This is an auto-filled bug because this package does not respect user's CFLAGS. While SSP is really good for security purpose, I'd expect that with CFLAGS="-fno-stack-protector" the package should not have stack protection. In this case the file /usr/bin/q (and maybe some other file from this package) has stack protection. To check the SSP status you can use: checksec --file /usr/bin/q (from app-admin/checksec) hardening-check /usr/bin/q (from app-admin/hardening-check) readelf -sW /usr/bin/q | grep "__stack_chk_fail"
On Linux, a single Makefile is used, which just honours CFLAGS. I see almost all of my binaries having __stack_chk_fail references, but I don't have -fstack-protector in CFLAGS. Is this really a portage-utils bug, or a toolchain problem?
I'm sorry for the bugspam but this bug comes from a false-positive, more info at https://bugs.gentoo.org/679788#c2