New gcc-glibc-nopie branch; build gcc and glibc with PIE switches _off_.

svn path=/; revision=129

62 files changed, 10192 insertions, 0 deletions

diff --git a/hardened/toolchain/branches/gcc-glibc-nopie/app-admin/eselect-compiler/Manifest b/hardened/toolchain/branches/gcc-glibc-nopie/app-admin/eselect-compiler/Manifest
new file mode 100644
index 0000000..193299e
--- /dev/null
+++ b/hardened/toolchain/branches/gcc-glibc-nopie/app-admin/eselect-compiler/Manifest
@@ -0,0 +1,16 @@
+AUX eselect-compiler-2.0.0_rc2-bug135688.patch 629 RMD160 be1fd106a4c0786164ad2c0b8419b75081750ced SHA1 60fa40a1877aed95135beab5f72214606790e591 SHA256 8b7d1da1523882cb89971a1148d712096ca40d3ed3402d6776372e4bc991d0b0
+MD5 5345327d24f6f34afc433ac7514f8ff7 files/eselect-compiler-2.0.0_rc2-bug135688.patch 629
+RMD160 be1fd106a4c0786164ad2c0b8419b75081750ced files/eselect-compiler-2.0.0_rc2-bug135688.patch 629
+SHA256 8b7d1da1523882cb89971a1148d712096ca40d3ed3402d6776372e4bc991d0b0 files/eselect-compiler-2.0.0_rc2-bug135688.patch 629
+AUX eselect-compiler-integrate_specs_ccache_distcc.patch 9275 RMD160 46ada19e560d02fd5cbc706d779c6baf61908827 SHA1 429adc2db044dab45144543a1140ea10c2e133fa SHA256 326d1f8f65056c9ae0746bfa57e42c7b7b902de1b0de52d30f38201cc404fe4c
+MD5 b47aa4c65da8ac31a139b7d0a1030ae9 files/eselect-compiler-integrate_specs_ccache_distcc.patch 9275
+RMD160 46ada19e560d02fd5cbc706d779c6baf61908827 files/eselect-compiler-integrate_specs_ccache_distcc.patch 9275
+SHA256 326d1f8f65056c9ae0746bfa57e42c7b7b902de1b0de52d30f38201cc404fe4c files/eselect-compiler-integrate_specs_ccache_distcc.patch 9275
+DIST eselect-compiler-2.0.0_rc2.tar.gz 117489 RMD160 03e6a8aa2d04a2c0b931325213ce224e5dceb7fe SHA1 97084a5a00357247c6158c72047f7254a42501d6 SHA256 fbd953c79e7d74636d16b70324f4f6573a0993d257212f5f6c04fe866d458eb9
+EBUILD eselect-compiler-2.0.0_rc2-r1.ebuild 5330 RMD160 b2790139efc8eaf86ad38e5d54b4ee0e514b8af6 SHA1 e6eecb0d7af85f5f09b00545eac0b7eca34163e6 SHA256 472fd9c00fbac64283e8ab4c6c6e3d5ec8c5c3323b4f2b133c4636f9e07fdb24
+MD5 0467a1bd80b28b19acb0bba0dd861caa eselect-compiler-2.0.0_rc2-r1.ebuild 5330
+RMD160 b2790139efc8eaf86ad38e5d54b4ee0e514b8af6 eselect-compiler-2.0.0_rc2-r1.ebuild 5330
+SHA256 472fd9c00fbac64283e8ab4c6c6e3d5ec8c5c3323b4f2b133c4636f9e07fdb24 eselect-compiler-2.0.0_rc2-r1.ebuild 5330
+MD5 fd67966cee9d0e3df4074312e90890f7 files/digest-eselect-compiler-2.0.0_rc2-r1 280
+RMD160 fd9726bdf30b04feab248c39a251eb2970abd6e0 files/digest-eselect-compiler-2.0.0_rc2-r1 280
+SHA256 bb2674b9c7b6583e433282c764ec02799852867226fec4708f62c60825ecaf43 files/digest-eselect-compiler-2.0.0_rc2-r1 280
diff --git a/hardened/toolchain/branches/gcc-glibc-nopie/app-admin/eselect-compiler/eselect-compiler-2.0.0_rc2-r1.ebuild b/hardened/toolchain/branches/gcc-glibc-nopie/app-admin/eselect-compiler/eselect-compiler-2.0.0_rc2-r1.ebuild
new file mode 100644
index 0000000..c848ee6
--- /dev/null
+++ b/hardened/toolchain/branches/gcc-glibc-nopie/app-admin/eselect-compiler/eselect-compiler-2.0.0_rc2-r1.ebuild
@@ -0,0 +1,168 @@
+# Copyright 1999-2006 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/app-admin/eselect-compiler/eselect-compiler-2.0.0_rc2-r1.ebuild,v 1.5 2006/09/23 18:56:16 eradicator Exp $
+
+inherit eutils multilib toolchain-funcs
+
+DESCRIPTION="Utility to configure the active toolchain compiler"
+HOMEPAGE="http://www.gentoo.org/"
+
+SRC_URI="mirror://gentoo/${P}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
+IUSE="hardened"
+
+RDEPEND="sys-apps/mktemp"
+
+# We want to verify that compiler profiles exist for our toolchain
+pkg_setup() {
+	# If not a first time install, verify existence of profiles (bug #139016)
+	if [[ -f "${ROOT}/etc/eselect/compiler/selection.conf" ]] ; then
+
+		delete_invalid_profiles
+
+		local abi
+		for abi in $(get_all_abis) ; do
+			local ctarget=$(get_abi_CHOST ${abi})
+			if ! grep -q "^[[:space:]]*ctarget=${ctarget}$" ${ROOT}/etc/eselect/compiler/*.conf ; then
+				eerror "We weren't able to find a valid eselect compiler profile for ${abi}."
+				eerror "Please do the following to re-emerge gcc, then retry emerging"
+				eerror "eselect-compiler:"
+				eerror "# emerge -v --oneshot sys-devel/gcc"
+
+				die "Missing eselect-compiler profile for ${abi}"
+			fi
+		done
+	fi
+}
+
+pkg_postinst() {
+	# For bug #135749
+	cp -f "${ROOT}"/usr/libexec/eselect/compiler/compiler-wrapper "${ROOT}"/lib/cpp
+
+	# Activate the profiles
+	if [[ -f "${ROOT}/etc/eselect/compiler/selection.conf" ]] ; then
+		eselect compiler update
+	elif has_version sys-devel/gcc; then # (bug #139830)
+		ewarn "This looks like the first time you are installing eselect-compiler.  We are"
+		ewarn "activating toolchain profiles for the CTARGETs needed by your portage"
+		ewarn "profile.  You should have profiles installed from compilers that you emerged"
+		ewarn "after October, 2005.  If a compiler you have installed is missing an"
+		ewarn "eselect-compiler profile, you can either re-emerge the compiler, create the"
+		ewarn "profile yourself, or you can migrate profiles from gcc-config-1.x by doing:"
+		ewarn "# eselect compiler migrate"
+		ewarn
+		ewarn "Note that if you use the migration tool, your current profiles will be"
+		ewarn "replaced, so you should backup the data in /etc/eselect/compiler first."
+		echo
+		einfo "The following profiles have been activated.  If an incorrect profile is"
+		einfo "chosen or an error is reported, please use 'eselect compiler set' to"
+		einfo "manually choose it"
+
+		local abi
+		for abi in $(get_all_abis) ; do
+			local ctarget=$(get_abi_CHOST ${abi})
+			local extra_options=""
+
+			if [[ ${abi} == ${DEFAULT_ABI} ]] ; then
+				extra_options="-n"
+			fi
+
+			local spec
+			if use hardened ; then
+				spec="hardened"
+			else
+				spec="vanilla"
+			fi
+
+			local isset=0
+			local tuple
+			for tuple in "${CHOST}" "${CTARGET}" "${ctarget}" ; do
+				local version
+				for version in "$(gcc-fullversion)" ; do
+					local profile
+					for profile in "${abi}-${spec}" "${spec}" "${abi}-default" "default" "${abi}-vanilla" "vanilla" ; do
+						if eselect compiler set ${tuple}-${version}/${profile} ${extra_options} &> /dev/null ; then
+							einfo "${abi}: ${tuple}-${version}/${profile}"
+
+							isset=1
+							break
+						fi
+					done
+					[[ ${isset} == 1 ]] && break
+				done
+				[[ ${isset} == 1 ]] && break
+			done
+
+			if [[ ${isset} == 0 ]] ; then
+				eerror "${abi}: Unable to determine an appropriate profile.  Please set manually."
+			fi
+		done
+	else
+		ewarn "Note; eselect-compiler will not be operational until you install a compiler."
+	fi
+
+	local file
+	local resource_profile=0
+	for file in ${ROOT}/etc/env.d/05gcc* ; do
+		if [[ -f ${file} ]] ; then
+			ewarn "Removing env.d entry which was used by gcc-config:"
+			ewarn "    ${file}"
+
+			rm -f ${file}
+
+			resource_profile=1
+		fi
+	done
+
+	if [[ ${resource_profile} == 1 ]] ; then
+		echo
+		ewarn "You should source /etc/profile in your open shells."
+
+	fi
+}
+
+src_unpack() {
+	unpack ${A}
+	cd ${S}
+	epatch ${FILESDIR}/eselect-compiler-2.0.0_rc2-bug135688.patch
+	# Integrate specs setting into wrapper.
+	epatch ${FILESDIR}/eselect-compiler-integrate_specs_ccache_distcc.patch
+}
+
+src_install() {
+	dodoc README
+	make DESTDIR="${D}" install || die
+
+	doenvd ${FILESDIR}/25eselect-compiler
+
+	# This is installed by sys-devel/gcc-config
+	rm ${D}/usr/bin/gcc-config
+}
+
+# The profiles are protected by CONFIG_PROJECT until eselect-compiler is installed, so we need to clean out
+# the invalid profiles when eselect-compiler is first installed
+delete_invalid_profiles() {
+	# Some toolchain.eclass installed confs had some bugs in them. We
+	# could just use sed to update them, but then portage won't remove
+	# them automatically on unmerge.
+	local file
+	for file in $(grep "^[[:space:]]*chost=" ${ROOT}/etc/eselect/compiler/*.conf | cut -f1 -d:)  ; do
+		rm ${file}
+	done
+	for file in $(grep "^[[:space:]]*spec=" ${ROOT}/etc/eselect/compiler/*.conf | cut -f1 -d:)  ; do
+		rm ${file}
+	done
+
+	# First we need to clean out /etc/eselect/compiler as there may
+	# be some profiles in there which were not unmerged with gcc.
+	local item
+	for item in $(grep "^[[:space:]]*binpath=" ${ROOT}/etc/eselect/compiler/*.conf | sed 's/:.*binpath=/:/') ; do
+		local file=${item%:*}
+		local binpath=${item#*:}
+		[[ -d ${binpath} ]] || rm ${file}
+	done
+}
+
diff --git a/hardened/toolchain/branches/gcc-glibc-nopie/app-admin/eselect-compiler/files/digest-eselect-compiler-2.0.0_rc2-r1 b/hardened/toolchain/branches/gcc-glibc-nopie/app-admin/eselect-compiler/files/digest-eselect-compiler-2.0.0_rc2-r1
new file mode 100644
index 0000000..dbd6601
--- /dev/null
+++ b/hardened/toolchain/branches/gcc-glibc-nopie/app-admin/eselect-compiler/files/digest-eselect-compiler-2.0.0_rc2-r1
@@ -0,0 +1,3 @@
+MD5 278f76e8542bfc8859759fcd475c54f2 eselect-compiler-2.0.0_rc2.tar.gz 117489
+RMD160 03e6a8aa2d04a2c0b931325213ce224e5dceb7fe eselect-compiler-2.0.0_rc2.tar.gz 117489
+SHA256 fbd953c79e7d74636d16b70324f4f6573a0993d257212f5f6c04fe866d458eb9 eselect-compiler-2.0.0_rc2.tar.gz 117489
diff --git a/hardened/toolchain/branches/gcc-glibc-nopie/app-admin/eselect-compiler/files/eselect-compiler-2.0.0_rc2-bug135688.patch b/hardened/toolchain/branches/gcc-glibc-nopie/app-admin/eselect-compiler/files/eselect-compiler-2.0.0_rc2-bug135688.patch
new file mode 100644
index 0000000..1b5c3e4
--- /dev/null
+++ b/hardened/toolchain/branches/gcc-glibc-nopie/app-admin/eselect-compiler/files/eselect-compiler-2.0.0_rc2-bug135688.patch
@@ -0,0 +1,13 @@
+Index: compiler.eselect.in
+===================================================================
+--- compiler-config-2.0.0_rc2/src/profile-manager/compiler.eselect.in	(revision 271)
++++ compiler-config-2.0.0_rc2/src/profile-manager/compiler.eselect.in	(working copy)
+@@ -380,7 +380,7 @@
+ 		postopts="${postopts} --native"
+ 	else
+ 		# Figure out what bins are installed for the default CTARGET in case we are or are becoming default
+-		set_v="COMPILER_CONFIG_SET_${COMPILER_CONFIG_DEFAULT_CTARGET}"
++		set_v="COMPILER_CONFIG_SET_${COMPILER_CONFIG_DEFAULT_CTARGET//[-.]/_}"
+ 		if [[ -n ${!set_v} ]] ; then
+ 			oldprofile=${!set_v}
+ 
diff --git a/hardened/toolchain/branches/gcc-glibc-nopie/app-admin/eselect-compiler/files/eselect-compiler-integrate_specs_ccache_distcc.patch b/hardened/toolchain/branches/gcc-glibc-nopie/app-admin/eselect-compiler/files/eselect-compiler-integrate_specs_ccache_distcc.patch
new file mode 100644
index 0000000..01694a9
--- /dev/null
+++ b/hardened/toolchain/branches/gcc-glibc-nopie/app-admin/eselect-compiler/files/eselect-compiler-integrate_specs_ccache_distcc.patch
@@ -0,0 +1,310 @@
+--- src/compiler-wrapper/compiler-wrapper.c.orig	2006-04-04 11:11:59.000000000 +0200
++++ src/compiler-wrapper/compiler-wrapper.c	2006-04-05 23:46:14.000000000 +0200
+@@ -94,6 +94,13 @@
+ #define MAXPATHLEN 1023
+ #endif
+ 
++#ifndef FALSE
++#define FALSE 0
++#endif
++#ifndef TRUE
++#define TRUE 1
++#endif
++
+ typedef struct {
+ 	/* The CHOST being compiled for.  This is determined by $ABI (deprecated),
+ 	 * the prefix of the executable, the environment ($CHOST), or the default
+@@ -136,19 +143,17 @@
+ 		"-m32", "-m64", "-mabi", NULL
+ 	};
+ 
+-	retargv = argv;
+-
+ 	/* make sure user hasn't specified any ABI flags already ...
+ 	 * if they have, lets just get out of here */
+ 	for (argc = 0; argv[argc]; ++argc)
+ 		for (i = 0; abiFlags[i]; ++i)
+ 			if (!strncmp(argv[argc], abiFlags[i], strlen(abiFlags[i])))
+-				return retargv;
++				return argv;
+ 
+ 	/* Tokenize the flag list and put it into newflags array */
+ 	flagsTokenized = strdup(newFlagsStr);
+ 	if (flagsTokenized == NULL)
+-		return retargv;
++		return argv;
+ 	i = 0;
+ 	newFlags[i] = strtok_r(flagsTokenized, " \t\n", &state);
+ 	while (newFlags[i] != NULL && i < MAX_NEWFLAGS-1)
+@@ -156,6 +161,10 @@
+ 
+ 	/* allocate memory for our spiffy new argv */
+ 	retargv = (char**)calloc(argc + i + 1, sizeof(char*));
++	if (retargv == NULL) {
++		free(flagsTokenized);
++		return argv;
++	}
+ 	/* start building retargv */
+ 	retargv[0] = argv[0];
+ 	/* insert the ABI flags first so cmdline always overrides ABI flags */
+@@ -164,9 +173,152 @@
+ 	if (argc > 1)
+ 		memcpy(retargv+1+i, argv+1, (argc-1) * sizeof(char*));
+ 
++	free(flagsTokenized);
++
++	return retargv;
++}
++
++/** Prepend SPECS to the argv list */
++static char **buildNewArgvSpecs(char **argv, const char *newSpecsStr) {
++#define MAX_NEWSPECS 32
++	char *newSpecs[MAX_NEWSPECS];
++	char **retargv;
++	unsigned int argc;
++	size_t nspecs;
++	char *state, *flagsTokenized;
++	char *spec;
++
++	for (argc = 0; argv[argc]; ++argc);
++
++	/* Tokenize the flag list and put it into newflags array */
++	flagsTokenized = strdup(newSpecsStr);
++	if (flagsTokenized == NULL)
++		return argv;
++	nspecs = 0;
++	for (spec = strtok_r(flagsTokenized, ":", &state);
++		 spec != NULL && nspecs < MAX_NEWSPECS;
++		 spec = strtok_r(NULL, ":", &state)) {
++		newSpecs[nspecs] = (char *)malloc((strlen(spec)+8) * sizeof(char));
++		if (newSpecs[nspecs] == NULL) {
++			free(flagsTokenized);
++			return argv;
++		}
++		snprintf(newSpecs[nspecs], strlen(spec)+8, "-specs=%s", spec);
++		nspecs++;
++	}
++
++	/* allocate memory for our spiffy new argv */
++	retargv = (char**)calloc(argc + nspecs + 1, sizeof(char*));
++	if (retargv == NULL) {
++		free(flagsTokenized);
++		return argv;
++	}
++	/* start building retargv */
++	retargv[0] = argv[0];
++	/* insert the ABI flags first so cmdline always overrides ABI flags */
++	memcpy(retargv+1, newSpecs, nspecs * sizeof(char*));
++	/* copy over the old argv */
++	if (argc > 1)
++		memcpy(retargv+1+nspecs, argv+1, (argc-1) * sizeof(char*));
++
++	free(flagsTokenized);
++
+ 	return retargv;
+ }
+ 
++/** Add path to the environment variable envVar */
++static int addPathToEnv(char *envVar, char *path) {
++	char *envVal;
++	char *newEnvVal;
++
++	envVal = getenv(envVar);
++	if (envVal == NULL) {
++		newEnvVal=strdup(path);
++		if (newEnvVal == NULL)
++			return FALSE;
++	} else {
++		newEnvVal = (char *)malloc((strlen(envVal)+1+strlen(path)+1)*sizeof(char));
++		if (newEnvVal == NULL)
++			return FALSE;
++		snprintf(newEnvVal, strlen(envVal)+1+strlen(path)+1, "%s:%s", envVal,path);
++	}
++	setenv(envVar,newEnvVal,TRUE);
++	return TRUE;
++}
++
++static char **prependArgv(char **argv, char *bin) {
++	int argc;
++	char **newArgv;
++	for (argc=0; argv[argc]; argc++);
++	newArgv = (char**)calloc(argc + 2, sizeof(char*));
++	if (newArgv == NULL)
++		return argv;
++	newArgv[0]=bin;
++	memcpy(newArgv+1,argv,(argc + 1) * sizeof(char *));
++	return newArgv;
++}
++
++/** Return TRUE iff word is in COMPILER_FEATURES and -word is not (last wins) */
++static int inFeatures(char *word) {
++	char *features, *feature;
++	char *state, *featuresTokenised;
++	int on;
++
++	features = getenv("COMPILER_FEATURES");
++	if (features==NULL)
++		return FALSE;
++	featuresTokenised = strdup(features);
++	if (featuresTokenised == NULL)
++		return FALSE;
++	on = FALSE;
++	for (feature = strtok_r(featuresTokenised, " \t\n", &state);
++		 feature != NULL;
++		 feature = strtok_r(NULL, " \t\n", &state)) {
++		if (strcmp(feature,word)==0) {
++			on = TRUE;
++		} else if (word[0]=='-' && strcmp(feature,word+1)==0) {
++			on = FALSE;
++		}
++	}
++	return on;
++}
++
++/** Return TRUE iff distcc is wanted */
++static int distccRequired(void) {
++	return inFeatures("distcc");
++}
++
++/** Return TRUE iff distcc is wanted */
++static int ccacheRequired(void) {
++	return inFeatures("ccache");
++}
++
++/** Set environment variable envVar to environment variable envDir
++ * suffixed with , provided envVar is empty or not defined.
