are used.
++Use '\-f list' to list the supported file system types. If not given, autodetection methods are used.
+ .IP "-i imgtype"
+-Identify the type of image file, such as raw or split.  Use '-i list' to list the supported types. If not given, autodetection methods are used.
++Identify the type of image file, such as raw or split.  Use '\-i list' to list the supported types. If not given, autodetection methods are used.
+ .IP "-o imgoffset"
+ The sector offset where the file system starts in the image.  Non-512 byte
+ sectors can be specified using '@' (32 at 2048).
+@@ -28,13 +28,13 @@
+ .IP -v
+ verbose output
+ .IP "image [images]"
+-One (or more if split) disk or partition images whose format is given with '-i'.
++One (or more if split) disk or partition images whose format is given with '\-i'.
+ .IP [inode]
+ The inode where the file system journal can be found. 
+ 
+ .SH "EXAMPLES"
+ 
+-jls -f linux-ext3 img.dd
++jls \-f linux-ext3 img.dd
+ 
+ .SH AUTHOR
+ Brian Carrier <carrier at sleuthkit dot org>
+--- a/man/ifind.1
++++ b/man/ifind.1
+@@ -17,7 +17,7 @@
+ .SH ARGUMENTS
+ There are several required and optional arguments.  The image file names must be specified each time:
+ .IP "image [images]"
+-One (or more if split) disk or partition images whose format is given with '-i'..PP
++One (or more if split) disk or partition images whose format is given with '\-i'..PP
+ 
+ You must also specify what you are looking for and include one of the following:
+ .IP "-d data_unit"
+@@ -29,7 +29,7 @@
+ 
+ .IP "-p par_inode"
+ Finds the unallocated MFT entries in an NTFS image that have the given
+-inode as the parent.  Can be used with '-l and -z'.  
++inode as the parent.  Can be used with '\-l and \-z'.
+ 
+ .PP 
+ There are also several optional arguments:
+@@ -37,12 +37,12 @@
+ Find all meta-data structures (only works when looking with a data_unit).
+ .IP "-f fstype"
+ Specify the file system type.  
+-Use '-f list' to list the supported file system types.
++Use '\-f list' to list the supported file system types.
+ If not given, autodetection methods are used.
+ .IP "-l"
+-List the details of each file found with '-p', like 'fls -l'.
++List the details of each file found with '\-p', like 'fls \-l'.
+ .IP "-i imgtype"
+-Identify the type of image file, such as raw or split.  Use '-i list' to list the supported types. 
++Identify the type of image file, such as raw or split.  Use '\-i list' to list the supported types.
+ If not given, autodetection methods are used.
+ .IP "-o imgoffset"
+ The sector offset where the file system starts in the image.  Non-512 byte
+@@ -51,16 +51,16 @@
+ Verbose output to stderr.
+ .IP -V
+ Display version.
+-.IP -z ZONE
+-If '-p -l' were given, this will set the timezone for the correct times.
++.IP "-z ZONE"
++If '\-p \-l' were given, this will set the timezone for the correct times.
+ 
+ .SH "EXAMPLES"
+ 
+-# ifind -f fat -d 456 fat-img.dd
++# ifind \-f fat \-d 456 fat-img.dd
+ 
+-# ifind -f linux-ext2 -n "/etc/" linux-img.dd
++# ifind \-f linux-ext2 \-n "/etc/" linux-img.dd
+ 
+-# ifind -f ntfs -p 5 -l -z EST5EDT ntfs-img.dd
++# ifind \-f ntfs \-p 5 \-l \-z EST5EDT ntfs-img.dd
+ 
+ .SH AUTHOR
+ Brian Carrier <carrier at sleuthkit dot org>
+--- a/man/ils.1
++++ b/man/ils.1
+@@ -36,18 +36,18 @@
+ List every inode in the file system.
+ .IP "\fB-f\fI fstype\fR"
+ Specifies the file system type.  
