NetBSD Problem Report #45861

From www@NetBSD.org  Fri Jan 20 14:41:14 2012
Return-Path: <www@NetBSD.org>
Received: from mail.netbsd.org (mail.netbsd.org [204.152.190.11])
	by www.NetBSD.org (Postfix) with ESMTP id EA43C63DB0D
	for <gnats-bugs@gnats.NetBSD.org>; Fri, 20 Jan 2012 14:41:13 +0000 (UTC)
Message-Id: <20120120144113.1E07363BD87@www.NetBSD.org>
Date: Fri, 20 Jan 2012 14:41:13 +0000 (UTC)
From: mriedel@umaryland.edu
Reply-To: mriedel@umaryland.edu
To: gnats-bugs@NetBSD.org
Subject: Remove references to /usr/sfw in pkgsrc
X-Send-Pr-Version: www-1.0

>Number:         45861
>Category:       pkg
>Synopsis:       Remove references to /usr/sfw in pkgsrc
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    hans
>State:          open
>Class:          change-request
>Submitter-Id:   net
>Arrival-Date:   Fri Jan 20 14:45:00 +0000 2012
>Last-Modified:  Fri Jan 20 15:28:29 +0000 2012
>Originator:     Matthew Riedel
>Release:        pkgsrc-2011Q4
>Organization:
University of Maryland, Baltimore
>Environment:
SunOS paca 5.10 Generic_147441-09 i86pc i386 i86pc Solaris
>Description:
Starting around 2011Q3 and 2011Q4, pkgsrc started including references to the /usr/sfw branch of software some Solaris machines come installed with.

This is a terrible idea. First, not *all* Solaris installs will have /usr/sfw. Secondly, and most importantly, the software included in /usr/sfw is *ancient*. Even on a recently patched version of Solaris 10, the software in /usr/sfw dates to 2004!

For example:
OpenSSL 0.9.7d 17 Mar 2004 (+ security fixes for: CVE-2005-2969 CVE-2006-2937 CVE-2006-2940 CVE-2006-3738 CVE-2006-4339 CVE-2006-4343 CVE-2007-5135 CVE-2007-3108 CVE-2008-5077 CVE-2008-7270 CVE-2009-0590 CVE-2009-2409 CVE-2009-3555 CVE-2010-4180)

gcc version 3.4.3 (csl-sol210-3_4-branch+sol_rpath) (Nov 2004)

./mysql  Ver 12.22 Distrib 4.0.31, for pc-solaris2.10 (i386) (ca. 2007)

One of the primary reasons that Solaris administrators use pkgsrc is to avoid using stuff from /usr/sfw altogether. So to simply re-include it as part of the bootstrap and build processes is counterproductive.


>How-To-Repeat:
Install pkgsrc-2011Q4 on a Solaris 10 system, and try to bootstrap without having it include /usr/sfw
>Fix:
Remove references to /usr/sfw

>Release-Note:

>Audit-Trail:

Responsible-Changed-From-To: pkg-manager->hans
Responsible-Changed-By: wiz@NetBSD.org
Responsible-Changed-When: Fri, 20 Jan 2012 15:28:29 +0000
Responsible-Changed-Why:
Can you please take a look at this?


>Unformatted:
NetBSD Home
NetBSD PR Database Search
(Contact us) $NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.