++ * Returns TRUE if the envVar is already set, or if it is
++ * successfully set. */
++static int appendEnv(char *envVar, char *envDir, char *suffix) {
++	char *envVarVal;
++	char *envDirVal;
++	envVarVal = getenv (envVar);
++	if (envVarVal == NULL || strlen(envVarVal)==0) {
++		if (envDir == NULL) {
++			setenv(envVar,suffix,TRUE);
++		} else {
++			envDirVal = getenv(envDir);
++			if (envDirVal == NULL)
++				return FALSE;
++			envVarVal = (char *)malloc((strlen(envDirVal)+strlen(suffix)+1)*sizeof(char));
++			if (envVarVal == NULL)
++				return FALSE;
++			if (snprintf(envVarVal, strlen(envDirVal)+strlen(suffix)+1,"%s%s",envDirVal,suffix) < 0)
++				return FALSE;
++			setenv(envVar,envVarVal,TRUE);
++		}
++	}
++	return TRUE;
++}
++
+ /** Set the ctarget and profile */
+ static void setCtargetAndProfile(WrapperData *data) {
+ 	char tmp[MAXPATHLEN + 1];
+@@ -265,29 +417,26 @@
+ }
+ 
+ int main(int argc, char *argv[]) {
+-	WrapperData *data;
++	WrapperData data;
+ 	char *extraCflags = NULL;
++	char *gcc_specs;
+ 	
+-	data = (WrapperData *)alloca(sizeof(WrapperData));
+-	if(data == NULL)
+-		die("Memory allocation failure.");
+-
+ 	/* Load the config file */
+-	data->selectionConf = loadSelectionConf(CONFIGURATION_DIR, 1);
+-	if(data->selectionConf == NULL)
++	data.selectionConf = loadSelectionConf(CONFIGURATION_DIR, 1);
++	if(data.selectionConf == NULL)
+ 		die("Memory allocation failure.");
+ 
+ 	/* The argv to pass to the forked process.  Defaults to be the same */
+-	data->argv = argv;
++	data.argv = argv;
+ 
+ 	/* Figure out out CTARGET and our Profile */
+-	setCtargetAndProfile(data);
++	setCtargetAndProfile(&data);
+ 
+ 	/* Determine what binary we will be executing */
+-	setExecBinary(data);
++	setExecBinary(&data);
+ 
+ 	/* Do we need to set any additional CFLAGS? */
+-	if(data->selectionConf->useABI && getenv("ABI")) {
++	if(data.selectionConf->useABI && getenv("ABI")) {
+ 		/* This functionality is deprecated and subject to be removed
+ 		 * once all profiles in portage nolonger depend on it.
+ 		 */
+@@ -297,29 +446,60 @@
+ 		if (getenv(envvar))
+ 			extraCflags = getenv(envvar);
+ 	} else {
+-		extraCflags = ((Profile *)hashGet(data->selectionConf->selectionHash, data->ctarget))->cflags;
++		extraCflags = ((Profile *)hashGet(data.selectionConf->selectionHash, data.ctarget))->cflags;
+ 	}
+ 
+ 	if(extraCflags) {
+-		data->argv = buildNewArgv(data->argv, extraCflags);
+-		if(data->argv == NULL)
++		data.argv = buildNewArgv(data.argv, extraCflags);
++		if(data.argv == NULL)
+ 			die("Memory allocation failure.");
+ 	}
+ 
+-	/* Select the appropriate GCC specs file */
+-	if(data->profile->specs && getenv("GCC_SPECS") == NULL)
+-		setenv("GCC_SPECS", data->profile->specs, 1);
++	/* Convert env specs or config specs into arguments
++	 * Env GCC_SPECS is honoured for native compiler only
++	 */
++	gcc_specs = getenv("GCC_SPECS");
++	if (gcc_specs &&
++		strcmp(data.ctarget, data.selectionConf->defaultCtarget) == 0) {
++		data.argv = buildNewArgvSpecs(data.argv, gcc_specs);
++	} else if (data.profile->specs) {
++		data.argv = buildNewArgvSpecs(data.argv, data.profile->specs);
++	}
++	unsetenv("GCC_SPECS");
+ 
+ 	/* Set argv[0] to the correct binary (the full path
+ 	 * of the binary we are executing), else gcc can't
+ 	 * find internal headers
+ 	 * http://bugs.gentoo.org/show_bug.cgi?id=8132
+ 	 */
+-	data->argv[0] = data->execBinary;
++	data.argv[0] = data.execBinary;
++
++	/* Prepend distcc, if enabled.
++	 * Set DISTCC_DIR to PORTAGE_TMPDIR/.distcc if not already set
++	 * Append DISTCC_DIR to SANDBOX_WRITE
++	 * Shuffle argv and set argv[0] to /usr/bin/distcc
++	 */
++	if (distccRequired() &&
++		appendEnv("DISTCC_DIR", "PORTAGE_TMPDIR", "/.distcc") &&
++		addPathToEnv("SANDBOX_WRITE",getenv("DISTCC_DIR"))) {
++		data.argv = prependArgv(data.argv, "/usr/bin/distcc");
++	}
++
++	/* Prepend ccache, if enabled.
++	 * Set CCACHE_DIR to /var/tmp/ccache if not already set
++	 * Append CCACHE_DIR to SANDBOX_WRITE, SANDBOX_READ
++	 * Shuffle argv and set argv[0] to /usr/bin/ccache
++	 */
++	if (ccacheRequired() &&
++		appendEnv("CCACHE_DIR", NULL, "/var/tmp/ccache") &&
++		addPathToEnv("SANDBOX_READ",getenv("CCACHE_DIR")) &&
++		addPathToEnv("SANDBOX_WRITE",getenv("CCACHE_DIR"))) {
++		data.argv = prependArgv(data.argv, "/usr/bin/ccache");
++	}
+ 
+ 	/* Ok, lets exec it. */
+-	if (execv(data->execBinary, data->argv) < 0)
+-		die("Could not run/locate \"%s\"", data->execBinary);
++	if (execv(data.argv[0], data.argv) < 0)
++		die("Could not run/locate \"%s\"", data.argv[0]);
+ 
+ 	return 0;
+ }
diff --git a/hardened/toolchain/branches/gcc-glibc-nopie/distfiles/gcc-4.1.1-piepatches-v9.0.6.tar.bz2 b/hardened/toolchain/branches/gcc-glibc-nopie/distfiles/gcc-4.1.1-piepatches-v9.0.6.tar.bz2
new file mode 100644
index 0000000..c73c0dd
--- /dev/null
+++ b/hardened/toolchain/branches/gcc-glibc-nopie/distfiles/gcc-4.1.1-piepatches-v9.0.6.tar.bz2
diff --git a/hardened/toolchain/branches/gcc-glibc-nopie/eclass/flag-o-matic.eclass b/hardened/toolchain/branches/gcc-glibc-nopie/eclass/flag-o-matic.eclass
new file mode 100644
index 0000000..8fd86f7
--- /dev/null
+++ b/hardened/toolchain/branches/gcc-glibc-nopie/eclass/flag-o-matic.eclass
@@ -0,0 +1,635 @@
+# Copyright 1999-2006 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/eclass/flag-o-matic.eclass,v 1.113 2006/11/15 22:46:52 vapier Exp $
+#
+# Maintainer: base-system@gentoo.org
+
+# need access to emktemp()
+inherit eutils toolchain-funcs multilib
+
+#
+#### filter-flags <flags> ####
+# Remove particular flags from C[XX]FLAGS
+# Matches only complete flags
+#
+#### append-flags <flags> ####
+# Add extra flags to your current C[XX]FLAGS
+#
+#### replace-flags <orig.flag> <new.flag> ###
+# Replace a flag by another one
+#
+#### replace-cpu-flags <old.cpus> <new.cpu> ###
+# Replace march/mcpu flags that specify <old.cpus>
+# with flags that specify <new.cpu>
+#
+#### is-flag[q] <flag> ####
+# Returns "true" if flag is set in C[XX]FLAGS
+# Matches only complete a flag
+# q version sets return code but doesn't echo
+#
+#### is-ldflag[q] <flag> ####
+# Returns "true" if flag is set in LDFLAGS
+# Matches only complete a flag
+# q version sets return code but doesn't echo
+#
+#### strip-flags ####
+# Strip C[XX]FLAGS of everything except known
+# good options.
+#
+#### strip-unsupported-flags ####
+# Strip C[XX]FLAGS of any flags not supported by
+# installed version of gcc
+#
+#### get-flag <flag> ####
+# Find and echo the value for a particular flag
+#
+#### replace-sparc64-flags ####
+# Sets mcpu to v8 and uses the original value
+# as mtune if none specified.
+#
+#### filter-mfpmath <math types> ####
+# Remove specified math types from the fpmath specification
+# If the user has -mfpmath=sse,386, running `filter-mfpmath sse`
+# will leave the user with -mfpmath=386
+#
+#### append-ldflags ####
+# Add extra flags to your current LDFLAGS
+#
+#### filter-ldflags <flags> ####
+# Remove particular flags from LDFLAGS
+# Matches only complete flags
+#
+#### bindnow-flags ####
+# Returns the flags to enable "now" binding in the current selected linker.
+#
+################ DEPRECATED functions ################
+# The following are still present to avoid breaking existing
+# code more than necessary; however they are deprecated. Please
+# use gcc-specs-* from toolchain-funcs.eclass instead, if you
+# need to know which hardened techs are active in the compiler.
+# See bug #100974
+#
+#### has_hardened ####
+# Returns true if the compiler has 'Hardened' in its version string,
+# (note; switched-spec vanilla compilers satisfy this condition) or
+# the specs file name contains 'hardened'.
+#
+#### has_pie ####
+# Returns true if the compiler by default or with current CFLAGS
+# builds position-independent code.
+#
+#### has_pic ####
+# Returns true if the compiler by default or with current CFLAGS
+# builds position-independent code.
+#
+#### has_ssp_all ####
+# Returns true if the compiler by default or with current CFLAGS
+# generates stack smash protections for all functions
+#
+#### has_ssp ####
+# Returns true if the compiler by default or with current CFLAGS
+# generates stack smash protections for most vulnerable functions
+#
+
+# C[XX]FLAGS that we allow in strip-flags
+setup-allowed-flags() {
+	if [[ -z ${ALLOWED_FLAGS} ]] ; then
+		export ALLOWED_FLAGS="-pipe"
+		export ALLOWED_FLAGS="${ALLOWED_FLAGS} -O -O0 -O1 -O2 -mcpu -march -mtune"
+		export ALLOWED_FLAGS="${ALLOWED_FLAGS} -fstack-protector -fstack-protector-all"
+		export ALLOWED_FLAGS="${ALLOWED_FLAGS} -fbounds-checking -fno-bounds-checking"
+		export ALLOWED_FLAGS="${ALLOWED_FLAGS} -fno-PIE -fno-pie -fno-unit-at-a-time"
+		export ALLOWED_FLAGS="${ALLOWED_FLAGS} -g -g0 -g1 -g2 -g3 -ggdb -ggdb0 -ggdb1 -ggdb2 -ggdb3"
+		export ALLOWED_FLAGS="${ALLOWED_FLAGS} -fno-ident"
+	fi
+	# allow a bunch of flags that negate features / control ABI
+	ALLOWED_FLAGS="${ALLOWED_FLAGS} -fno-stack-protector -fno-stack-protector-all"
+	ALLOWED_FLAGS="${ALLOWED_FLAGS} -mregparm -mno-app-regs -mapp-regs \
+		-mno-mmx -mno-sse -mno-sse2 -mno-sse3 -mno-3dnow \
+		-mips1 -mips2 -mips3 -mips4 -mips32 -mips64 -mips16 \
+		-msoft-float -mno-soft-float -mhard-float -mno-hard-float -mfpu \
+		-mieee -mieee-with-inexact -mschedule \
+		-mtls-direct-seg-refs -mno-tls-direct-seg-refs \
+		-mflat -mno-flat -mno-faster-structs -mfaster-structs \
+		-m32 -m64 -mabi -mlittle-endian -mbig-endian -EL -EB -fPIC \
+		-mlive-g0 -mcmodel -mstack-bias -mno-stack-bias"
+
+	# C[XX]FLAGS that we are think is ok, but needs testing
+	# NOTE:  currently -Os have issues with gcc3 and K6* arch's
+	export UNSTABLE_FLAGS="-Os -O3 -freorder-blocks"
+	return 0
+}
+
+_manage-hardened() {
+	local newspec=$1
+	[[ -z $2 ]] && die "Internal flag-o-matic error ($*) - please report"
+	if gcc-specs-exists $newspec; then
+		[[ -z ${GCC_SPECS} ]] || newspec=":${newspec}"
+		export GCC_SPECS="${GCC_SPECS}${newspec}"
+	else
+		_raw_append_flag $2
+	fi
+}
+
+# inverted filters for hardened compiler.  This is trying to unpick
+# the hardened compiler defaults.
+_filter-hardened() {
+	local f
+	for f in "$@" ; do
+		case "${f}" in
+			# Ideally we should only concern ourselves with PIE flags,
+			# not -fPIC or -fpic, but too many places filter -fPIC without
+			# thinking about -fPIE.
+			-fPIC|-fpic|-fPIE|-fpie|-Wl,pie|-pie)
+				gcc-specs-pie &&
+					_manage-hardened nopie.specs -nopie ;;
+			-fstack-protector)
+				gcc-specs-ssp &&
+					_manage-hardened nossp.specs -fno-stack-protector ;;
+			-fstack-protector-all)
+				gcc-specs-ssp-to-all &&
+					_manage-hardened nosspall.specs -fno-stack-protector-all ;;
+			-now|-Wl,-z,now)
+				gcc-specs-now &&
+					_manage-hardened noznow.specs -nonow ;;
+			-relro|-Wl,-z,relro)
+				gcc-specs-now &&
+					_manage-hardened nozrelro.specs -norelro ;;
+		esac
+	done
+}
+
+# Remove occurrences of strings from variable given in $1
+# Strings removed are matched as globs, so for example
+# '-O*' would remove -O1, -O2 etc.
+_filter-var() {
+	local f x VAR VAL
+	declare -a new
+
+	VAR=$1
+	shift
+	eval VAL=\${${VAR}}
+	for f in ${VAL}; do
+		for x in "$@"; do
+			# Note this should work with globs like -O*
+			[[ ${f} == ${x} ]] && continue 2
+		done
+		eval new\[\${\#new\[@]}]=\${f}
+	done
+	eval export ${VAR}=\${new\[*]}
+}
+
+filter-flags() {
+	_filter-hardened "$@"
+	_filter-var CFLAGS "$@"
+	_filter-var CXXFLAGS "$@"
+	return 0
+}
+
+filter-lfs-flags() {
+	[[ -n $@ ]] && die "filter-lfs-flags takes no arguments"
+	filter-flags -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE
+}
+
+append-lfs-flags() {
+	[[ -n $@ ]] && die "append-lfs-flags takes no arguments"
+	append-flags -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE
+}
+
+# Append flag if the compiler doesn't barf it
+_raw_append_flag() {
+	test-flag-CC $1 &&
+		export CFLAGS="${CFLAGS} $1"
+	test-flag-CXX $1 &&
+		export CXXFLAGS="${CXXFLAGS} $1"
+}
+
+# Special case: -fno-stack-protector-all needs special management
+# on hardened gcc-4.