+-Use '-f list' to list the supported file system types.
++Use '\-f list' to list the supported file system types.
+ If not given, autodetection methods are used.
+ .IP "\fB-s\fI seconds\fR"
+ The time skew of the original system in seconds.  For example, if the
+-original system was 100 seconds slow, this value would be -100. 
++original system was 100 seconds slow, this value would be \-100.
+ .IP \fB-m\fR
+ Display the inode details in the format that the mactime program reads
+ (replaces the ils2mac script from TCT)
+ .IP \fB-O\fR
+ List only inodes of removed files that are still open or executing.
+ This option is short-hand notation for \fB-aL\fR
+-"(see the \fBfine controls\fR section below). (this used to be -o).
++"(see the \fBfine controls\fR section below). (this used to be \-o).
+ .IP \fB-p\fR
+ Display orphan inodes (unallocated with no file name)
+ .IP \fB-r\fR
+@@ -55,7 +55,7 @@
+ for \fB-LZ\fR
+ (see the \fBfine controls\fR section below).
+ .IP "-i imgtype"
+-Identify the type of image file, such as raw or split.  Use '-i list' to list the supported types. 
++Identify the type of image file, such as raw or split.  Use '\-i list' to list the supported types.
+ If not given, autodetection methods are used.
+ .IP "-o imgoffset"
+ The sector offset where the file system starts in the image.  Non-512 byte
+@@ -65,7 +65,7 @@
+ .IP \fB-V\fR
+ Display Version.
+ .IP "image [images]"
+-One (or more if split) disk or partition images whose format is given with '-i'.
++One (or more if split) disk or partition images whose format is given with '\-i'.
+ .IP "\fIstart-stop\fR"
+ Examine the specified inode number or number range. 
+ .PP
+--- a/man/hfind.1
++++ b/man/hfind.1
+@@ -16,7 +16,7 @@
+ Library (NSRL) and the output of 'md5sum'.  
+ 
+ Before the database can be used by 'hfind', an index file must be created
+-with the '-i' option.  
++with the '\-i' option.
+ 
+ This tool is needed for efficiency.  Most text-based databases do
+ not have fixed length entries and are sometimes not sorted.  The
+@@ -53,7 +53,7 @@
+ uses an index file to perform a binary search for a hash value. This
+ is much faster than using 'grep', which will do a linear search.  Before
+ a hash database is used, a corresponding index file must be created.
+-This is done with the '-i' option to hfind.  
++This is done with the '\-i' option to hfind.
+ 
+ The resulting index file will be named based on the database file name.
+ The name will have the original name following by the hash type (sha1 
+@@ -81,7 +81,7 @@
+ .SH EXAMPLES
+ To create an MD5 index file for NIST NSRL:
+ 
+-	# hfind -i nsrl-md5 /usr/local/hash/nsrl/NSRLFile.txt
++	# hfind \-i nsrl-md5 /usr/local/hash/nsrl/NSRLFile.txt
+ 
+ To lookup a value in the NSRL:
+ 
+@@ -91,10 +91,11 @@
+ 
+ You can even do both SHA-1 and MD5 if you want:
+ 
+-	# hfind -i nsrl-sha1 /usr/local/hash/nsrl/NSRLFile.txt
++	# hfind \-i nsrl-sha1 /usr/local/hash/nsrl/NSRLFile.txt
+ 
+-	# hfind /usr/local/hash/nsrl/NSRLFile.txt 
+-	76b1f4de1522c20b67acc132937cf82e 80001A80B3F1B80076B297CEE8805AAA04E1B5BA
++	# hfind /usr/local/hash/nsrl/NSRLFile.txt
++	76b1f4de1522c20b67acc132937cf82e
++	80001A80B3F1B80076B297CEE8805AAA04E1B5BA
+ 
+ 	76b1f4de1522c20b67acc132937cf82e  Hash Not Found
