Since these emails managed to escape my mail filters and catch my
attention, I'll butt in with my opinion. Apologies if this has been
said already.
Have you considered in-source copies of the modified libraries? Perhaps
as git submodules? If you take full control of building and installing
them, you could either link them statically or install them in a private
directory. Just yesterday I debugged a segfault in icedove which was
caused by the package shipping a custom version of libldap under
/usr/lib/icedove (see [1] for details), so this kind of thing isn't even
unprecedented in Debian.
[1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=703857
--
Mikko
