As it turns out, OpenOffice use of an internal copy of libicu requires us all to rebuild it, as libicu was found vulnerable. I think this is a good case in point for not using internal libraries.
Now, looking at it, I’ve seen that it still uses an internal copy of STLport. I haven’t found a copy of STLport itself in portage, but I didn’t look around much; still I’d think it would be a good idea NOT to use the internal copy if possible. Also, for what I read on the configure.in
file in OpenOffice, it’s possible to use GCC’s libstdc++ with GCC 3.4 and later, at the expense of breaking ABI. Not sure what uses OpenOffice’s ABI, but I sincerely wouldn’t care. I don’t need any add-on, I just need OpenOffice from time to time, and I want it to be fast and use as less memory as possible; using libstdc++ would save me from loading another STL copy (I already have it loaded for KDE).
Funnily enough, my previous post only counts two bugs closed, one is the OpenOffice one, because of a security issue, the other was gdb’s readline which I fixed myself. I admit it’s not really a good count.
As it turns out, Gentoo developers don’t seem to have enough time to handle everything themselves; I’ll be filing upstream bugs for those things at this point, to see if that helps.