+_append-flag() {
+	[[ -z $1 ]] && return 0
+	case $1 in
+	-fno-stack-protector-all)
+		_manage-hardened nosspall.specs -fno-stack-protector-all ;;
+	*)
+		_raw_append_flag $1
+	esac
+}
+
+append-flags() {
+	local f
+	[[ -z $* ]] && return 0
+	for f in $*; do
+		_append-flag ${f}
+	done
+	return 0
+}
+
+replace-flags() {
+	[[ $# != 2 ]] \
+		&& echo && eerror "Usage: replace-flags <old flag> <new flag>" \
+		&& die "replace-flags takes 2 arguments, not $#"
+
+	local f fset
+	declare -a new_CFLAGS new_CXXFLAGS
+
+	for fset in CFLAGS CXXFLAGS; do
+		# Looping over the flags instead of using a global
+		# substitution ensures that we're working with flag atoms.
+		# Otherwise globs like -O* have the potential to wipe out the
+		# list of flags.
+		for f in ${!fset}; do
+			# Note this should work with globs like -O*
+			[[ ${f} == ${1} ]] && f=${2}
+			eval new_${fset}\[\${\#new_${fset}\[@]}]=\${f}
+		done
+		eval export ${fset}=\${new_${fset}\[*]}
+	done
+
+	return 0
+}
+
+replace-cpu-flags() {
+	local newcpu="$#" ; newcpu="${!newcpu}"
+	while [ $# -gt 1 ] ; do
+		# quote to make sure that no globbing is done (particularly on
+		# ${oldcpu}) prior to calling replace-flags
+		replace-flags "-march=${1}" "-march=${newcpu}"
+		replace-flags "-mcpu=${1}" "-mcpu=${newcpu}"
+		replace-flags "-mtune=${1}" "-mtune=${newcpu}"
+		shift
+	done
+	return 0
+}
+
+_is_flagq() {
+	local x
+	for x in ${!1} ; do
+		[[ ${x} == $2 ]] && return 0
+	done
+	return 1
+}
+
+is-flagq() {
+	[[ -n $2 ]] && die "Usage: is-flag <flag>"
+	_is_flagq CFLAGS $1 || _is_flagq CXXFLAGS $1
+}
+
+is-flag() {
+	is-flagq "$@" && echo true
+}
+
+is-ldflagq() {
+	[[ -n $2 ]] && die "Usage: is-ldflag <flag>"
+	_is_flagq LDFLAGS $1
+}
+
+is-ldflag() {
+	is-ldflagq "$@" && echo true
+}
+
+filter-mfpmath() {
+	local orig_mfpmath new_math prune_math
+
+	# save the original -mfpmath flag
+	orig_mfpmath=$(get-flag -mfpmath)
+	# get the value of the current -mfpmath flag
+	new_math=$(get-flag mfpmath)
+	new_math=" ${new_math//,/ } "
+	# figure out which math values are to be removed
+	prune_math=""
+	for prune_math in "$@" ; do
+		new_math=${new_math/ ${prune_math} / }
+	done
+	new_math=$(echo ${new_math})
+	new_math=${new_math// /,}
+
+	if [[ -z ${new_math} ]] ; then
+		# if we're removing all user specified math values are
+		# slated for removal, then we just filter the flag
+		filter-flags ${orig_mfpmath}
+	else
+		# if we only want to filter some of the user specified
+		# math values, then we replace the current flag
+		replace-flags ${orig_mfpmath} -mfpmath=${new_math}
+	fi
+	return 0
+}
+
+strip-flags() {
+	local x y flag NEW_CFLAGS NEW_CXXFLAGS
+
+	setup-allowed-flags
+
+	local NEW_CFLAGS=""
+	local NEW_CXXFLAGS=""
+
+	# Allow unstable C[XX]FLAGS if we are using unstable profile ...
+	if has ~$(tc-arch) ${ACCEPT_KEYWORDS} ; then
+		ALLOWED_FLAGS="${ALLOWED_FLAGS} ${UNSTABLE_FLAGS}"
+	fi
+
+	set -f	# disable pathname expansion
+
+	for x in ${CFLAGS}; do
+		for y in ${ALLOWED_FLAGS}; do
+			flag=${x%%=*}
+			if [ "${flag%%${y}}" = "" ] ; then
+				NEW_CFLAGS="${NEW_CFLAGS} ${x}"
+				break
+			fi
+		done
+	done
+
+	for x in ${CXXFLAGS}; do
+		for y in ${ALLOWED_FLAGS}; do
+			flag=${x%%=*}
+			if [ "${flag%%${y}}" = "" ] ; then
+				NEW_CXXFLAGS="${NEW_CXXFLAGS} ${x}"
+				break
+			fi
+		done
+	done
+
+	# In case we filtered out all optimization flags fallback to -O2
+	if [ "${CFLAGS/-O}" != "${CFLAGS}" -a "${NEW_CFLAGS/-O}" = "${NEW_CFLAGS}" ]; then
+		NEW_CFLAGS="${NEW_CFLAGS} -O2"
+	fi
+	if [ "${CXXFLAGS/-O}" != "${CXXFLAGS}" -a "${NEW_CXXFLAGS/-O}" = "${NEW_CXXFLAGS}" ]; then
+		NEW_CXXFLAGS="${NEW_CXXFLAGS} -O2"
+	fi
+
+	set +f	# re-enable pathname expansion
+
+	export CFLAGS="${NEW_CFLAGS}"
+	export CXXFLAGS="${NEW_CXXFLAGS}"
+	return 0
+}
+
+test-flag-PROG() {
+	local comp=$1
+	local flags="$2"
+
+	[[ -z ${comp} || -z ${flags} ]] && \
+		return 1
+
+	local PROG=$(tc-get${comp})
+	${PROG} ${flags} -S -o /dev/null -xc /dev/null \
+		> /dev/null 2>&1
+}
+
+# Returns true if C compiler support given flag
+test-flag-CC() { test-flag-PROG "CC" "$1"; }
+
+# Returns true if C++ compiler support given flag
+test-flag-CXX() { test-flag-PROG "CXX" "$1"; }
+
+test-flags-PROG() {
+	local comp=$1
+	local flags
+	local x
+
+	shift
+
+	[[ -z ${comp} ]] && return 1
+
+	x=""
+	for x in "$@" ; do
+		test-flag-${comp} "${x}" && flags="${flags}${flags:+ }${x}"
+	done
+
+	echo "${flags}"
+
+	# Just bail if we dont have any flags
+	[[ -n ${flags} ]]
+}
+
+# Returns (echo's) the given flags supported by the C compiler
+test-flags-CC() { test-flags-PROG "CC" "$@"; }
+
+# Returns (echo's) the given flags supported by the C++ compiler
+test-flags-CXX() { test-flags-PROG "CXX" "$@"; }
+
+# Short-hand that should hopefully work for both C and C++ compiler, but
+# its really only present due to the append-flags() abomination.
+test-flags() { test-flags-CC "$@"; }
+
+# Depriciated, use test-flags()
+test_flag() {
+	ewarn "test_flag: deprecated, please use test-flags()!" >&2
+
+	test-flags-CC "$@"
+}
+
+test_version_info() {
+	if [[ $($(tc-getCC) --version 2>&1) == *$1* ]]; then
+		return 0
+	else
+		return 1
+	fi
+}
+
+strip-unsupported-flags() {
+	export CFLAGS=$(test-flags-CC ${CFLAGS})
+	export CXXFLAGS=$(test-flags-CXX ${CXXFLAGS})
+}
+
+get-flag() {
+	local f findflag="$1"
+
+	# this code looks a little flaky but seems to work for
+	# everything we want ...
+	# for example, if CFLAGS="-march=i686":
+	# `get-flag -march` == "-march=i686"
+	# `get-flag march` == "i686"
+	for f in ${CFLAGS} ${CXXFLAGS} ; do
+		if [ "${f/${findflag}}" != "${f}" ] ; then
+			printf "%s\n" "${f/-${findflag}=}"
+			return 0
+		fi
+	done
+	return 1
+}
+
+# DEPRECATED - use gcc-specs-relro or gcc-specs-now from toolchain-funcs
+has_hardened() {
+	ewarn "has_hardened: deprecated, please use gcc-specs-{relro,now}()!" >&2
+
+	test_version_info Hardened && return 0
+	# The specs file wont exist unless gcc has GCC_SPECS support
+	[[ -f ${GCC_SPECS} && ${GCC_SPECS} != ${GCC_SPECS/hardened/} ]]
+}
+
+# DEPRECATED - use gcc-specs-pie from toolchain-funcs
+# indicate whether PIC is set
+has_pic() {
+	ewarn "has_pic: deprecated, please use gcc-specs-pie()!" >&2
+
+	[[ ${CFLAGS/-fPIC} != ${CFLAGS} || \
+	   ${CFLAGS/-fpic} != ${CFLAGS} ]] || \
+	gcc-specs-pie
+}
+
+# DEPRECATED - use gcc-specs-pie from toolchain-funcs
+# indicate whether PIE is set
+has_pie() {
+	ewarn "has_pie: deprecated, please use gcc-specs-pie()!" >&2
+
+	[[ ${CFLAGS/-fPIE} != ${CFLAGS} || \
+	   ${CFLAGS/-fpie} != ${CFLAGS} ]] || \
+	gcc-specs-pie
+}
+
+# DEPRECATED - use gcc-specs-ssp from toolchain-funcs
+# indicate whether code for SSP is being generated for all functions
+has_ssp_all() {
+	ewarn "has_ssp_all: deprecated, please use gcc-specs-ssp()!" >&2
+
+	# note; this matches only -fstack-protector-all
+	[[ ${CFLAGS/-fstack-protector-all} != ${CFLAGS} || \
+	   -n $(echo | $(tc-getCC) ${CFLAGS} -E -dM - | grep __SSP_ALL__) ]] || \
+	gcc-specs-ssp-all
+}
+
+# DEPRECATED - use gcc-specs-ssp from toolchain-funcs
+# indicate whether code for SSP is being generated
+has_ssp() {
+	ewarn "has_ssp: deprecated, please use gcc-specs-ssp()!" >&2
+
+	# note; this matches both -fstack-protector and -fstack-protector-all
+	[[ ${CFLAGS/-fstack-protector} != ${CFLAGS} || \
+	   -n $(echo | $(tc-getCC) ${CFLAGS} -E -dM - | grep __SSP__) ]] || \
+	gcc-specs-ssp
+}
+
+has_m64() {
+	# this doesnt test if the flag is accepted, it tests if the flag
+	# actually -WORKS-. non-multilib gcc will take both -m32 and -m64!
+	# please dont replace this function with test_flag in some future
+	# clean-up!
+
+	local temp="$(emktemp)"
+	echo "int main() { return(0); }" > "${temp}".c
+	MY_CC=$(tc-getCC)
+	${MY_CC/ .*/} -m64 -o "$(emktemp)" "${temp}".c > /dev/null 2>&1
+	local ret=$?
+	rm -f "${temp}".c
+	[[ ${ret} != 1 ]] && return 0
+	return 1
+}
+
+has_m32() {
+	# this doesnt test if the flag is accepted, it tests if the flag
+	# actually -WORKS-. non-multilib gcc will take both -m32 and -m64!
+	# please dont replace this function with test_flag in some future
+	# clean-up!
+
+	[ "$(tc-arch)" = "amd64" ] && has_multilib_profile && return 0
+
+	local temp=$(emktemp)
+	echo "int main() { return(0); }" > "${temp}".c
+	MY_CC=$(tc-getCC)
+	${MY_CC/ .*/} -m32 -o "$(emktemp)" "${temp}".c > /dev/null 2>&1
+	local ret=$?
+	rm -f "${temp}".c
+	[[ ${ret} != 1 ]] && return 0
+	return 1
+}
+
+replace-sparc64-flags() {
+	local SPARC64_CPUS="ultrasparc3 ultrasparc v9"
+
+	if [ "${CFLAGS/mtune}" != "${CFLAGS}" ]; then
+		for x in ${SPARC64_CPUS}; do
+			CFLAGS="${CFLAGS/-mcpu=${x}/-mcpu=v8}"
+		done
+	else
+	 	for x in ${SPARC64_CPUS}; do
+			CFLAGS="${CFLAGS/-mcpu=${x}/-mcpu=v8 -mtune=${x}}"
+		done
+	fi
+
+	if [ "${CXXFLAGS/mtune}" != "${CXXFLAGS}" ]; then
+		for x in ${SPARC64_CPUS}; do
+			CXXFLAGS="${CXXFLAGS/-mcpu=${x}/-mcpu=v8}"
+		done
+	else
+	 	for x in ${SPARC64_CPUS}; do
+			CXXFLAGS="${CXXFLAGS/-mcpu=${x}/-mcpu=v8 -mtune=${x}}"
+		done
+	fi
+
+	export CFLAGS CXXFLAGS
+}
+
+append-ldflags() {
+	[[ -z $* ]] && return 0
+	export LDFLAGS="${LDFLAGS} $*"
+	return 0
+}
+
+# Remove flags from LDFLAGS - it's up to the ebuild to filter
+# CFLAGS and CXXFLAGS via filter-flags if they need to.
+filter-ldflags() {
+	_filter-hardened "$@"
+	_filter-var LDFLAGS "$@"
+	return 0
+}
+
+# Turn C style ldflags (-Wl,-foo) into straight ldflags - the results
+# are suitable for passing directly to 'ld'; note LDFLAGS is usually passed
+# to gcc where it needs the '-Wl,'.
+raw-ldflags() {
+	local x input="$@"
+	[[ -z ${input} ]] && input=${LDFLAGS}
+	set --
+	for x in ${input} ; do
+		x=${x#-Wl,}
+		set -- "$@" ${x//,/ }
+	done
+	echo "$@"
+}
+
+# Gets the flags needed for "NOW" binding
+bindnow-flags() {
+	case $($(tc-getLD) -v 2>&1 </dev/null) in
+	*GNU* | *'with BFD'*) # GNU ld
+		echo "-Wl,-z,now" ;;
+	*Apple*) # Darwin ld
+		echo "-bind_at_load" ;;
+	*)
+		# Some linkers just recognize -V instead of -v
+		case $($(tc-getLD) -V 2>&1 </dev/null) in
+			*Solaris*) # Solaris accept almost the same GNU options
+				echo "-Wl,-z,now" ;;
+		esac
+		;;
+	esac
+}
+
+
+# Some tests for when we screw with things and want to make
+# sure we didn't break anything
+#TESTS() {
+#	CFLAGS="-a -b -c=1"
+#	CXXFLAGS="-x -y -z=2"
+#	LDFLAGS="-l -m -n=3"
+#
+#	die() { exit 1; }
+#	(is-flag 1 2 3) && die
+#	(is-ldflag 1 2 3) && die
+#
+#	is-flagq -l && die
+#	is-ldflagq -a && die
+#	is-flagq -a || die
+#	is-flagq -x || die
+#	is-ldflagq -n=* || die
+#	is-ldflagq -n && die
+#
+#	strip-unsupported-flags
+#	[[ ${CFLAGS} == "-c=1" ]] || die
+#	[[ ${CXXFLAGS} == "-y -z=2" ]] || die
+#
+#	echo "All tests pass"
+#}
+#TESTS
diff --git a/hardened/toolchain/branches/gcc-glibc-nopie/eclass/toolchain-funcs.eclass b/hardened/toolchain/branches/gcc-glibc-nopie/eclass/toolchain-funcs.eclass
new file mode 100644
index 0000000..676d97d
--- /dev/null
+++ b/hardened/toolchain/branches/gcc-glibc-nopie/eclass/toolchain-funcs.eclass
@@ -0,0 +1,314 @@
+# Copyright 1999-2006 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/eclass/toolchain-funcs.eclass,v 1.63 2006/12/16 10:31:12 vapier Exp $
+#
+# Author: Toolchain Ninjas <toolchain@gentoo.org>
+#
+# This eclass contains (or should) functions to get common info
+# about the toolchain (libc/compiler/binutils/etc...)
+
+inherit multilib
+
+DESCRIPTION="Based on the ${ECLASS} eclass"
+
+tc-getPROG() {
+	local var=$1
+	local prog=$2
+
+	if [[ -n ${!var} ]] ; then
+		echo "${!var}"
+		return 0
+	fi
+
+	local search=
+	[[ -n $3 ]] && search=$(type -p "$3-${prog}")
+	[[ -z ${search} && -n ${CHOST} ]] && search=$(type -p "${CHOST}-${prog}")
+	[[ -n ${search} ]] && prog=${search##*/}
+
+	export ${var}=${prog}
+	echo "${!var}"
+}
+
+# Returns the name of the archiver
+tc-getAR() { tc-getPROG AR ar "$@"; }
+# Returns the name of the assembler
+tc-getAS() { tc-getPROG AS as "$@"; }
+# Returns the name of the C compiler
+tc-getCC() { tc-getPROG CC gcc "$@"; }
+# Returns the name of the C preprocessor
+tc-getCPP() { tc-getPROG CPP cpp "$@"; }
+# Returns the name of the C++ compiler
+tc-getCXX() { tc-getPROG CXX g++ "$@"; }
+# Returns the name of the linker
+tc-getLD() { tc-getPROG LD ld "$@"; }
+# Returns the name of the strip prog
+tc-getSTRIP() { tc-getPROG STRIP strip "$@"; }
+# Returns the name of the symbol/object thingy
+tc-getNM() { tc-getPROG NM nm "$@"; }
+# Returns the name of the archiver indexer
+tc-getRANLIB() { tc-getPROG RANLIB ranlib "$@"; }
+# Returns the name of the fortran 77 compiler
+tc-getF77() { tc-getPROG F77 f77 "$@"; }
+# Returns the name of the fortran 90 compiler
+tc-getF90() { tc-getPROG F90 gfortran "$@"; }
+# Returns the name of the fortran compiler
+tc-getFORTRAN() { tc-getPROG FORTRAN gfortran "$@"; }
+# Returns the name of the java compiler
+tc-getGCJ() { tc-getPROG GCJ gcj "$@"; }
+
+# Returns the name of the C compiler for build
+tc-getBUILD_CC() {
+	local v
+	for v in CC_FOR_BUILD BUILD_CC HOSTCC ; do
+		if [[ -n ${!v} ]] ; then
+			export BUILD_CC=${!v}
+			echo "${!v}"
+			return 0
+		fi
+	done
+
+	local search=
+	if [[ -n ${CBUILD} ]] ; then
+		search=$(type -p ${CBUILD}-gcc)
+		search=${search##*/}
+	fi
+	search=${search:-gcc}
+
+	export BUILD_CC=${search}
+	echo "${search}"
+}
+
+# Quick way to export a bunch of vars at once
+tc-export() {
+	local var
+	for var in "$@" ; do
+		eval tc-get${var} > /dev/null
+	done
+}
+
+# A simple way to see if we're using a cross-compiler ...