+ 
+@@ -104,7 +105,7 @@
+ 
+ 	# md5sum /bin/* /sbin/* /usr/bin/* /usr/bin/* /usr/local/bin/* /usr/local/sbin/* > system.md5
+ 
+-	# hfind -i md5sum system.md5
++	# hfind \-i md5sum system.md5
+ 
+ To look entries up, the following will work:
+ 
+@@ -114,7 +115,7 @@
+ 
+ or
+ 
+-	# md5sum -q /bin/* | hfind system.md5
++	# md5sum \-q /bin/* | hfind system.md5
+ 
+ 	928682269cd3edb1acdf9a7f7e606ff2  /bin/bash
+ 
+@@ -122,9 +123,9 @@
+ 
+ or
+ 
+-	# md5sum -q /bin/* > bin.md5
++	# md5sum \-q /bin/* > bin.md5
+ 
+-	# hfind -f bin.md5 system.md5
++	# hfind \-f bin.md5 system.md5
+ 
+ 	928682269cd3edb1acdf9a7f7e606ff2  /bin/bash
+ 
+--- a/man/icat.1
++++ b/man/icat.1
+@@ -21,7 +21,7 @@
+ .SH ARGUMENTS
+ .IP "-f fstype"
+ Specifies the file system type.  
+-Use '-f list' to list the supported file system types.
++Use '\-f list' to list the supported file system types.
+ If not given, autodetection methods are used.
+ .IP -h
+ Skip over holes in sparse files, so that absolute address information
+@@ -31,7 +31,7 @@
+ .IP -s
+ Include the slack space in the output.
+ .IP "-i imgtype"
+-Identify the type of image file, such as raw or split.  Use '-i list' to list the supported types. 
++Identify the type of image file, such as raw or split.  Use '\-i list' to list the supported types.
+ If not given, autodetection methods are used.
+ .IP "-o imgoffset"
+ The sector offset where the file system starts in the image.  Non-512 byte
+@@ -41,7 +41,7 @@
+ .IP -V
+ Display version
+ .IP "image [images]"
+-One (or more if split) disk or partition images whose format is given with '-i'.
++One (or more if split) disk or partition images whose format is given with '\-i'.
+ .IP inode
+ Inode number. \fBicat\fR concatenates the contents of all specified
+ files.
+--- a/man/blkcalc.1
++++ b/man/blkcalc.1
+@@ -3,8 +3,7 @@
+ blkcalc \- Converts between unallocated disk unit numbers and regular
+ disk unit numbers.  
+ .SH SYNOPSIS
+-.B blkcalc 
+-[-dsu unit_addr] [-vV] [-i imgtype] [-o imgoffset] [-f fstype] image [images]
++.B blkcalc [-dsu unit_addr] [-vV] [-i imgtype] [-o imgoffset] [-f fstype] image [images]
+ .SH DESCRIPTION
+ .B blkcalc
+ creates a disk unit number mapping between two images, one normal and 
+@@ -34,7 +33,7 @@
+ .B -s
+ option is given, then the
+ .B unit_addr
+-value is the disk unit address in the slack image (i.e. from blkls -s).  
++value is the disk unit address in the slack image (i.e. from blkls \-s).
+ The
+ .B image
+ is the full, original image (i.e. from dd).
+@@ -44,11 +43,11 @@
+ in TSK versions prior to 3.0.0.
+ 
+ .IP "-f fstype"
+-Identify the File System type of the image.  
+-Use '-f list' to list the supported file system types.
++Identify the File System type of the image.
++Use '\-f list' to list the supported file system types.
+ If not given, autodetection methods are used.
+ .IP "-i imgtype"
+-Identify the type of image file, such as raw or split.  Use '-i list' to list the supported types. 
++Identify the type of image file, such as raw or split.  Use '\-i list' to list the supported types.
+ If not given, autodetection methods are used.
+ .IP "-o imgoffset"
+ The sector offset where the file system starts in the image.  Non-512 byte
+@@ -66,7 +65,7 @@
+ better documentation.
