[gentoo-commits] repo/gentoo:master commit in: net-misc/openssh/

[Sam James]

commit:     ca59d98308f0728b3b7b60d50fa3f244e411c2b1
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Wed Oct  1 00:25:20 2025 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Wed Oct  1 00:25:20 2025 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ca59d983

net-misc/openssh: drop useless USE=pie and SSP

We already default to PIE and -fstack-protector-strong in the toolchain,
there's no point in specifying it again here.

Closes: https://bugs.gentoo.org/616380
Closes: https://bugs.gentoo.org/669048
Signed-off-by: Sam James <sam <AT> gentoo.org>

 net-misc/openssh/openssh-10.0_p2.ebuild | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/net-misc/openssh/openssh-10.0_p2.ebuild 
b/net-misc/openssh/openssh-10.0_p2.ebuild
index 14b86cc3fcf3..32b9143abbf7 100644
--- a/net-misc/openssh/openssh-10.0_p2.ebuild
+++ b/net-misc/openssh/openssh-10.0_p2.ebuild
@@ -28,13 +28,12 @@ LICENSE="BSD GPL-2"
 SLOT="0"
 KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~loong ~m68k ~mips ~ppc ~ppc64 
~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos 
~x64-macos ~x64-solaris"
 # Probably want to drop ssl defaulting to on in a future version.
-IUSE="abi_mips_n32 audit debug kerberos ldns libedit livecd pam +pie 
security-key selinux +ssl static test xmss"
+IUSE="abi_mips_n32 audit debug kerberos ldns libedit livecd pam security-key 
selinux +ssl static test xmss"
 
 RESTRICT="!test? ( test )"
 
 REQUIRED_USE="
        ldns? ( ssl )
-       pie? ( !static )
        static? ( !kerberos !pam )
        xmss? ( ssl  )
        test? ( ssl )
@@ -194,14 +193,16 @@ src_configure() {
                #    Clang (bug #872548), ICEs on m68k (bug #920350, gcc 
PR113086,
                #    gcc PR104820, gcc PR104817, gcc PR110934)).
                #
-               # Furthermore, OSSH_CHECK_CFLAG_COMPILE does not use 
AC_CACHE_CHECK,
-               # so we cannot just disable -fzero-call-used-regs=used.
+               # Furthermore, OSSH_CHECK_CFLAG_COMPILE does not use 
AC_CACHE_CHECK
+               # util 10.1_p1, so we cannot just disable 
-fzero-call-used-regs=used.
                #
                # Therefore, just pass --without-hardening, given it doesn't 
negate
                # our already hardened toolchain defaults, and avoids adding 
flags
                # which are known-broken in both Clang and GCC and haven't been
                # proven reliable.
                --without-hardening
+               --without-pie
+               --without-stackprotect
 
                # wtmpdb not yet packaged
                --without-wtmpdb
@@ -211,7 +212,6 @@ src_configure() {
                $(use_with ldns)
                $(use_with libedit)
                $(use_with pam)
-               $(use_with pie)
                $(use_with selinux)
                $(use_with security-key security-key-builtin)
                $(use_with ssl openssl)