+tc-is-cross-compiler() {
+	return $([[ ${CBUILD:-${CHOST}} != ${CHOST} ]])
+}
+
+
+# Parse information from CBUILD/CHOST/CTARGET rather than
+# use external variables from the profile.
+tc-ninja_magic_to_arch() {
+ninj() { [[ ${type} == "kern" ]] && echo $1 || echo $2 ; }
+
+	local type=$1
+	local host=$2
+	[[ -z ${host} ]] && host=${CTARGET:-${CHOST}}
+
+	case ${host} in
+		alpha*)		echo alpha;;
+		arm*)		echo arm;;
+		bfin*)		ninj blackfin bfin;;
+		cris*)		echo cris;;
+		hppa*)		ninj parisc hppa;;
+		i?86*)		ninj i386 x86;;
+		ia64*)		echo ia64;;
+		m68*)		echo m68k;;
+		mips*)		echo mips;;
+		nios2*)		echo nios2;;
+		nios*)		echo nios;;
+		powerpc*)
+					# Starting with linux-2.6.15, the 'ppc' and 'ppc64' trees
+					# have been unified into simply 'powerpc', but until 2.6.16,
+					# ppc32 is still using ARCH="ppc" as default
+					if [[ $(KV_to_int ${KV}) -ge $(KV_to_int 2.6.16) ]] && [[ ${type} == "kern" ]] ; then
+						echo powerpc
+					elif [[ $(KV_to_int ${KV}) -eq $(KV_to_int 2.6.15) ]] && [[ ${type} == "kern" ]] ; then
+						if [[ ${host} == powerpc64* ]] || [[ ${PROFILE_ARCH} == "ppc64" ]] ; then
+							echo powerpc
+						else
+							echo ppc
+						fi
+					elif [[ ${host} == powerpc64* ]] ; then
+						echo ppc64
+					elif [[ ${PROFILE_ARCH} == "ppc64" ]] ; then
+						ninj ppc64 ppc
+					else
+						echo ppc
+					fi
+					;;
+		s390*)		echo s390;;
+		sh64*)		ninj sh64 sh;;
+		sh*)		echo sh;;
+		sparc64*)	ninj sparc64 sparc;;
+		sparc*)		[[ ${PROFILE_ARCH} == "sparc64" ]] \
+						&& ninj sparc64 sparc \
+						|| echo sparc
+					;;
+		vax*)		echo vax;;
+		x86_64*)	ninj x86_64 amd64;;
+		*)			echo ${ARCH};;
+	esac
+}
+tc-arch-kernel() {
+	tc-ninja_magic_to_arch kern $@
+}
+tc-arch() {
+	tc-ninja_magic_to_arch portage $@
+}
+tc-endian() {
+	local host=$1
+	[[ -z ${host} ]] && host=${CTARGET:-${CHOST}}
+	host=${host%%-*}
+
+	case ${host} in
+		alpha*)		echo big;;
+		arm*b*)		echo big;;
+		arm*)		echo little;;
+		cris*)		echo little;;
+		hppa*)		echo big;;
+		i?86*)		echo little;;
+		ia64*)		echo little;;
+		m68*)		echo big;;
+		mips*l*)	echo little;;
+		mips*)		echo big;;
+		powerpc*)	echo big;;
+		s390*)		echo big;;
+		sh*b*)		echo big;;
+		sh*)		echo little;;
+		sparc*)		echo big;;
+		x86_64*)	echo little;;
+		*)			echo wtf;;
+	esac
+}
+
+# Returns the version as by `$CC -dumpversion`
+gcc-fullversion() {
+	$(tc-getCC "$@") -dumpversion
+}
+# Returns the version, but only the <major>.<minor>
+gcc-version() {
+	gcc-fullversion "$@" | cut -f1,2 -d.
+}
+# Returns the Major version
+gcc-major-version() {
+	gcc-version "$@" | cut -f1 -d.
+}
+# Returns the Minor version
+gcc-minor-version() {
+	gcc-version "$@" | cut -f2 -d.
+}
+# Returns the Micro version
+gcc-micro-version() {
+	gcc-fullversion "$@" | cut -f3 -d. | cut -f1 -d-
+}
+# Returns the installation directory
+gcc-install-dir() {
+	echo "$($(tc-getCC) -print-search-dirs 2> /dev/null |\
+		awk '$1=="install:" {print $2}')"
+}
+# Returns true if the indicated specs file exists
+gcc-specs-exists() {
+	[[ -f $(gcc-install-dir)/$1 ]]
+}
+
+# Returns requested gcc specs directive
+# Note; later specs normally overwrite earlier ones; however if a later
+# spec starts with '+' then it appends.
+# gcc -dumpspecs is parsed first, followed by files listed by "gcc -v"
+# as "Reading <file>", in order.
+gcc-specs-directive() {
+	local cc=$(tc-getCC)
+	local specfiles=$(LC_ALL=C ${cc} -v 2>&1 | awk '$1=="Reading" {print $NF}')
+	${cc} -dumpspecs 2> /dev/null | cat - ${specfiles} | awk -v directive=$1 \
+'BEGIN	{ pspec=""; spec=""; outside=1 }
+$1=="*"directive":"	{ pspec=spec; spec=""; outside=0; next }
+outside || NF==0 || ( substr($1,1,1)=="*" && substr($1,length($1),1)==":" )	{ outside=1; next }
+spec=="" && substr($0,1,1)=="+"	{ spec=pspec " " substr($0,2); next }
+	{ spec=spec $0 }
+END	{ print spec }'
+	return 0
+}
+
+# Returns true if the toolchain sets relro
+gcc-specs-relro() {
+	local directive
+	directive=$(gcc-specs-directive link_relro)
+	[[ -z ${directive} ]] && directive=$(gcc-specs-directive link_command)
+	return $([[ ${directive/\{!norelro:} != ${directive} ]])
+}
+# Returns true if the toolchain sets now
+gcc-specs-now() {
+	local directive
+	directive=$(gcc-specs-directive link_now)
+	[[ -z ${directive} ]] && directive=$(gcc-specs-directive link_command)
+	return $([[ ${directive/\{!nonow:} != ${directive} ]])
+}
+# Returns true if gcc builds PIEs
+gcc-specs-pie() {
+	local directive
+	directive=$(gcc-specs-directive cc1_pie)
+	[[ -z ${directive} ]] && directive=$(gcc-specs-directive cc1)
+	return $([[ ${directive/\{!nopie:} != ${directive} ]])
+}
+# Returns true if gcc builds with the stack protector
+gcc-specs-ssp() {
+	local directive
+	directive=$(gcc-specs-directive cc1_ssp)
+	[[ -z ${directive} ]] && directive=$(gcc-specs-directive cc1)
+	return $([[ ${directive/\{!fno-stack-protector:} != ${directive} ]])
+}
+# Returns true if gcc upgrades fstack-protector to fstack-protector-all
+gcc-specs-ssp-to-all() {
+	local directive
+	gcc-specs-ssp || return 1
+	directive=$(gcc-specs-directive cc1_ssp_all)
+	[[ -z ${directive} ]] && directive=$(gcc-specs-directive cc1)
+	return $([[ ${directive/\{!fno-stack-protector-all:} != ${directive} ]])
+}
+
+
+# This function generate linker scripts in /usr/lib for dynamic
+# libs in /lib.  This is to fix linking problems when you have
+# the .so in /lib, and the .a in /usr/lib.  What happens is that
+# in some cases when linking dynamic, the .a in /usr/lib is used
+# instead of the .so in /lib due to gcc/libtool tweaking ld's
+# library search path.  This cause many builds to fail.
+# See bug #4411 for more info.
+#
+# To use, simply call:
+#
+#   gen_usr_ldscript libfoo.so
+#
+# Note that you should in general use the unversioned name of
+# the library, as ldconfig should usually update it correctly
+# to point to the latest version of the library present.
+_tc_gen_usr_ldscript() {
+	local lib libdir=$(get_libdir) output_format=""
+	# Just make sure it exists
+	dodir /usr/${libdir}
+
+	# OUTPUT_FORMAT gives hints to the linker as to what binary format
+	# is referenced ... makes multilib saner
+	output_format=$($(tc-getCC) ${CFLAGS} ${LDFLAGS} -Wl,--verbose 2>&1 | sed -n 's/^OUTPUT_FORMAT("\([^"]*\)",.*/\1/p')
+	[[ -n ${output_format} ]] && output_format="OUTPUT_FORMAT ( ${output_format} )"
+
+	for lib in "$@" ; do
+		if [[ ${USERLAND} == "Darwin" ]] ; then
+			ewarn "Not creating fake dynamic library for $lib on Darwin;"
+			ewarn "making a symlink instead."
+			dosym "/${libdir}/${lib}" "/usr/${libdir}/${lib}"
+		else
+			cat > "${D}/usr/${libdir}/${lib}" <<-END_LDSCRIPT
+			/* GNU ld script
+			   Since Gentoo has critical dynamic libraries
+			   in /lib, and the static versions in /usr/lib,
+			   we need to have a "fake" dynamic lib in /usr/lib,
+			   otherwise we run into linking problems.
+
+			   See bug http://bugs.gentoo.org/4411 for more info.
+			 */
+			${output_format}
+			GROUP ( /${libdir}/${lib} )
+			END_LDSCRIPT
+		fi
+		fperms a+x "/usr/${libdir}/${lib}" || die "could not change perms on ${lib}"
+	done
+}
+gen_usr_ldscript() { _tc_gen_usr_ldscript "$@" ; }
diff --git a/hardened/toolchain/branches/gcc-glibc-nopie/eclass/toolchain.eclass b/hardened/toolchain/branches/gcc-glibc-nopie/eclass/toolchain.eclass
new file mode 100644
index 0000000..4289ba4
--- /dev/null
+++ b/hardened/toolchain/branches/gcc-glibc-nopie/eclass/toolchain.eclass
@@ -0,0 +1,2548 @@
+# Copyright 1999-2006 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/eclass/toolchain.eclass,v 1.316 2006/11/13 18:57:10 vapier Exp $
+
+HOMEPAGE="http://gcc.gnu.org/"
+LICENSE="GPL-2 LGPL-2.1"
+RESTRICT="nostrip" # cross-compilers need controlled stripping
+
+#---->> eclass stuff <<----
+inherit eutils versionator libtool toolchain-funcs flag-o-matic gnuconfig multilib fixheadtails
+
+EXPORT_FUNCTIONS pkg_setup src_unpack src_compile src_test pkg_preinst src_install pkg_postinst pkg_prerm pkg_postrm
+DESCRIPTION="Based on the ${ECLASS} eclass"
+
+FEATURES=${FEATURES/multilib-strict/}
+
+toolchain_pkg_setup() {
+	gcc_pkg_setup
+}
+toolchain_src_unpack() {
+	gcc_src_unpack
+}
+toolchain_src_compile() {
+	gcc_src_compile
+}
+toolchain_src_test() {
+	gcc_src_test
+}
+toolchain_pkg_preinst() {
+	${ETYPE}_pkg_preinst
+}
+toolchain_src_install() {
+	${ETYPE}_src_install
+}
+toolchain_pkg_postinst() {
+	${ETYPE}_pkg_postinst
+}
+toolchain_pkg_prerm() {
+	${ETYPE}_pkg_prerm
+}
+toolchain_pkg_postrm() {
+	${ETYPE}_pkg_postrm
+}
+#----<< eclass stuff >>----
+
+
+#---->> globals <<----
+export CTARGET=${CTARGET:-${CHOST}}
+if [[ ${CTARGET} = ${CHOST} ]] ; then
+	if [[ ${CATEGORY/cross-} != ${CATEGORY} ]] ; then
+		export CTARGET=${CATEGORY/cross-}
+	fi
+fi
+is_crosscompile() {
+	[[ ${CHOST} != ${CTARGET} ]]
+}
+
+tc_version_is_at_least() { version_is_at_least "$1" "${2:-${GCC_PV}}" ; }
+
+
+GCC_PV=${TOOLCHAIN_GCC_PV:-${PV}}
+GCC_PVR=${GCC_PV}
+[[ ${PR} != "r0" ]] && GCC_PVR=${GCC_PVR}-${PR}
+GCC_RELEASE_VER=$(get_version_component_range 1-3 ${GCC_PV})
+GCC_BRANCH_VER=$(get_version_component_range 1-2 ${GCC_PV})
+GCCMAJOR=$(get_version_component_range 1 ${GCC_PV})
+GCCMINOR=$(get_version_component_range 2 ${GCC_PV})
+GCCMICRO=$(get_version_component_range 3 ${GCC_PV})
+[[ ${BRANCH_UPDATE-notset} == "notset" ]] && BRANCH_UPDATE=$(get_version_component_range 4 ${GCC_PV})
+
+# According to gcc/c-cppbuiltin.c, GCC_CONFIG_VER MUST match this regex.
+# ([^0-9]*-)?[0-9]+[.][0-9]+([.][0-9]+)?([- ].*)?
+GCC_CONFIG_VER=${GCC_CONFIG_VER:-$(replace_version_separator 3 '-' ${GCC_PV})}
+
+# Pre-release support
+if [[ ${GCC_PV} != ${GCC_PV/_pre/-} ]] ; then
+	PRERELEASE=${GCC_PV/_pre/-}
+fi
+# make _alpha and _beta ebuilds automatically use a snapshot
+if [[ ${GCC_PV} != ${GCC_PV/_alpha/} ]] ; then
+	SNAPSHOT=${GCC_BRANCH_VER}-${GCC_PV##*_alpha}
+elif [[ ${GCC_PV} != ${GCC_PV/_beta/} ]] ; then
+	SNAPSHOT=${GCC_BRANCH_VER}-${GCC_PV##*_beta}
+fi
+export GCC_FILESDIR=${GCC_FILESDIR:-${FILESDIR}}
+
+if [[ ${ETYPE} == "gcc-library" ]] ; then
+	GCC_VAR_TYPE=${GCC_VAR_TYPE:-non-versioned}
+	GCC_LIB_COMPAT_ONLY=${GCC_LIB_COMPAT_ONLY:-true}
+	GCC_TARGET_NO_MULTILIB=${GCC_TARGET_NO_MULTILIB:-true}
+else
+	GCC_VAR_TYPE=${GCC_VAR_TYPE:-versioned}
+	GCC_LIB_COMPAT_ONLY="false"
+	GCC_TARGET_NO_MULTILIB=${GCC_TARGET_NO_MULTILIB:-false}
+fi
+
+PREFIX=${TOOLCHAIN_PREFIX:-/usr}
+
+if [[ ${GCC_VAR_TYPE} == "versioned" ]] ; then
+	if tc_version_is_at_least 3.4.0 ; then
+		LIBPATH=${TOOLCHAIN_LIBPATH:-${PREFIX}/lib/gcc/${CTARGET}/${GCC_CONFIG_VER}}
+	else
+		LIBPATH=${TOOLCHAIN_LIBPATH:-${PREFIX}/lib/gcc-lib/${CTARGET}/${GCC_CONFIG_VER}}
+	fi
+	LIBEXECPATH=${TOOLCHAIN_LIBEXE:-${PREFIX}/libexec/gcc/${CTARGET}/${GCC_CONFIG_VER}}
+	INCLUDEPATH=${TOOLCHAIN_INCLUDEPATH:-${LIBPATH}/include}
+	if is_crosscompile ; then
+		BINPATH=${TOOLCHAIN_BINPATH:-${PREFIX}/${CHOST}/${CTARGET}/gcc-bin/${GCC_CONFIG_VER}}
+	else
+		BINPATH=${TOOLCHAIN_BINPATH:-${PREFIX}/${CTARGET}/gcc-bin/${GCC_CONFIG_VER}}
+	fi
+	DATAPATH=${TOOLCHAIN_DATAPATH:-${PREFIX}/share/gcc-data/${CTARGET}/${GCC_CONFIG_VER}}
+	# Dont install in /usr/include/g++-v3/, but in gcc internal directory.
+	# We will handle /usr/include/g++-v3/ with gcc-config ...
+	STDCXX_INCDIR=${TOOLCHAIN_STDCXX_INCDIR:-${LIBPATH}/include/g++-v${GCC_BRANCH_VER/\.*/}}
+elif [[ ${GCC_VAR_TYPE} == "non-versioned" ]] ; then
+	# using non-versioned directories to install gcc, like what is currently
+	# done for ppc64 and 3.3.3_pre, is a BAD IDEA. DO NOT do it!! However...