+ 
+ .SH EXAMPLE
+-# blkcalc -u 64 images/wd0e  
++# blkcalc \-u 64 images/wd0e
+ 
+ .SH "SEE ALSO"
+ .BR blkls (1),
+--- a/man/blkcat.1
++++ b/man/blkcat.1
+@@ -21,23 +21,23 @@
+ .SH ARGUMENTS
+ .IP -a
+ Display the contents in ASCII
+-.IP -f fstype
++.IP "-f fstype"
+ Specify image as a specific file type.  If 'swap' is given
+ here, the image will be displayed in pages of size 4096 bytes.  If 'raw'
+-is given, then 512-bytes is used as the default size.  The '-u' flag
++is given, then 512-bytes is used as the default size.  The '\-u' flag
+ can change the default size.  
+-Use '-f list' to list the supported file system types.
++Use '\-f list' to list the supported file system types.
+ If not given, autodetection methods are used.
+ .IP -h  
+ Display the contents in hexdump 
+ .IP -s
+ Display statistics on the image (unit size, file block size,  \
+ and number of fragments).
+-.IP -u unit_size
++.IP "-u unit_size"
+ Specify the size of the default data unit for raw, blkls, and swap 
+ images.
+ .IP "-i imgtype"
+-Identify the type of image file, such as raw or split.  Use '-i list' to list the supported types. 
++Identify the type of image file, such as raw or split.  Use '\-i list' to list the supported types.
+ If not given, autodetection methods are used.
+ .IP "-o imgoffset"
+ The sector offset where the file system starts in the image.  Non-512 byte
+@@ -49,10 +49,10 @@
+ .IP -w  
+ Display the contents in an HTML table format.  
+ .IP "image [images]"
+-One (or more if split) disk or partition images whose format is given with '-i'.
++One (or more if split) disk or partition images whose format is given with '\-i'.
+ .IP unit_addr
+ Address of the disk unit to display.  The size of a unit on this 
+-file system can be determined using the -s option.  
++file system can be determined using the \-s option.
+ .IP num 
+ Number of data units to display.
+ 
+--- a/man/blkls.1
++++ b/man/blkls.1
+@@ -31,16 +31,16 @@
+ .IP -e
+ Copy every block. The output should be similar to dd.
+ .IP -a
+-Display all allocated blocks (same as -e if -A is also given).
++Display all allocated blocks (same as \-e if \-A is also given).
+ .IP -A
+-Display all unallocated blocks (same as -e if -a is also given). This
++Display all unallocated blocks (same as \-e if \-a is also given). This
+ is the default behavior. 
+ .IP "-f fstype"
+ Specifies the file system type.   
+-Use '-f list' to list the supported file system types.
++Use '\-f list' to list the supported file system types.
+ If not given, autodetection methods are used.
+ .IP "-i imgtype"
+-Identify the type of image file, such as raw or split.  Use '-i list' to list the supported types. 
++Identify the type of image file, such as raw or split.  Use '\-i list' to list the supported types.
+ If not given, autodetection methods are used.
+ .IP "-o imgoffset"
+ The sector offset where the file system starts in the image.  Non-512 byte
+@@ -54,7 +54,7 @@
+ .IP -V
+ Display version.
+ .IP "image [images]"
+-One (or more if split) disk or partition images whose format is given with '-i'.
++One (or more if split) disk or partition images whose format is given with '\-i'.
+ .IP "start-stop ..."
+ Examine the specified block number or number range. 
+ .SH LICENSE
+--- a/man/blkstat.1
++++ b/man/blkstat.1
+@@ -16,10 +16,10 @@
+ 
+ .SH ARGUMENTS
+ .IP "-f fstype"
+-Specify the file system type.  Use '-f list' to list the supported file system types.
++Specify the file system type.  Use '\-f list' to list the supported file system types.
