commit: ca59d98308f0728b3b7b60d50fa3f244e411c2b1 Author: Sam James <sam <AT> gentoo <DOT> org> AuthorDate: Wed Oct 1 00:25:20 2025 +0000 Commit: Sam James <sam <AT> gentoo <DOT> org> CommitDate: Wed Oct 1 00:25:20 2025 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ca59d983
net-misc/openssh: drop useless USE=pie and SSP We already default to PIE and -fstack-protector-strong in the toolchain, there's no point in specifying it again here. Closes: https://bugs.gentoo.org/616380 Closes: https://bugs.gentoo.org/669048 Signed-off-by: Sam James <sam <AT> gentoo.org> net-misc/openssh/openssh-10.0_p2.ebuild | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/net-misc/openssh/openssh-10.0_p2.ebuild b/net-misc/openssh/openssh-10.0_p2.ebuild index 14b86cc3fcf3..32b9143abbf7 100644 --- a/net-misc/openssh/openssh-10.0_p2.ebuild +++ b/net-misc/openssh/openssh-10.0_p2.ebuild @@ -28,13 +28,12 @@ LICENSE="BSD GPL-2" SLOT="0" KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris" # Probably want to drop ssl defaulting to on in a future version. -IUSE="abi_mips_n32 audit debug kerberos ldns libedit livecd pam +pie security-key selinux +ssl static test xmss" +IUSE="abi_mips_n32 audit debug kerberos ldns libedit livecd pam security-key selinux +ssl static test xmss" RESTRICT="!test? ( test )" REQUIRED_USE=" ldns? ( ssl ) - pie? ( !static ) static? ( !kerberos !pam ) xmss? ( ssl ) test? ( ssl ) @@ -194,14 +193,16 @@ src_configure() { # Clang (bug #872548), ICEs on m68k (bug #920350, gcc PR113086, # gcc PR104820, gcc PR104817, gcc PR110934)). # - # Furthermore, OSSH_CHECK_CFLAG_COMPILE does not use AC_CACHE_CHECK, - # so we cannot just disable -fzero-call-used-regs=used. + # Furthermore, OSSH_CHECK_CFLAG_COMPILE does not use AC_CACHE_CHECK + # util 10.1_p1, so we cannot just disable -fzero-call-used-regs=used. # # Therefore, just pass --without-hardening, given it doesn't negate # our already hardened toolchain defaults, and avoids adding flags # which are known-broken in both Clang and GCC and haven't been # proven reliable. --without-hardening + --without-pie + --without-stackprotect # wtmpdb not yet packaged --without-wtmpdb @@ -211,7 +212,6 @@ src_configure() { $(use_with ldns) $(use_with libedit) $(use_with pam) - $(use_with pie) $(use_with selinux) $(use_with security-key security-key-builtin) $(use_with ssl openssl)