+	# setting up variables for non-versioned directories might be useful for
+	# specific gcc targets, like libffi. Note that we dont override the value
+	# returned by get_libdir here.
+	LIBPATH=${TOOLCHAIN_LIBPATH:-${PREFIX}/$(get_libdir)}
+	LIBEXECPATH=${TOOLCHAIN_LIBEXE:-${PREFIX}/libexec/gcc}
+	INCLUDEPATH=${TOOLCHAIN_INCLUDEPATH:-${PREFIX}/include}
+	BINPATH=${TOOLCHAIN_BINPATH:-${PREFIX}/bin}
+	DATAPATH=${TOOLCHAIN_DATAPATH:-${PREFIX}/share}
+	STDCXX_INCDIR=${TOOLCHAIN_STDCXX_INCDIR:-${PREFIX}/include/g++-v3}
+fi
+
+#----<< globals >>----
+
+
+#---->> SLOT+IUSE logic <<----
+if [[ ${ETYPE} == "gcc-library" ]] ; then
+	IUSE="nls build test"
+	SLOT="${CTARGET}-${SO_VERSION_SLOT:-5}"
+else
+	IUSE="multislot test"
+
+	if [[ ${PN} != "kgcc64" ]] ; then
+		IUSE="${IUSE} altivec build fortran nls nocxx"
+		[[ -n ${PIE_VER}    ]] && IUSE="${IUSE} nopie"
+		[[ -n ${PP_VER}     ]] && IUSE="${IUSE} nossp"
+		[[ -n ${HTB_VER}    ]] && IUSE="${IUSE} boundschecking"
+
+		if version_is_at_least 3 ; then
+			IUSE="${IUSE} bootstrap doc gcj gtk hardened multilib objc vanilla"
+
+			# gcc-{nios2,bfin} don't accept these
+			if [[ ${PN} == "gcc" ]] ; then
+				IUSE="${IUSE} ip28 ip32r10k n32 n64"
+			fi
+
+			# these are features introduced in 4.0
+			if tc_version_is_at_least "4.0" ; then
+				IUSE="${IUSE} objc-gc mudflap"
+
+				if tc_version_is_at_least "4.1" ; then
+					IUSE="${IUSE} objc++"
+				fi
+			fi
+		fi
+	fi
+
+	# Support upgrade paths here or people get pissed
+	if use multislot ; then
+		SLOT="${CTARGET}-${GCC_CONFIG_VER}"
+	elif is_crosscompile; then
+		SLOT="${CTARGET}-${GCC_BRANCH_VER}"
+	else
+		SLOT="${GCC_BRANCH_VER}"
+	fi
+fi
+#----<< SLOT+IUSE logic >>----
+
+
+#---->> S + SRC_URI essentials <<----
+
+# This function sets the source directory depending on whether we're using
+# a prerelease, snapshot, or release tarball. To use it, just set S with:
+#
+#	S="$(gcc_get_s_dir)"
+#
+# Travis Tilley <lv@gentoo.org> (03 Sep 2004)
+#
+gcc_get_s_dir() {
+	if [[ -n ${PRERELEASE} ]] ; then
+		GCC_S=${WORKDIR}/gcc-${PRERELEASE}
+	elif [[ -n ${SNAPSHOT} ]] ; then
+		GCC_S=${WORKDIR}/gcc-${SNAPSHOT}
+	else
+		GCC_S=${WORKDIR}/gcc-${GCC_RELEASE_VER}
+	fi
+
+	echo "${GCC_S}"
+}
+
+# This function handles the basics of setting the SRC_URI for a gcc ebuild.
+# To use, set SRC_URI with:
+#
+#	SRC_URI="$(get_gcc_src_uri)"
+#
+# Other than the variables normally set by portage, this function's behavior
+# can be altered by setting the following:
+#
+#	SNAPSHOT
+#			If set, this variable signals that we should be using a snapshot
+#			of gcc from ftp://sources.redhat.com/pub/gcc/snapshots/. It is
+#			expected to be in the format "YYYY-MM-DD". Note that if the ebuild
+#			has a _pre suffix, this variable is ignored and the prerelease
+#			tarball is used instead.
+#
+#	BRANCH_UPDATE
+#			If set, this variable signals that we should be using the main
+#			release tarball (determined by ebuild version) and applying a
+#			CVS branch update patch against it. The location of this branch
+#			update patch is assumed to be in ${GENTOO_TOOLCHAIN_BASE_URI}.
+#			Just like with SNAPSHOT, this variable is ignored if the ebuild
+#			has a _pre suffix.
+#
+#	PATCH_VER
+#	PATCH_GCC_VER
+#			This should be set to the version of the gentoo patch tarball.
+#			The resulting filename of this tarball will be:
+#			gcc-${PATCH_GCC_VER:-${GCC_RELEASE_VER}}-patches-${PATCH_VER}.tar.bz2
+#
+#	PIE_VER
+#	PIE_GCC_VER
+#	obsoleted: PIE_CORE
+#			These variables control patching in various updates for the logic
+#			controlling Position Independant Executables. PIE_VER is expected
+#			to be the version of this patch, PIE_GCC_VER the gcc version of
+#			the patch, and PIE_CORE (obsoleted) the actual filename of the patch.
+#			An example:
+#					PIE_VER="8.7.6.5"
+#					PIE_GCC_VER="3.4.0"
+#			The resulting filename of this tarball will be:
+#			gcc-${PIE_GCC_VER:-${GCC_RELEASE_VER}}-piepatches-v${PIE_VER}.tar.bz2
+#				old syntax (do not define PIE_CORE anymore):
+#					PIE_CORE="gcc-3.4.0-piepatches-v${PIE_VER}.tar.bz2"
+#
+#	PP_VER
+#	PP_GCC_VER
+#	obsoleted: PP_FVER
+#			These variables control patching in stack smashing protection
+#			support. They both control the version of ProPolice to download.
+#
+#		PP_VER / PP_GCC_VER
+#			Used to roll our own custom tarballs of ssp.
+#		PP_FVER / PP_VER
+#			Used for mirroring ssp straight from IBM.
+#			PP_VER sets the version of the directory in which to find the
+#			patch, and PP_FVER sets the version of the patch itself. For
+#			example:
+#					PP_VER="3_4"
+#					PP_FVER="${PP_VER//_/.}-2"
+#			would download gcc3_4/protector-3.4-2.tar.gz
+#
+#	HTB_VER
+#	HTB_GCC_VER
+#			These variables control whether or not an ebuild supports Herman
+#			ten Brugge's bounds-checking patches. If you want to use a patch
+#			for an older gcc version with a new gcc, make sure you set
+#			HTB_GCC_VER to that version of gcc.
+#
+#	MAN_VER
+#			The version of gcc for which we will download manpages. This will
+#			default to ${GCC_RELEASE_VER}, but we may not want to pre-generate man pages
+#			for prerelease test ebuilds for example. This allows you to
+#			continue using pre-generated manpages from the last stable release.
+#			If set to "none", this will prevent the downloading of manpages,
+#			which is useful for individual library targets.
+#
+gentoo_urls() {
+	local devspace="HTTP~lv/GCC/URI HTTP~eradicator/gcc/URI HTTP~vapier/dist/URI
+	HTTP~halcy0n/patches/URI"
+	devspace=${devspace//HTTP/http:\/\/dev.gentoo.org\/}
+	echo mirror://gentoo/$1 ${devspace//URI/$1}
+}
+get_gcc_src_uri() {
+	export PATCH_GCC_VER=${PATCH_GCC_VER:-${GCC_RELEASE_VER}}
+	export UCLIBC_GCC_VER=${UCLIBC_GCC_VER:-${PATCH_GCC_VER}}
+	export PIE_GCC_VER=${PIE_GCC_VER:-${GCC_RELEASE_VER}}
+	export PP_GCC_VER=${PP_GCC_VER:-${GCC_RELEASE_VER}}
+	export HTB_GCC_VER=${HTB_GCC_VER:-${GCC_RELEASE_VER}}
+
+	[[ -n ${PIE_VER} ]] && \
+		PIE_CORE=${PIE_CORE:-gcc-${PIE_GCC_VER}-piepatches-v${PIE_VER}.tar.bz2}
+
+	# Set where to download gcc itself depending on whether we're using a
+	# prerelease, snapshot, or release tarball.
+	if [[ -n ${PRERELEASE} ]] ; then
+		GCC_SRC_URI="ftp://gcc.gnu.org/pub/gcc/prerelease-${PRERELEASE}/gcc-${PRERELEASE}.tar.bz2"
+	elif [[ -n ${SNAPSHOT} ]] ; then
+		GCC_SRC_URI="ftp://sources.redhat.com/pub/gcc/snapshots/${SNAPSHOT}/gcc-${SNAPSHOT}.tar.bz2"
+	else
+		GCC_SRC_URI="mirror://gnu/gcc/gcc-${GCC_PV}/gcc-${GCC_RELEASE_VER}.tar.bz2"
+		# we want all branch updates to be against the main release
+		[[ -n ${BRANCH_UPDATE} ]] && \
+			GCC_SRC_URI="${GCC_SRC_URI} $(gentoo_urls gcc-${GCC_RELEASE_VER}-branch-update-${BRANCH_UPDATE}.patch.bz2)"
+	fi
+
+	# propolice aka stack smashing protection
+	if [[ -n ${PP_VER} ]] ; then
+		if [[ -n ${PP_FVER} ]] ; then
+			GCC_SRC_URI="${GCC_SRC_URI}
+				!nossp? (
+					http://www.research.ibm.com/trl/projects/security/ssp/gcc${PP_VER}/protector-${PP_FVER}.tar.gz
+					$(gentoo_urls protector-${PP_FVER}.tar.gz)
+				)"
+		else
+			GCC_SRC_URI="${GCC_SRC_URI} $(gentoo_urls gcc-${PP_GCC_VER}-ssp-${PP_VER}.tar.bz2)"
+		fi
+	fi
+
+	# uclibc lovin
+	[[ -n ${UCLIBC_VER} ]] && \
+		GCC_SRC_URI="${GCC_SRC_URI} $(gentoo_urls gcc-${UCLIBC_GCC_VER}-uclibc-patches-${UCLIBC_VER}.tar.bz2)"
+
+	# PERL cannot be present at bootstrap, and is used to build the man pages.
+	# So... lets include some pre-generated ones, shall we?
+	[[ -n ${MAN_VER} ]] && \
+		GCC_SRC_URI="${GCC_SRC_URI} $(gentoo_urls gcc-${MAN_VER}-manpages.tar.bz2)"
+
+	# various gentoo patches
+	[[ -n ${PATCH_VER} ]] && \
+		GCC_SRC_URI="${GCC_SRC_URI} $(gentoo_urls gcc-${PATCH_GCC_VER}-patches-${PATCH_VER}.tar.bz2)"
+
+	# strawberry pie, Cappuccino and a Gauloises (it's a good thing)
+	[[ -n ${PIE_VER} ]] && \
+		GCC_SRC_URI="${GCC_SRC_URI} !nopie? ( $(gentoo_urls ${PIE_CORE}) )"
+
+	# gcc bounds checking patch
+	if [[ -n ${HTB_VER} ]] ; then
+		local HTBFILE="bounds-checking-gcc-${HTB_GCC_VER}-${HTB_VER}.patch.bz2"
+		GCC_SRC_URI="${GCC_SRC_URI}
+			boundschecking? (
+				mirror://sourceforge/boundschecking/${HTBFILE}
+				http://web.inter.nl.net/hcc/Haj.Ten.Brugge/${HTBFILE}
+				$(gentoo_urls ${HTBFILE})
+			)"
+	fi
+
+	echo "${GCC_SRC_URI}"
+}
+S=$(gcc_get_s_dir)
+SRC_URI=$(get_gcc_src_uri)
+#---->> S + SRC_URI essentials >>----
+
+
+#---->> support checks <<----
+
+# Grab a variable from the build system (taken from linux-info.eclass)
+get_make_var() {
+	local var=$1 makefile=${2:-${WORKDIR}/build/Makefile}
+	echo -e "e:\\n\\t@echo \$(${var})\\ninclude ${makefile}" | \
+		r=${makefile%/*} emake --no-print-directory -s -f - 2>/dev/null
+}
+XGCC() { get_make_var GCC_FOR_TARGET ; }
+
+# The gentoo piessp patches allow for 3 configurations:
+# 1) PIE+SSP by default
+# 2) PIE by default
+# 3) SSP by default
+hardened_gcc_works() {
+	if [[ $1 == "pie" ]] ; then
+		# $gcc_cv_ld_pie is unreliable as it simply take the output of
+		# `ld --help | grep -- -pie`, that reports the option in all cases, also if
+		# the loader doesn't actually load the resulting executables.
+		# To avoid breakage, blacklist FreeBSD here at least
+		[[ ${CTARGET} == *-freebsd* ]] && return 1
+
+		want_pie || return 1
+		hardened_gcc_is_stable pie && return 0
+		if has ~$(tc-arch) ${ACCEPT_KEYWORDS} ; then
+			hardened_gcc_check_unsupported pie && return 1
+			ewarn "Allowing pie-by-default for an unstable arch ($(tc-arch))"
+			return 0
+		fi
+		return 1
+	elif [[ $1 == "ssp" ]] ; then
+		want_ssp || return 1
+		hardened_gcc_is_stable ssp && return 0
+		if has ~$(tc-arch) ${ACCEPT_KEYWORDS} ; then
+			hardened_gcc_check_unsupported ssp && return 1
+			ewarn "Allowing ssp-by-default for an unstable arch ($(tc-arch))"
+			return 0
+		fi
+		return 1
+	else
+		# laziness ;)
+		hardened_gcc_works pie || return 1
+		hardened_gcc_works ssp || return 1
+		return 0
+	fi
+}
+
+hardened_gcc_is_stable() {
+	if [[ $1 == "pie" ]] ; then
+		# HARDENED_* variables are deprecated and here for compatibility
+		local tocheck="${HARDENED_PIE_WORKS} ${HARDENED_GCC_WORKS}"
+		if [[ ${CTARGET} == *-uclibc* ]] ; then
+			tocheck="${tocheck} ${PIE_UCLIBC_STABLE}"
+		else
+			tocheck="${tocheck} ${PIE_GLIBC_STABLE}"
+		fi
+	elif [[ $1 == "ssp" ]] ; then
+		# ditto
+		local tocheck="${HARDENED_SSP_WORKS} ${HARDENED_GCC_WORKS}"
+		if [[ ${CTARGET} == *-uclibc* ]] ; then
+			tocheck="${tocheck} ${SSP_UCLIBC_STABLE}"
+		else
+			tocheck="${tocheck} ${SSP_STABLE}"
+		fi
+	else
+		die "hardened_gcc_stable needs to be called with pie or ssp"
+	fi
+
+	hasq $(tc-arch) ${tocheck} && return 0
+	return 1
+}
+
+hardened_gcc_check_unsupported() {
+	local tocheck=""
+	# if a variable is unset, we assume that all archs are unsupported. since
+	# this function is never called if hardened_gcc_is_stable returns true,
+	# this shouldn't cause problems... however, allowing this logic to work
+	# even with the variables unset will break older ebuilds that dont use them.
+	if [[ $1 == "pie" ]] ; then
+		if [[ ${CTARGET} == *-uclibc* ]] ; then
+			[[ -z ${PIE_UCLIBC_UNSUPPORTED} ]] && return 0
+			tocheck="${tocheck} ${PIE_UCLIBC_UNSUPPORTED}"
+		else
+			[[ -z ${PIE_GLIBC_UNSUPPORTED} ]] && return 0
+			tocheck="${tocheck} ${PIE_GLIBC_UNSUPPORTED}"
+		fi
+	elif [[ $1 == "ssp" ]] ; then
+		if [[ ${CTARGET} == *-uclibc* ]] ; then
+			[[ -z ${SSP_UCLIBC_UNSUPPORTED} ]] && return 0
+			tocheck="${tocheck} ${SSP_UCLIBC_UNSUPPORTED}"
+		else
+			[[ -z ${SSP_UNSUPPORTED} ]] && return 0
+			tocheck="${tocheck} ${SSP_UNSUPPORTED}"
+		fi
+	else
+		die "hardened_gcc_check_unsupported needs to be called with pie or ssp"
+	fi
+
+	hasq $(tc-arch) ${tocheck} && return 0
+	return 1
+}
+
+gcc_has_native_ssp() {
+	[[ ${GCCMAJOR} -lt 4 ]] && return 1
+
+	# gcc 4.1 and above have native ssp support
+	tc_version_is_at_least "4.1" && return 0
+
+	# gcc 4.0 might have the gcc 4.1 ssp support backport applied
+	grep -q TARGET_LIBC_PROVIDES_SSP ${S}/gcc/gcc.c
+}
+
+has_libssp() {
+	[[ -e /$(get_libdir)/libssp.so ]] && return 0
+	return 1
+}
+
+want_libssp() {
+	[[ ${GCC_LIBSSP_SUPPORT} == "true" ]] || return 1
+	has_libssp || return 1
+	[[ -n ${PP_VER} ]] || return 1
+	return 0
+}
+
+_want_stuff() {
+	local var=$1 flag=$2
+	[[ -z ${!var} ]] && return 1
+	use ${flag} && return 0
+	return 1
+}
+want_boundschecking() { _want_stuff HTB_VER boundschecking ; }
+want_pie() { _want_stuff PIE_VER !nopie ; }
+want_ssp() { gcc_has_native_ssp || _want_stuff PP_VER !nossp ; }
+want_minispecs() { version_is_at_least "9.0.5" ${PIE_VER} && want_pie ; }
+
+want_split_specs() {
+	[[ ${SPLIT_SPECS} == "true" ]] && want_pie
+}
+
+# This function checks whether or not glibc has the support required to build
+# Position Independant Executables with gcc.