+ If not given, autodetection methods are used.
+ .IP "-i imgtype"
+-Identify the type of image file, such as raw or split. Use '-i list' to list the supported types.  
++Identify the type of image file, such as raw or split. Use '\-i list' to list the supported types.
+ If not given, autodetection methods are used.
+ .IP "-o imgoffset"
+ The sector offset where the file system starts in the image.  Non-512 byte
+@@ -29,7 +29,7 @@
+ .IP -V
+ Display version
+ .IP "image [images]"
+-One (or more if split) disk or partition images whose format is given with '-i'.
++One (or more if split) disk or partition images whose format is given with '\-i'.
+ .IP addr
+ Address to display stats on.  This is a fragment for UNIX file systems or
+ a sector for FAT.  
+--- a/man/ffind.1
++++ b/man/ffind.1
+@@ -15,7 +15,7 @@
+ 
+ .SH ARGUMENTS
+ .IP "image [images]"
+-One (or more if split) disk or partition images whose format is given with '-i'.
++One (or more if split) disk or partition images whose format is given with '\-i'.
+ .IP inode
+ Integer of inode to find.
+ 
+@@ -26,12 +26,12 @@
+ Find deleted entries only.
+ .IP "-f fstype"
+ Identify the file system type of the image.  
+-Use '-f list' to list the supported file system types.
++Use '\-f list' to list the supported file system types.
+ If not given, autodetection methods are used.
+ .IP -u
+ Find undeleted entries only.
+ .IP "-i imgtype"
+-Identify the type of image file, such as raw or split.  Use '-i list' to list the supported types. 
++Identify the type of image file, such as raw or split.  Use '\-i list' to list the supported types.
+ If not given, autodetection methods are used.
+ .IP "-o imgoffset"
+ The sector offset where the file system starts in the image.  Non-512 byte
+@@ -48,7 +48,7 @@
+ .BR ifind(1).
+ 
+ .SH EXAMPLE
+-# ffind -a image 212
++# ffind \-a image 212
+ .SH "SEE ALSO"
+ .BR ifind (1)
+ .SH AUTHOR
+--- a/man/fls.1
++++ b/man/fls.1
+@@ -37,7 +37,7 @@
+ Display directory entries only
+ .IP "-f fstype"
+ The type of file system.  
+-Use '-f list' to list the supported file system types.
++Use '\-f list' to list the supported file system types.
+ If not given, autodetection methods are used.
+ .IP -F  
+ Display file (all non-directory) entries only.  
+@@ -60,10 +60,10 @@
+ follow deleted directories, because it can't. 
+ .IP "-s seconds"
+ The time skew of the original system in seconds.  For example, if the
+-original system was 100 seconds slow, this value would be -100.  This 
+-is only used if -l or -m are given.
++original system was 100 seconds slow, this value would be \-100.  This
++is only used if \-l or \-m are given.
+ .IP "-i imgtype"
+-Identify the type of image file, such as raw or split.  Use '-i list' to list the supported types. 
++Identify the type of image file, such as raw or split.  Use '\-i list' to list the supported types.
+ If not given, autodetection methods are used.
+ .IP "-o imgoffset"
+ The sector offset where the file system starts in the image.  Non-512 byte
+@@ -79,7 +79,7 @@
+ example, EST or GMT.  These strings must be defined by your operating
+ system and may vary.  
+ .IP "image [images]"
+-One (or more if split) disk or partition images whose format is given with '-i'.
++One (or more if split) disk or partition images whose format is given with '\-i'.
