The openoffice-bin package seems to bundle a whole python 2.3.4 in /usr/lib/openoffice/basis3.0/program/python-core-2.3.4/ (for OOo 3.0, it was somewhere else for 2.x), after a quick compare with my system python. Two of those binaries have text relocations, /usr/lib/openoffice/basis3.0/program/python-core-2.3.4/lib/lib-dynload/{_curses,_curses_panel}.so . It does not bode well for hardened Gentoo. Reproducible: Always Steps to Reproduce: 1. emerge openoffice-bin 2. As root (to search everywhere), scanelf -aq -lpR | grep TEXTREL 3. Watch the command results Actual Results: 0444 LE TEXTREL /usr/lib/openoffice/basis3.0/program/python-core-2.3.4/lib/lib-dynload/_curses.so 0444 LE TEXTREL /usr/lib/openoffice/basis3.0/program/python-core-2.3.4/lib/lib-dynload/_curses_panel.so Expected Results: No output from scanelf because OpenOffice uses a properly built system Python. I wonder if it is possible to add an hardened USE flag which would pull only the required source code to bridge the Python and OpenOffice.org without downloading and compiling the whole OpenOffice, which is the point of providing a binary ebuild.
Created attachment 177351 [details] emerge --info
I tried last 2 releases with simple symlink /usr/lib64/python2.6 -> /usr/lib/openoffice/basis3.2/program/python-core-${VERSION_THEY_BUNDLED}/lib And i observed no failitures when using ooo... (just saying)
Messing with the binary package is quite pain and it will need complete overhaul, duping this bug against the bit more recent complain about its bundles. *** This bug has been marked as a duplicate of bug 361695 ***