+glibc_have_pie() {
+	if [[ ! -f ${ROOT}/usr/$(get_libdir)/Scrt1.o ]] ; then
+		echo
+		ewarn "Your glibc does not have support for pie, the file Scrt1.o is missing"
+		ewarn "Please update your glibc to a proper version or disable hardened"
+		echo
+		return 1
+	fi
+}
+
+# This function determines whether or not libc has been patched with stack
+# smashing protection support.
+libc_has_ssp() {
+	[[ ${ROOT} != "/" ]] && return 0
+
+	# lib hacks taken from sandbox configure
+	echo 'int main(){}' > "${T}"/libctest.c
+	LC_ALL=C gcc "${T}"/libctest.c -lc -o libctest -Wl,-verbose &> "${T}"/libctest.log || return 1
+	local libc_file=$(awk '/attempt to open/ { if (($4 ~ /\/libc\.so/) && ($5 == "succeeded")) LIBC = $4; }; END {print LIBC}' "${T}"/libctest.log)
+
+	[[ -z ${libc_file} ]] && die "Unable to find a libc !?"
+
+	# Check for gcc-4.x style ssp support
+	if  [[ -n $(readelf -s "${libc_file}" 2>/dev/null | \
+				grep 'FUNC.*GLOBAL.*__stack_chk_fail') ]]
+	then
+		return 0
+	else
+		# Check for gcc-3.x style ssp support
+		if  [[ -n $(readelf -s "${libc_file}" 2>/dev/null | \
+					grep 'OBJECT.*GLOBAL.*__guard') ]] && \
+			[[ -n $(readelf -s "${libc_file}" 2>/dev/null | \
+					grep 'FUNC.*GLOBAL.*__stack_smash_handler') ]]
+		then
+			return 0
+		elif is_crosscompile ; then
+			die "'${libc_file}' was detected w/out ssp, that sucks (a lot)"
+		else
+			return 1
+		fi
+	fi
+}
+
+# This is to make sure we don't accidentally try to enable support for a
+# language that doesnt exist. GCC 3.4 supports f77, while 4.0 supports f95, etc.
+#
+# Also add a hook so special ebuilds (kgcc64) can control which languages
+# exactly get enabled
+gcc-lang-supported() {
+	grep ^language=\"${1}\" "${S}"/gcc/*/config-lang.in > /dev/null || return 1
+	[[ -z ${TOOLCHAIN_ALLOWED_LANGS} ]] && return 0
+	has $1 ${TOOLCHAIN_ALLOWED_LANGS}
+}
+
+#----<< support checks >>----
+
+#---->> specs + env.d logic <<----
+
+# defaults to enable for all hardened toolchains
+gcc_common_hard="-DEFAULT_RELRO -DEFAULT_BIND_NOW"
+
+# configure to build with the hardened GCC specs as the default
+# Legacy code for pre-minispecs compilers.
+make_gcc_hard() {
+	if hardened_gcc_works ; then
+		einfo "Updating gcc to use automatic PIE + SSP building ..."
+		sed -e "s|^HARD_CFLAGS = |HARD_CFLAGS = -DEFAULT_PIE_SSP ${gcc_common_hard} |" \
+			-i "${S}"/gcc/Makefile.in || die "Failed to update gcc!"
+	elif hardened_gcc_works pie ; then
+		einfo "Updating gcc to use automatic PIE building ..."
+		ewarn "SSP has not been enabled by default"
+		sed -e "s|^HARD_CFLAGS = |HARD_CFLAGS = -DEFAULT_PIE ${gcc_common_hard} |" \
+			-i "${S}"/gcc/Makefile.in || die "Failed to update gcc!"
+	elif hardened_gcc_works ssp ; then
+		einfo "Updating gcc to use automatic SSP building ..."
+		ewarn "PIE has not been enabled by default"
+		sed -e "s|^HARD_CFLAGS = |HARD_CFLAGS = -DEFAULT_SSP ${gcc_common_hard} |" \
+			-i "${S}"/gcc/Makefile.in || die "Failed to update gcc!"
+	else
+		# do nothing if hardened isnt supported, but dont die either
+		ewarn "hardened is not supported for this arch in this gcc version"
+		ebeep
+		return 0
+	fi
+
+	# rebrand to make bug reports easier
+	release_version="${release_version/Gentoo/Gentoo Hardened}"
+}
+
+# now we generate different spec files so that the user can select a compiler
+# that enforces certain features in gcc itself and so we don't have to worry
+# about a certain package ignoring CFLAGS/LDFLAGS
+_create_specs_file() {
+	# Usage: _create_specs_file <USE flag> <specs name> <CFLAGS>
+	local uflag=$1 name=$2 flags=${*:3}
+	ebegin "Creating a ${name} gcc specs file"
+	if want_minispecs ; then
+		concat_minispecs ${name}.specs "${WORKDIR}"/build ${name}.specs
+	else
+		pushd "${WORKDIR}"/build/gcc > /dev/null
+		if [[ -z ${uflag} ]] || use ${uflag} ; then
+			# backup the compiler first
+			cp Makefile Makefile.orig
+			sed -i -e '/^HARD_CFLAGS/s:=.*:='"${flags}"':' Makefile
+			mv xgcc xgcc.foo
+			mv gcc.o gcc.o.foo
+			emake -s xgcc
+			$(XGCC) -dumpspecs > "${WORKDIR}"/build/${name}.specs
+			# restore everything to normal
+			mv gcc.o.foo gcc.o
+			mv xgcc.foo xgcc
+			mv Makefile.orig Makefile
+		else
+			$(XGCC) -dumpspecs > "${WORKDIR}"/build/${name}.specs
+		fi
+		popd > /dev/null
+	fi
+	eend $([[ -s ${WORKDIR}/build/${name}.specs ]] ; echo $?)
+}
+create_vanilla_specs_file()          { _create_specs_file hardened vanilla ; }
+create_hardened_specs_file()         { _create_specs_file !hardened hardened  ${gcc_common_hard} -DEFAULT_PIE_SSP ; }
+create_hardenednossp_specs_file()    { _create_specs_file "" hardenednossp    ${gcc_common_hard} -DEFAULT_PIE ; }
+create_hardenednopie_specs_file()    { _create_specs_file "" hardenednopie    ${gcc_common_hard} -DEFAULT_SSP ; }
+create_hardenednopiessp_specs_file() { _create_specs_file "" hardenednopiessp ${gcc_common_hard} ; }
+
+split_out_specs_files() {
+	local s spec_list="hardenednopiessp vanilla"
+	if hardened_gcc_works ; then
+		spec_list="${spec_list} hardened hardenednossp hardenednopie"
+	elif hardened_gcc_works pie ; then
+		spec_list="${spec_list} hardenednossp"
+	elif hardened_gcc_works ssp ; then
+		spec_list="${spec_list} hardenednopie"
+	fi
+	for s in ${spec_list} ; do
+		create_${s}_specs_file || return 1
+	done
+}
+
+create_gcc_env_entry() {
+	dodir /etc/env.d/gcc
+	local gcc_envd_base="/etc/env.d/gcc/${CTARGET}-${GCC_CONFIG_VER}"
+
+	if [[ -z $1 ]] ; then
+		gcc_envd_file="${D}${gcc_envd_base}"
+		# I'm leaving the following commented out to remind me that it
+		# was an insanely -bad- idea. Stuff broke. GCC_SPECS isnt unset
+		# on chroot or in non-toolchain.eclass gcc ebuilds!
+		#gcc_specs_file="${LIBPATH}/specs"
+		gcc_specs_file=""
+	else
+		gcc_envd_file="${D}${gcc_envd_base}-$1"
+		gcc_specs_file="${LIBPATH}/$1.specs"
+	fi
+
+	echo "PATH=\"${BINPATH}\"" > ${gcc_envd_file}
+	echo "ROOTPATH=\"${BINPATH}\"" >> ${gcc_envd_file}
+
+	if use multilib && ! has_multilib_profile; then
+		LDPATH="${LIBPATH}"
+		for path in 32 64 ; do
+			[[ -d ${LIBPATH}/${path} ]] && LDPATH="${LDPATH}:${LIBPATH}/${path}"
+		done
+	else
+		local MULTIDIR
+		LDPATH="${LIBPATH}"
+
+		# We want to list the default ABI's LIBPATH first so libtool
+		# searches that directory first.  This is a temporary
+		# workaround for libtool being stupid and using .la's from
+		# conflicting ABIs by using the first one in the search path
+
+		local abi=${DEFAULT_ABI}
+		local MULTIDIR=$($(XGCC) $(get_abi_CFLAGS ${abi}) --print-multi-directory)
+		if [[ ${MULTIDIR} == "." ]] ; then
+			LDPATH=${LIBPATH}
+		else
+			LDPATH=${LIBPATH}/${MULTIDIR}
+		fi
+
+		for abi in $(get_all_abis) ; do
+			[[ ${abi} == ${DEFAULT_ABI} ]] && continue
+
+			MULTIDIR=$($(XGCC) $(get_abi_CFLAGS ${abi}) --print-multi-directory)
+			if [[ ${MULTIDIR} == "." ]] ; then
+				LDPATH=${LDPATH}:${LIBPATH}
+			else
+				LDPATH=${LDPATH}:${LIBPATH}/${MULTIDIR}
+			fi
+		done
+	fi
+
+	echo "LDPATH=\"${LDPATH}\"" >> ${gcc_envd_file}
+
+	local mbits
+	CC=$(XGCC) has_m32 && mbits="${mbits:+${mbits} }32"
+	CC=$(XGCC) has_m64 && mbits="${mbits:+${mbits} }64"
+	echo "GCCBITS=\"${mbits}\"" >> ${gcc_envd_file}
+
+	echo "MANPATH=\"${DATAPATH}/man\"" >> ${gcc_envd_file}
+	echo "INFOPATH=\"${DATAPATH}/info\"" >> ${gcc_envd_file}
+	echo "STDCXX_INCDIR=\"${STDCXX_INCDIR##*/}\"" >> ${gcc_envd_file}
+
+	is_crosscompile && echo "CTARGET=${CTARGET}" >> ${gcc_envd_file}
+
+	# Set which specs file to use
+	[[ -n ${gcc_specs_file} ]] && echo "GCC_SPECS=\"${gcc_specs_file}\"" >> ${gcc_envd_file}
+}
+
+add_profile_eselect_conf() {
+	local compiler_config_file=$1
+	local abi=$2
+	local specs=$3
+	local gcc_specs_file
+	local var
+
+	if [[ -z ${specs} ]] ; then
+		# I'm leaving the following commented out to remind me that it
+		# was an insanely -bad- idea. Stuff broke. GCC_SPECS isnt unset
+		# on chroot or in non-toolchain.eclass gcc ebuilds!
+		#gcc_specs_file="${LIBPATH}/specs"
+		gcc_specs_file=""
+
+		if use hardened ; then
+			specs="hardened"
+		else
+			specs="vanilla"
+		fi
+	else
+		gcc_specs_file="${LIBPATH}/${specs}.specs"
+	fi
+
+	echo >> ${compiler_config_file}
+	if ! is_multilib ; then
+		echo "[${specs}]" >> ${compiler_config_file}
+		echo "	ctarget=${CTARGET}" >> ${compiler_config_file}
+	else
+		echo "[${abi}-${specs}]" >> ${compiler_config_file}
+		var="CTARGET_${abi}"
+		if [[ -n ${!var} ]] ; then
+			echo "	ctarget=${!var}" >> ${compiler_config_file}
+		else
+			var="CHOST_${abi}"
+			if [[ -n ${!var} ]] ; then
+				echo "	ctarget=${!var}" >> ${compiler_config_file}
+			else
+				echo "	ctarget=${CTARGET}" >> ${compiler_config_file}
+			fi
+		fi
+	fi
+
+	local MULTIDIR=$($(XGCC) $(get_abi_CFLAGS ${abi}) --print-multi-directory)
+	local LDPATH=${LIBPATH}
+	if [[ ${MULTIDIR} != "." ]] ; then
+		LDPATH="${LIBPATH}/${MULTIDIR}"
+	fi
+
+	echo "	ldpath=${LDPATH}" >> ${compiler_config_file}
+
+	if [[ -n ${gcc_specs_file} ]] ; then
+		echo "	specs=${gcc_specs_file}" >> ${compiler_config_file}
+	fi
+
+	var="CFLAGS_${abi}"
+	if [[ -n ${!var} ]] ; then
+		echo "	cflags=${!var}" >> ${compiler_config_file}
+	fi
+}
+
+create_eselect_conf() {
+	local config_dir="/etc/eselect/compiler"
+	local compiler_config_file="${D}/${config_dir}/${CTARGET}-${GCC_CONFIG_VER}.conf"
+	local abi
+
+	dodir ${config_dir}
+
+	echo "[global]" > ${compiler_config_file}
+	echo "	version=${CTARGET}-${GCC_CONFIG_VER}" >> ${compiler_config_file}
+	echo "	binpath=${BINPATH}" >> ${compiler_config_file}
+	echo "	manpath=${DATAPATH}/man" >> ${compiler_config_file}
+	echo "	infopath=${DATAPATH}/info" >> ${compiler_config_file}
+	echo "	alias_cc=gcc" >> ${compiler_config_file}
+	echo "	stdcxx_incdir=${STDCXX_INCDIR##*/}" >> ${compiler_config_file}
+	echo "	bin_prefix=${CTARGET}" >> ${compiler_config_file}
+
+	# Per spyderous, it is best not to alias the fortran compilers
+	#if [[ -x "${D}/${BINPATH}/${CTARGET}-g77" ]] ; then
+	#	echo "	alias_gfortran=g77" >> ${compiler_config_file}
+	#elif [[ -x "${D}/${BINPATH}/${CTARGET}-gfortran" ]] ; then
+	#	echo "	alias_g77=gfortran" >> ${compiler_config_file}
+	#fi
+
+	for abi in $(get_all_abis) ; do
+		add_profile_eselect_conf "${compiler_config_file}" "${abi}"
+
+		if want_split_specs ; then
+			if use hardened ; then
+				add_profile_eselect_conf "${compiler_config_file}" "${abi}" vanilla
+			elif hardened_gcc_works ; then
+				add_profile_eselect_conf "${compiler_config_file}" "${abi}" hardened
+			fi
+
+			hardened_gcc_works pie &&
+				add_profile_eselect_conf "${compiler_config_file}" "${abi}" hardenednossp
+
+			hardened_gcc_works ssp &&
+				add_profile_eselect_conf "${compiler_config_file}" "${abi}" hardenednopie
+
+			add_profile_eselect_conf "${compiler_config_file}" "${abi}" hardenednopiessp
+		fi
+	done
+}
+
+# concat_minispecs <source spec name> <destination directory> <destination spec name>
+concat_minispecs() {
+	local entry spec newspec
+	newspec="$2/$3"
+	while read entry; do
+		spec=${entry/\%include <}
+		if [[ ${spec} == ${entry} ]]; then
+			printf "%s\n" "$entry" >> ${newspec}
+		else
+			spec=${spec/>}
+			cat "${GCC_FILESDIR}"/specs/${spec} >> ${newspec} ||
+				die "Failed to include microspec ${spec} from $1"
+			cp -f "${GCC_FILESDIR}"/specs/${spec} $2
+		fi
+	done < ${GCC_FILESDIR}/specs/${1}
+}
+
+#----<< specs + env.d logic >>----
+
+#---->> pkg_* <<----
+gcc_pkg_setup() {
+	[[ -z ${ETYPE} ]] && die "Your ebuild needs to set the ETYPE variable"
+
+	# Building a fully hardened compiler with a compiler that doesn't generate
+	# PIEs by default causes conflicts between normal and PIE objects generated
+	# at various stages in the build process.  All stages of the build process
+	# must build the same type of objects.
+	if use hardened && ! gcc-specs-pie; then
+		eerror "You have requested USE=hardened, but you are not using a hardened (PIE)"
+		eerror "spec compiler.  Select a hardened-pie-spec compiler with gcc-config,"
+		eerror "and try again.  If you do not have a hardened-spec compiler (see the"
+		eerror "output of gcc-config -l), emerge with USE='-hardened' first, then select"
+		eerror "the hardened-spec compiler and emerge again with USE=hardened."
+		die "You must build full hardened compilers with hardened-spec compilers"
+	fi
+	# The situation is similar when trying to build a non-hardened compiler with a
+	# hardened compiler.
+	if gcc-specs-pie && ! use hardened; then
+		eerror "You have requested a non-hardened compiler, but you are using a hardened"
+		eerror "compiler to do so, which is inadvisable.  If you really want to build a"
+		eerror "non-hardened compiler, switch to the vanilla compiler with gcc-config"
+		eerror "first."
+		die "You must build non-hardened compilers with vanilla-spec compilers."
+	fi
+
+	if [[ ( $(tc-arch) == "amd64" || $(tc-arch) == "ppc64" ) && ( ${LD_PRELOAD} == "/lib/libsandbox.so" || ${LD_PRELOAD} == "/usr/lib/libsandbox.so" ) ]] && is_multilib ; then
+		eerror "Sandbox in your installed portage does not support compilation."
+		eerror "of a multilib gcc.  Please set FEATURES=-sandbox and try again."
+		eerror "After you have a multilib gcc, re-emerge portage to have a working sandbox."
+		die "No 32bit sandbox.  Retry with FEATURES=-sandbox."