+ 
+ .PP
+ Once the inode has been determined, the file can be recovered using
+@@ -94,27 +94,27 @@
+ .SH EXAMPLES
+ To get a list of all files and directories in an image use:
+ 
+-	# fls -r image 2
++	# fls \-r image 2
+ 
+ 	or just (if no inode is specified, the root directory inode is used):
+ 
+-	# fls -r image 
++	# fls \-r image
+ 
+ To get the full path of deleted files in a given directory:
+ 
+-	# fls -d -p image 29
++	# fls \-d \-p image 29
+ 
+ To get the mactime output do:
+ 
+-	# fls -m /usr/local image 2
++	# fls \-m /usr/local image 2
+ 
+ If you have a disk image and the file system starts in sector 63, use:
+ 
+-	# fls -o 63 disk-img.dd 
++	# fls \-o 63 disk-img.dd
+ 
+ If you have a disk image that is split use:
+ 
+-	# fls -i "split" -o 63 disk-1.dd disk-2.dd disk-3.dd
++	# fls \-i "split" \-o 63 disk-1.dd disk-2.dd disk-3.dd
+ 
+ 
+ .SH "SEE ALSO"
+--- a/man/fsstat.1
++++ b/man/fsstat.1
+@@ -23,10 +23,10 @@
+ Print the file system type only. 
+ .IP "-f fstype"
+ Specify the file system type.  
+-Use '-f list' to list the supported file system types.
++Use '\-f list' to list the supported file system types.
+ If not given, autodetection methods are used.
+ .IP "-i imgtype"
+-Identify the type of image file, such as raw or split.  Use '-i list' to list the supported types. 
++Identify the type of image file, such as raw or split.  Use '\-i list' to list the supported types.
+ If not given, autodetection methods are used.
+ .IP "-o imgoffset"
+ The sector offset where the file system starts in the image.  Non-512 byte
+@@ -36,7 +36,7 @@
+ .IP -V
+ Display version
+ .IP "image [images]"
+-One (or more if split) disk or partition images whose format is given with '-i'.
++One (or more if split) disk or partition images whose format is given with '\-i'.
+ 
+ .SH AUTHOR
+ Brian Carrier <carrier at sleuthkit dot org>
diff --git a/debian/patches/series b/debian/patches/series
new file mode 100644
index 0000000..7ce11f3
--- /dev/null
+++ b/debian/patches/series
@@ -0,0 +1,2 @@
+fix-hyphens-manpages.patch
+fix-hfind-manpage.patch
diff --git a/debian/rules b/debian/rules
index bf49baa..8b2e17f 100755
--- a/debian/rules
+++ b/debian/rules
@@ -6,6 +6,8 @@
 # This has to be exported to make some magic below work.
 export DH_OPTIONS
 
+include /usr/share/quilt/quilt.make
+
 # These are used for cross-compiling and for saving the configure script
 # from having to guess our platform (since we know it already)
 DEB_BUILD_ARCH ?= $(shell dpkg-architecture -qDEB_BUILD_ARCH)
@@ -23,18 +25,16 @@ else
 endif
 
 
-clean:
+clean: unpatch
 	dh_testdir
 	dh_testroot
 	rm -f build-stamp build-arch-stamp build-indep-stamp 
 	[ ! -f Makefile ] || $(MAKE) distclean
-	-cat `ls -r debian/patches/*.diff` /dev/null | patch -RENtp1 -r debian/rejected --no-backup-if-mismatch
-	dh_clean config/config.sub config/config.guess debian/rejected debian/*.log
+	dh_clean config/config.sub config/config.guess debian/*.log
 
 
-config.status: configure
+config.status: configure $(QUILT_STAMPFN)
 	dh_testdir
-	-cat debian/patches/*.diff | patch -Ntp1 -r debian/rejected --no-backup-if-mismatch
 	cp -f /usr/share/misc/config.sub /usr/share/misc/config.guess config
 	./configure --host=$(DEB_HOST_GNU_TYPE) --build=$(DEB_BUILD_GNU_TYPE) --prefix=/usr --mandir=\$${prefix}/share/man --infodir=\$${prefix}/share/info CFLAGS="$(CFLAGS)" LDFLAGS="-Wl,-z,defs"
 

-- 
Tools for forensics analysis

More information about the forensics-changes mailing list