pkg/45861: Remove references to /usr/sfw in pkgsrc

[mriedel%umaryland.edu@localhost]

>Number:         45861
>Category:       pkg
>Synopsis:       Remove references to /usr/sfw in pkgsrc
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    pkg-manager
>State:          open
>Class:          change-request
>Submitter-Id:   net
>Arrival-Date:   Fri Jan 20 14:45:00 +0000 2012
>Originator:     Matthew Riedel
>Release:        pkgsrc-2011Q4
>Organization:
University of Maryland, Baltimore
>Environment:
SunOS paca 5.10 Generic_147441-09 i86pc i386 i86pc Solaris
>Description:
Starting around 2011Q3 and 2011Q4, pkgsrc started including references to the 
/usr/sfw branch of software some Solaris machines come installed with.

This is a terrible idea. First, not *all* Solaris installs will have /usr/sfw. 
Secondly, and most importantly, the software included in /usr/sfw is *ancient*. 
Even on a recently patched version of Solaris 10, the software in /usr/sfw 
dates to 2004!

For example:
OpenSSL 0.9.7d 17 Mar 2004 (+ security fixes for: CVE-2005-2969 CVE-2006-2937 
CVE-2006-2940 CVE-2006-3738 CVE-2006-4339 CVE-2006-4343 CVE-2007-5135 
CVE-2007-3108 CVE-2008-5077 CVE-2008-7270 CVE-2009-0590 CVE-2009-2409 
CVE-2009-3555 CVE-2010-4180)

gcc version 3.4.3 (csl-sol210-3_4-branch+sol_rpath) (Nov 2004)

./mysql  Ver 12.22 Distrib 4.0.31, for pc-solaris2.10 (i386) (ca. 2007)

One of the primary reasons that Solaris administrators use pkgsrc is to avoid 
using stuff from /usr/sfw altogether. So to simply re-include it as part of the 
bootstrap and build processes is counterproductive.


>How-To-Repeat:
Install pkgsrc-2011Q4 on a Solaris 10 system, and try to bootstrap without 
having it include /usr/sfw
>Fix:
Remove references to /usr/sfw