+	fi
+
+	if [[ ${ETYPE} == "gcc-compiler" ]] ; then
+		case $(tc-arch) in
+		mips)
+			# Must compile for mips64-linux target if we want n32/n64 support
+			case "${CTARGET}" in
+				mips64*) ;;
+				*)
+					if use n32 || use n64; then
+						eerror "n32/n64 can only be used when target host is mips64*-*-linux-*";
+						die "Invalid USE flags for CTARGET ($CTARGET)";
+					fi
+				;;
+			esac
+
+			#cannot have both n32 & n64 without multilib
+			if use n32 && use n64 && ! is_multilib; then
+				eerror "Please enable multilib if you want to use both n32 & n64";
+				die "Invalid USE flag combination";
+			fi
+		;;
+		esac
+
+		# Setup variables which would normally be in the profile
+		if is_crosscompile ; then
+			multilib_env ${CTARGET}
+			if ! use multilib ; then
+				MULTILIB_ABIS=${DEFAULT_ABI}
+			fi
+		fi
+
+		# we dont want to use the installed compiler's specs to build gcc!
+		unset GCC_SPECS
+	fi
+
+	want_libssp && libc_has_ssp && \
+		die "libssp cannot be used with a glibc that has been patched to provide ssp symbols"
+}
+
+gcc-compiler_pkg_preinst() {
+	:
+}
+
+gcc-compiler_pkg_postinst() {
+	export LD_LIBRARY_PATH=${LIBPATH}:${LD_LIBRARY_PATH}
+
+	if has_version 'app-admin/eselect-compiler' ; then
+		do_eselect_compiler
+	else
+		do_gcc_config
+	fi
+
+	if ! is_crosscompile ; then
+		echo
+		ewarn "If you have issues with packages unable to locate libstdc++.la,"
+		ewarn "then try running 'fix_libtool_files.sh' on the old gcc versions."
+		echo
+	fi
+
+	# If our gcc-config version doesn't like '-' in it's version string,
+	# tell our users that gcc-config will yell at them, but it's all good.
+	if ! has_version '>=sys-devel/gcc-config-1.3.10-r1' && [[ ${GCC_CONFIG_VER/-/} != ${GCC_CONFIG_VER} ]] ; then
+		ewarn "Your version of gcc-config will issue about having an invalid profile"
+		ewarn "when switching to this profile.  It is safe to ignore this warning,"
+		ewarn "and this problem has been corrected in >=sys-devel/gcc-config-1.3.10-r1."
+	fi
+
+	if ! is_crosscompile && ! use multislot && [[ ${GCCMAJOR}.${GCCMINOR} == 3.4 ]] ; then
+		echo
+		ewarn "You should make sure to rebuild all your C++ packages when"
+		ewarn "upgrading between different versions of gcc.  For example,"
+		ewarn "when moving to gcc-3.4 from gcc-3.3, emerge gentoolkit and run:"
+		ewarn "  # revdep-rebuild --library libstdc++.so.5"
+		echo
+		ewarn "For more information on the steps to take when upgrading "
+		ewarn "from gcc-3.3 please refer to: "
+		ewarn "http://www.gentoo.org/doc/en/gcc-upgrading.xml"
+		echo
+	fi
+
+	if ! is_crosscompile ; then
+		# hack to prevent collisions between SLOT
+		[[ ! -d ${ROOT}/lib/rcscripts/awk ]] \
+			&& mkdir -p "${ROOT}"/lib/rcscripts/awk
+		[[ ! -d ${ROOT}/sbin ]] \
+			&& mkdir -p "${ROOT}"/sbin
+		cp "${ROOT}/${DATAPATH}"/fixlafiles.awk "${ROOT}"/lib/rcscripts/awk/ || die "installing fixlafiles.awk"
+		cp "${ROOT}/${DATAPATH}"/fix_libtool_files.sh "${ROOT}"/sbin/ || die "installing fix_libtool_files.sh"
+
+		# Since these aren't critical files and portage sucks with
+		# handling of binpkgs, don't require these to be found
+		for x in "${ROOT}/${DATAPATH}"/c{89,99} ; do
+			if [[ -e ${x} ]]; then
+				cp ${x} "${ROOT}"/usr/bin/ || die "installing c89/c99"
+			fi
+		done
+	fi
+}
+
+gcc-compiler_pkg_prerm() {
+	# Don't let these files be uninstalled #87647
+	touch -c "${ROOT}"/sbin/fix_libtool_files.sh \
+		"${ROOT}"/lib/rcscripts/awk/fixlafiles.awk
+}
+
+gcc-compiler_pkg_postrm() {
+	# to make our lives easier (and saner), we do the fix_libtool stuff here.
+	# rather than checking SLOT's and trying in upgrade paths, we just see if
+	# the common libstdc++.la exists in the ${LIBPATH} of the gcc that we are
+	# unmerging.  if it does, that means this was a simple re-emerge.
+
+	# clean up the cruft left behind by cross-compilers
+	if is_crosscompile ; then
+		if [[ -z $(ls "${ROOT}"/etc/env.d/gcc/${CTARGET}* 2>/dev/null) ]] ; then
+			rm -f "${ROOT}"/etc/env.d/gcc/config-${CTARGET}
+			rm -f "${ROOT}"/etc/env.d/??gcc-${CTARGET}
+			rm -f "${ROOT}"/usr/bin/${CTARGET}-{gcc,{g,c}++}{,32,64}
+		fi
+		return 0
+	fi
+
+	# ROOT isnt handled by the script
+	[[ ${ROOT} != "/" ]] && return 0
+
+	if [[ ! -e ${LIBPATH}/libstdc++.so ]] ; then
+		einfo "Running 'fix_libtool_files.sh ${GCC_RELEASE_VER}'"
+		/sbin/fix_libtool_files.sh ${GCC_RELEASE_VER}
+		if [[ -n ${BRANCH_UPDATE} ]] ; then
+			einfo "Running 'fix_libtool_files.sh ${GCC_RELEASE_VER}-${BRANCH_UPDATE}'"
+			/sbin/fix_libtool_files.sh ${GCC_RELEASE_VER}-${BRANCH_UPDATE}
+		fi
+	fi
+
+	return 0
+}
+
+#---->> pkg_* <<----
+
+#---->> src_* <<----
+
+# generic GCC src_unpack, to be called from the ebuild's src_unpack.
+# BIG NOTE regarding hardened support: ebuilds with support for hardened are
+# expected to export the following variable:
+#
+#	HARDENED_GCC_WORKS
+#			This variable should be set to the archs on which hardened should
+#			be allowed. For example: HARDENED_GCC_WORKS="x86 sparc amd64"
+#			This allows for additional archs to be supported by hardened when
+#			ready.
+#
+# Travis Tilley <lv@gentoo.org> (03 Sep 2004)
+#
+gcc-compiler_src_unpack() {
+	# fail if using pie patches, building hardened, and glibc doesnt have
+	# the necessary support
+	want_pie && use hardened && glibc_have_pie
+
+	if use hardened && ! want_minispecs ; then
+		einfo "updating configuration to build hardened GCC, old-style"
+		make_gcc_hard || die "failed to make gcc hard"
+	fi
+}
+gcc-library_src_unpack() {
+	:
+}
+guess_patch_type_in_dir() {
+	[[ -n $(ls "$1"/*.bz2 2>/dev/null) ]] \
+		&& EPATCH_SUFFIX="patch.bz2" \
+		|| EPATCH_SUFFIX="patch"
+}
+do_gcc_rename_java_bins() {
+	# bug #139918 - conflict between gcc and java-config-2 for ownership of
+	# /usr/bin/rmi{c,registry}.  Done with mv & sed rather than a patch
+	# because patches would be large (thanks to the rename of man files),
+	# and it's clear from the sed invocations that all that changes is the
+	# rmi{c,registry} names to grmi{c,registry} names.
+	# Kevin F. Quinn 2006-07-12
+	einfo "Renaming jdk executables rmic and rmiregistry to grmic and grmiregistry."
+	# 1) Move the man files if present (missing prior to gcc-3.4)
+	for manfile in rmic rmiregistry; do
+		[[ -f ${S}/gcc/doc/${manfile}.1 ]] || continue
+		mv ${S}/gcc/doc/${manfile}.1 ${S}/gcc/doc/g${manfile}.1
+	done
+	# 2) Fixup references in the docs if present (mission prior to gcc-3.4)
+	for jfile in gcc/doc/gcj.info gcc/doc/grmic.1 gcc/doc/grmiregistry.1 gcc/java/gcj.texi; do
+		[[ -f ${S}/${jfile} ]] || continue
+		sed -i -e 's:rmiregistry:grmiregistry:g' ${S}/${jfile} ||
+			die "Failed to fixup file ${jfile} for rename to grmiregistry"
+		sed -i -e 's:rmic:grmic:g' ${S}/${jfile} ||
+			die "Failed to fixup file ${jfile} for rename to grmic"
+	done
+	# 3) Fixup Makefiles to build the changed executable names
+	#    These are present in all 3.x versions, and are the important bit
+	#    to get gcc to build with the new names.
+	for jfile in libjava/Makefile.am libjava/Makefile.in gcc/java/Make-lang.in; do
+		sed -i -e 's:rmiregistry:grmiregistry:g' ${S}/${jfile} ||
+			die "Failed to fixup file ${jfile} for rename to grmiregistry"
+		# Careful with rmic on these files; it's also the name of a directory
+		# which should be left unchanged.  Replace occurrences of 'rmic$',
+		# 'rmic_' and 'rmic '.
+		sed -i -e 's:rmic\([$_ ]\):grmic\1:g' ${S}/${jfile} ||
+			die "Failed to fixup file ${jfile} for rename to grmic"
+	done
+}
+gcc_src_unpack() {
+	local release_version="Gentoo ${GCC_PVR}"
+
+	[[ -z ${UCLIBC_VER} ]] && [[ ${CTARGET} == *-uclibc* ]] && die "Sorry, this version does not support uClibc"
+
+	gcc_quick_unpack
+	exclude_gcc_patches
+
+	cd ${S:=$(gcc_get_s_dir)}
+
+	if ! use vanilla ; then
+		if [[ -n ${PATCH_VER} ]] ; then
+			guess_patch_type_in_dir "${WORKDIR}"/patch
+			EPATCH_MULTI_MSG="Applying Gentoo patches ..." \
+			epatch "${WORKDIR}"/patch
+		fi
+		if [[ -n ${UCLIBC_VER} ]] ; then
+			guess_patch_type_in_dir "${WORKDIR}"/uclibc
+			EPATCH_MULTI_MSG="Applying uClibc patches ..." \
+			epatch "${WORKDIR}"/uclibc
+		fi
+	fi
+	do_gcc_HTB_patches
+	do_gcc_SSP_patches
+	do_gcc_PIE_patches
+
+	${ETYPE}_src_unpack || die "failed to ${ETYPE}_src_unpack"
+
+	# protoize don't build on FreeBSD, skip it
+	if ! is_crosscompile && ! use elibc_FreeBSD ; then
+		# enable protoize / unprotoize
+		sed -i -e '/^LANGUAGES =/s:$: proto:' "${S}"/gcc/Makefile.in
+	fi
+
+	fix_files=""
+	for x in contrib/test_summary libstdc++-v3/scripts/check_survey.in ; do
+		[[ -e ${x} ]] && fix_files="${fix_files} ${x}"
+	done
+	ht_fix_file ${fix_files} */configure *.sh */Makefile.in
+
+	if ! is_crosscompile && is_multilib && \
+	   [[ ( $(tc-arch) == "amd64" || $(tc-arch) == "ppc64" ) && -z ${SKIP_MULTILIB_HACK} ]] ; then
+		disgusting_gcc_multilib_HACK || die "multilib hack failed"
+	fi
+
+	local version_string=${GCC_CONFIG_VER}
+
+	# Backwards support... add the BRANCH_UPDATE for 3.3.5-r1 and 3.4.3-r1
+	# which set it directly rather than using ${GCC_PV}
+	if [[ ${GCC_PVR} == "3.3.5-r1" || ${GCC_PVR} = "3.4.3-r1" ]] ; then
+		 version_string="${version_string} ${BRANCH_UPDATE}"
+	fi
+
+
+	einfo "patching gcc version: ${version_string} (${release_version})"
+	gcc_version_patch "${version_string}" "${release_version}"
+
+	if [[ ${GCCMAJOR}.${GCCMINOR} > 4.0 ]] ; then
+		if [[ -n ${SNAPSHOT} || -n ${PRERELEASE} ]] ; then
+			echo ${PV/_/-} > "${S}"/gcc/BASE-VER
+			echo "" > "${S}"/gcc/DATESTAMP
+		fi
+	fi
+
+	# Misdesign in libstdc++ (Redhat)
+	if [[ ${GCCMAJOR} -ge 3 ]] && [[ -e ${S}/libstdc++-v3/config/cpu/i486/atomicity.h ]] ; then
+		cp -pPR "${S}"/libstdc++-v3/config/cpu/i{4,3}86/atomicity.h
+	fi
+
+	# disable --as-needed from being compiled into gcc specs
+	# natively when using a gcc version < 3.4.4
+	# http://gcc.gnu.org/bugzilla/show_bug.cgi?id=14992
+	if [[ ${GCCMAJOR} < 3 ]] || \
+	   [[ ${GCCMAJOR}.${GCCMINOR} < 3.4 ]] || \
+	   [[ ${GCCMAJOR}.${GCCMINOR}.${GCCMICRO} < 3.4.4 ]]
+	then
+		sed -i -e s/HAVE_LD_AS_NEEDED/USE_LD_AS_NEEDED/g "${S}"/gcc/config.in
+	fi
+
+	# In gcc 3.3.x and 3.4.x, rename the java bins to gcc-specific names
+	# in line with gcc-4.
+	if [[ ${GCCMAJOR} == 3 ]] &&
+	   [[ ${GCCMINOR} -ge 3 ]]
+	then
+		do_gcc_rename_java_bins
+	fi
+
+	# Fixup libtool to correctly generate .la files with portage
+	cd "${S}"
+	elibtoolize --portage --shallow --no-uclibc
+
+	gnuconfig_update
+
+	# update configure files
+	local f
+	einfo "Fixing misc issues in configure files"
+	for f in $(grep -l 'autoconf version 2.13' $(find "${S}" -name configure)) ; do
+		ebegin "  Updating ${f/${S}\/}"
+		patch "${f}" "${GCC_FILESDIR}"/gcc-configure-LANG.patch >& "${T}"/configure-patch.log \
+			|| eerror "Please file a bug about this"
+		eend $?
+	done
+
+	einfo "Touching generated files"
+	./contrib/gcc_update --touch | \
+		while read f ; do
+			einfo "  ${f%%...}"
+		done
+
+	disable_multilib_libjava || die "failed to disable multilib java"
+}
+
+gcc-library-configure() {
+	# multilib support
+	[[ ${GCC_TARGET_NO_MULTILIB} == "true" ]] \
+		&& confgcc="${confgcc} --disable-multilib" \
+		|| confgcc="${confgcc} --enable-multilib"
+}
+
+gcc-compiler-configure() {
+	# multilib support
+	if is_multilib ; then
+		confgcc="${confgcc} --enable-multilib"
+	elif [[ ${CTARGET} == *-linux* ]] ; then
+		confgcc="${confgcc} --disable-multilib"
+	fi
+
+	if tc_version_is_at_least "4.0" ; then
+		confgcc="${confgcc} $(use_enable mudflap libmudflap)"
+
+		if want_libssp ; then
+			confgcc="${confgcc} --enable-libssp"
+		else
+			export gcc_cv_libc_provides_ssp=yes
+			confgcc="${confgcc} --disable-libssp"
+		fi
+	fi
+
+	# GTK+ is preferred over xlib in 3.4.x (xlib is unmaintained
+	# right now). Much thanks to <csm@gnu.org> for the heads up.
+	# Travis Tilley <lv@gentoo.org>  (11 Jul 2004)
+	if ! is_gcj ; then
+		confgcc="${confgcc} --disable-libgcj"
+	elif use gtk ; then
+		confgcc="${confgcc} --enable-java-awt=gtk"
+	fi
+
+	case $(tc-arch) in
+		# Add --with-abi flags to set default MIPS ABI
+		mips)
+		local mips_abi=""
+		use n64 && mips_abi="--with-abi=64"
+		use n32 && mips_abi="--with-abi=n32"
+		[[ -n ${mips_abi} ]] && confgcc="${confgcc} ${mips_abi}"
+		;;
+		# Enable sjlj exceptions for backward compatibility on hppa
+		hppa)
+			[[ ${GCC_PV:0:1} == "3" ]] && \
+			confgcc="${confgcc} --enable-sjlj-exceptions"
+		;;
+	esac
+
+	GCC_LANG="c"
+	is_cxx && GCC_LANG="${GCC_LANG},c++"
+	is_gcj && GCC_LANG="${GCC_LANG},java"
+	if is_objc || is_objcxx ; then
+		GCC_LANG="${GCC_LANG},objc"
+		use objc-gc && confgcc="${confgcc} --enable-objc-gc"
+		is_objcxx && GCC_LANG="${GCC_LANG},obj-c++"
+	fi
+
+	# fortran support just got sillier! the lang value can be f77 for
+	# fortran77, f95 for fortran95, or just plain old fortran for the
+	# currently supported standard depending on gcc version.
+	is_fortran && GCC_LANG="${GCC_LANG},fortran"
+	is_f77 && GCC_LANG="${GCC_LANG},f77"
+	is_f95 && GCC_LANG="${GCC_LANG},f95"
+
+	# We do NOT want 'ADA support' in here!
+	# is_ada && GCC_LANG="${GCC_LANG},ada"
+
+	einfo "configuring for GCC_LANG: ${GCC_LANG}"
+}
+
+# Other than the variables described for gcc_setup_variables, the following
+# will alter tha behavior of gcc_do_configure:
+#
+#	CTARGET
+#	CBUILD
+#			Enable building for a target that differs from CHOST
+#
+#	GCC_TARGET_NO_MULTILIB
+#			Disable multilib. Useful when building single library targets.
+#
+#	GCC_LANG
+#			Enable support for ${GCC_LANG} languages. defaults to just "c"
+#
+# Travis Tilley <lv@gentoo.org> (04 Sep 2004)
+#
+gcc_do_configure() {
+	local confgcc
+
+	# Set configuration based on path variables
+	confgcc="${confgcc} \
+		--prefix=${PREFIX} \
+		--bindir=${BINPATH} \
+		--includedir=${INCLUDEPATH} \
+		--datadir=${DATAPATH} \
+		--mandir=${DATAPATH}/man \
+		--infodir=${DATAPATH}/info \
+		--with-gxx-include-dir=${STDCXX_INCDIR}"
+
+	# All our cross-compile logic goes here !  woo !
+	confgcc="${confgcc} --host=${CHOST}"
+	if is_crosscompile || tc-is-cross-compiler ; then
+		# Straight from the GCC install doc:
+		# "GCC has code to correctly determine the correct value for target
+		# for nearly all native systems. Therefore, we highly recommend you
+		# not provide a configure target when configuring a native compiler."
+		confgcc="${confgcc} --target=${CTARGET}"
+	fi
+	[[ -n ${CBUILD} ]] && confgcc="${confgcc} --build=${CBUILD}"
+
+	# ppc altivec support
+	confgcc="${confgcc} $(use_enable altivec)"
+
+	[[ ${CTARGET//_/-} == *-softfloat-* ]] && confgcc="${confgcc} --with-float=soft"
+
+	# Native Language Support
+	if use nls && ! use build ; then
+		confgcc="${confgcc} --enable-nls --without-included-gettext"
+	else
+		confgcc="${confgcc} --disable-nls"
+	fi
+
+	# reasonably sane globals (hopefully)
+	# --disable-libunwind-exceptions needed till unwind sections get fixed. see ps.m for details
+	confgcc="${confgcc} \
+		--with-system-zlib \
+		--disable-checking \
+		--disable-werror \
+		--disable-libunwind-exceptions"
+
+	# etype specific configuration
+	einfo "running ${ETYPE}-configure"
+	${ETYPE}-configure || die
+
+	# if not specified, assume we are building for a target that only
+	# requires C support
+	GCC_LANG=${GCC_LANG:-c}
+	confgcc="${confgcc} --enable-languages=${GCC_LANG}"
+
+	if is_crosscompile ; then
+		# When building a stage1 cross-compiler (just C compiler), we have to
+		# disable a bunch of features or gcc goes boom
+		local needed_libc=""
+		case ${CTARGET} in
+			*-linux)    needed_libc=no-fucking-clue;;
+			*-dietlibc) needed_libc=dietlibc;;
+			*-freebsd*) needed_libc=freebsd-lib;;
+			*-gnu*)     needed_libc=glibc;;
+			*-klibc)    needed_libc=klibc;;
+			*-uclibc*)  needed_libc=uclibc;;
+			mingw*)     needed_libc=mingw-runtime;;
+			avr)        confgcc="${confgcc} --enable-shared --disable-threads";;
+		esac
+		if [[ -n ${needed_libc} ]] ; then
+			if ! has_version ${CATEGORY}/${needed_libc} ; then
+				confgcc="${confgcc} --disable-shared --disable-threads --without-headers"
+			elif built_with_use ${CATEGORY}/${needed_libc} crosscompile_opts_headers-only ; then
+				confgcc="${confgcc} --disable-shared --with-sysroot=${PREFIX}/${CTARGET}"
+			else
+				confgcc="${confgcc} --with-sysroot=${PREFIX}/${CTARGET}"
+			fi
+		fi
+
+		if [[ ${GCCMAJOR}.${GCCMINOR} > 4.1 ]] ; then
+			confgcc="${confgcc} --disable-bootstrap"
+		fi
+	elif [[ ${CHOST} != mingw* ]] ; then
+		confgcc="${confgcc} --enable-shared --enable-threads=posix"
+
+		if [[ ${GCCMAJOR}.${GCCMINOR} > 4.1 ]] ; then
+			confgcc="${confgcc} --enable-bootstrap"
+		fi
+	fi
+	# __cxa_atexit is "essential for fully standards-compliant handling of
+	# destructors", but apparently requires glibc.
+	# --enable-sjlj-exceptions : currently the unwind stuff seems to work
+	# for statically linked apps but not dynamic
+	# so use setjmp/longjmp exceptions by default
+	if [[ ${CTARGET} == *-uclibc* ]] ; then
+		[[ ${GCCMAJOR} < 4 ]] && confgcc="${confgcc} --enable-sjlj-exceptions"
+		confgcc="${confgcc} --enable-__cxa_atexit --enable-target-optspace"
+		[[ ${GCCMAJOR}.${GCCMINOR} == 3.3 ]] && \
+			confgcc="${confgcc} --enable-sjlj-exceptions"
+	elif [[ ${CTARGET} == *-gnu* ]] ; then
+		confgcc="${confgcc} --enable-__cxa_atexit"
+	fi
+	[[ ${CTARGET} == *-gnu* ]] && confgcc="${confgcc} --enable-clocale=gnu"
+	[[ ${CTARGET} == *-uclibc* ]] && [[ ${GCCMAJOR}.${GCCMINOR} > 3.3 ]] \
+		&& confgcc="${confgcc} --enable-clocale=uclibc"
+
+	# Nothing wrong with a good dose of verbosity
+	echo
+	einfo "PREFIX:          ${PREFIX}"
+	einfo "BINPATH:         ${BINPATH}"
+	einfo "LIBPATH:         ${LIBPATH}"
+	einfo "DATAPATH:        ${DATAPATH}"
+	einfo "STDCXX_INCDIR:   ${STDCXX_INCDIR}"
+	echo
+	einfo "Configuring GCC with: ${confgcc//--/\n\t--} ${@} ${EXTRA_ECONF}"
+	echo
+
+	if ! ( use build || use nocxx ) && [[ ${CTARGET} == *-uclibc* ]] ; then
+		pushd ${S}/libstdc++-v3
+		[[ ${GCCMAJOR}.${GCCMINOR} < 3.4 ]] && autoconf
+		popd
+	fi
+
+	# Build in a separate build tree
+	mkdir -p "${WORKDIR}"/build
+	pushd "${WORKDIR}"/build > /dev/null
+
+	# and now to do the actual configuration
+	addwrite /dev/zero
+	"${S}"/configure ${confgcc} $@ ${EXTRA_ECONF} \
+		|| die "failed to run configure"
+
+	# return to whatever directory we were in before
+	popd > /dev/null
+}
+
+# This function accepts one optional argument, the make target to be used.
+# If ommitted, gcc_do_make will try to guess whether it should use all,
+# profiledbootstrap, or bootstrap-lean depending on CTARGET and arch. An
+# example of how to use this function:
+#
+#	gcc_do_make all-target-libstdc++-v3
+#
+# In addition to the target to be used, the following variables alter the
+# behavior of this function:
+#
+#	LDFLAGS
+#			Flags to pass to ld
+#
+#	STAGE1_CFLAGS
+#			CFLAGS to use during stage1 of a gcc bootstrap
+#
+#	BOOT_CFLAGS
+#			CFLAGS to use during stages 2+3 of a gcc bootstrap.
+#
+# Travis Tilley <lv@gentoo.org> (04 Sep 2004)
+#
+gcc_do_make() {
+	# Fix for libtool-portage.patch
+	local OLDS=${S}
+	S=${WORKDIR}/build
+
+	# Set make target to $1 if passed
+	[[ -n $1 ]] && GCC_MAKE_TARGET=$1
+	# default target
+	if is_crosscompile || tc-is-cross-compiler ; then
+		# 3 stage bootstrapping doesnt quite work when you cant run the
+		# resulting binaries natively ^^;
+		GCC_MAKE_TARGET=${GCC_MAKE_TARGET-all}
+	elif [[ $(tc-arch) == "x86" || $(tc-arch) == "amd64" || $(tc-arch) == "ppc64" ]] \
+	 	&& [[ ${GCCMAJOR}.${GCCMINOR} > 3.3 ]]
+	then
+		GCC_MAKE_TARGET=${GCC_MAKE_TARGET-profiledbootstrap}
+	else
+		GCC_MAKE_TARGET=${GCC_MAKE_TARGET-bootstrap-lean}
+	fi
+
+	# the gcc docs state that parallel make isnt supported for the
+	# profiledbootstrap target, as collisions in profile collecting may occur.
+	[[ ${GCC_MAKE_TARGET} == "profiledbootstrap" ]] && export MAKEOPTS="${MAKEOPTS} -j1"
+
+	# boundschecking seems to introduce parallel build issues
+	want_boundschecking && export MAKEOPTS="${MAKEOPTS} -j1"
+
+	if [[ ${GCC_MAKE_TARGET} == "all" ]] ; then
+		STAGE1_CFLAGS=${STAGE1_CFLAGS-"${CFLAGS}"}
+	elif [[ $(gcc-version) == "3.4" && ${GCC_BRANCH_VER} == "3.4" ]] && gcc-specs-ssp ; then
+		# See bug #79852
+		STAGE1_CFLAGS=${STAGE1_CFLAGS-"-O2"}
+	else
+		STAGE1_CFLAGS=${STAGE1_CFLAGS-"-O"}
+	fi
+	gcc-specs-pie && STAGE1_CFLAGS="${STAGE1_CFLAGS} -fno-PIE"
+
+	if is_crosscompile; then
+		# In 3.4, BOOT_CFLAGS is never used on a crosscompile...
+		# but I'll leave this in anyways as someone might have had
+		# some reason for putting it in here... --eradicator
+		BOOT_CFLAGS=${BOOT_CFLAGS-"-O2"}
+	else
+		# we only want to use the system's CFLAGS if not building a
+		# cross-compiler.
+		BOOT_CFLAGS=${BOOT_CFLAGS-"$(get_abi_CFLAGS) ${CFLAGS}"}
+	fi
+
+	pushd "${WORKDIR}"/build
+	einfo "Running make LDFLAGS=\"${LDFLAGS}\" STAGE1_CFLAGS=\"${STAGE1_CFLAGS}\" LIBPATH=\"${LIBPATH}\" BOOT_CFLAGS=\"${BOOT_CFLAGS}\" ${GCC_MAKE_TARGET}"
+
+	emake \
+		LDFLAGS="${LDFLAGS}" \
+		STAGE1_CFLAGS="${STAGE1_CFLAGS}" \
+		LIBPATH="${LIBPATH}" \
+		BOOT_CFLAGS="${BOOT_CFLAGS}" \
+		${GCC_MAKE_TARGET} \
+		|| die "emake failed with ${GCC_MAKE_TARGET}"
+
+	if ! use build && ! is_crosscompile && ! use nocxx && use doc ; then
+		if type -p doxygen > /dev/null ; then
+			cd "${CTARGET}"/libstdc++-v3
+			make doxygen-man || ewarn "failed to make docs"
+		else
+			ewarn "Skipping libstdc++ manpage generation since you don't have doxygen installed"
+		fi
+	fi
+
+	popd
+}
+
+# This function will add ${GCC_CONFIG_VER} to the names of all shared libraries in the
+# directory specified to avoid filename collisions between multiple slotted
+# non-versioned gcc targets. If no directory is specified, it is assumed that
+# you want -all- shared objects to have ${GCC_CONFIG_VER} added. Example
+#
+#	add_version_to_shared ${D}/usr/$(get_libdir)
+#
+# Travis Tilley <lv@gentoo.org> (05 Sep 2004)
+#
+add_version_to_shared() {
+	local sharedlib sharedlibdir
+	[[ -z $1 ]] \
+		&& sharedlibdir=${D} \
+		|| sharedlibdir=$1
+
+	for sharedlib in $(find ${sharedlibdir} -name *.so.*) ; do
+		if [[ ! -L ${sharedlib} ]] ; then
+			einfo "Renaming `basename "${sharedlib}"` to `basename "${sharedlib/.so*/}-${GCC_CONFIG_VER}.so.${sharedlib/*.so./}"`"
+			mv "${sharedlib}" "${sharedlib/.so*/}-${GCC_CONFIG_VER}.so.${sharedlib/*.so./}" \
+				|| die
+			pushd `dirname "${sharedlib}"` > /dev/null || die
+			ln -sf "`basename "${sharedlib/.so*/}-${GCC_CONFIG_VER}.so.${sharedlib/*.so./}"`" \
+				"`basename "${sharedlib}"`" || die
+			popd > /dev/null || die
+		fi
+	done
+}
+
+# This is mostly a stub function to be overwritten in an ebuild
+gcc_do_filter_flags() {
+	strip-flags
+
+	# In general gcc does not like optimization, and add -O2 where
+	# it is safe.  This is especially true for gcc 3.3 + 3.4
+	replace-flags -O? -O2
+
+	# ... sure, why not?
+	strip-unsupported-flags
+
+	# dont want to funk ourselves
+	filter-flags '-mabi*' -m31 -m32 -m64
+
+	case ${GCC_BRANCH_VER} in
+	3.2|3.3)
+		case $(tc-arch) in
+			x86)   filter-flags '-mtune=*';;
+			amd64) filter-flags '-mtune=*'
+			   	replace-cpu-flags k8 athlon64 opteron i686;;
+		esac
+		;;
+	3.4|4.*)
+		case $(tc-arch) in
+			x86|amd64) filter-flags '-mcpu=*';;
+		esac
+		;;
+	esac
+
+	# Compile problems with these (bug #6641 among others)...
+	#filter-flags "-fno-exceptions -fomit-frame-pointer -fforce-addr"
+
+	# CFLAGS logic (verified with 3.4.3):
+	# CFLAGS:
+	#   This conflicts when creating a crosscompiler, so set to a sane
+	#     default in this case:
+	#   used in ./configure and elsewhere for the native compiler
+	#   used by gcc when creating libiberty.a
+	#   used by xgcc when creating libstdc++ (and probably others)!
+	#     this behavior should be removed...
+	#
+	# CXXFLAGS:
+	#   used by xgcc when creating libstdc++
+	#
+	# STAGE1_CFLAGS (not used in creating a crosscompile gcc):
+	#   used by ${CHOST}-gcc for building stage1 compiler
+	#
+	# BOOT_CFLAGS (not used in creating a crosscompile gcc):
+	#   used by xgcc for building stage2/3 compiler
+
+	if is_crosscompile ; then
+		# Set this to something sane for both native and target
+		CFLAGS="-O2 -pipe"
+
+		local VAR="CFLAGS_"${CTARGET//-/_}
+		CXXFLAGS=${!VAR}
+	fi
+
+	export GCJFLAGS=${GCJFLAGS:-${CFLAGS}}
+}
+
+gcc_src_compile() {
+	gcc_do_filter_flags
+	einfo "CFLAGS=\"${CFLAGS}\""
+	einfo "CXXFLAGS=\"${CXXFLAGS}\""
+
+	# Build gcc itself always with no-pie specs, otherwise you get
+	# a mess with PIE-built support objects (crtbegin.o etc).
+	# For the build of stage1 (which uses the already-installed compiler)
+	# this will only have an effect if the built-in specs have the
+	# call-outs; however we set -fno-PIE for stage1 to cover this case.
+	if want_minispecs ; then
+		if use hardened ; then
+			# Use no-PIE specs for building gcc
+#		if hardened_gcc_works ; then
+#			concat_minispecs hardened.specs "${WORKDIR}" build.specs
+#		elif hardened_gcc_works pie ; then
+#			concat_minispecs hardenednossp.specs "${WORKDIR}" build.specs
+			if hardened_gcc_works ssp ; then
+				concat_minispecs hardenednopie.specs "${WORKDIR}" build.specs
+			else
+				concat_minispecs hardenednopiessp.specs "${WORKDIR}" build.specs
+			fi
+		else
+			concat_minispecs vanilla.specs "${WORKDIR}" build.specs
+		fi
+		export GCC_SPECS="${WORKDIR}"/build.specs
+	fi
+
+	# Build in a separate build tree
+	mkdir -p "${WORKDIR}"/build
+	pushd "${WORKDIR}"/build > /dev/null
+
+	# Install our pre generated manpages if we do not have perl ...
+	[[ ! -x /usr/bin/perl ]] && [[ -n ${MAN_VER} ]] && \
+		unpack gcc-${MAN_VER}-manpages.tar.bz2
+
+	einfo "Configuring ${PN} ..."
+	gcc_do_configure
+
+	touch "${S}"/gcc/c-gperf.h
+
+	# Do not make manpages if we do not have perl ...
+	[[ ! -x /usr/bin/perl ]] \
+		&& find "${WORKDIR}"/build -name '*.[17]' | xargs touch
+
+	einfo "Compiling ${PN} ..."
+	gcc_do_make ${GCC_MAKE_TARGET}
+
+	# Do not create multiple specs files for PIE+SSP if boundschecking is in
+	# USE, as we disable PIE+SSP when it is (comment is obsolete).
+	if [[ ${ETYPE} == "gcc-compiler" ]] && want_split_specs ; then
+		split_out_specs_files || die "failed to split out specs"
+	fi
+
+	popd > /dev/null
+}
+
+gcc_src_test() {
+	cd "${WORKDIR}"/build
+	make check || ewarn "check failed and that sucks :("
+}
+
+gcc-library_src_install() {
+	einfo "Installing ${PN} ..."
+	# Do the 'make install' from the build directory
+	cd "${WORKDIR}"/build
+	S=${WORKDIR}/build \
+	make DESTDIR="${D}" \
+		prefix=${PREFIX} \
+		bindir=${BINPATH} \
+		includedir=${LIBPATH}/include \
+		datadir=${DATAPATH} \
+		mandir=${DATAPATH}/man \
+		infodir=${DATAPATH}/info \
+		LIBPATH="${LIBPATH}" \
+		${GCC_INSTALL_TARGET} || die
+
+	if [[ ${GCC_LIB_COMPAT_ONLY} == "true" ]] ; then
+		rm -rf "${D}"${INCLUDEPATH}
+		rm -rf "${D}"${DATAPATH}
+		pushd "${D}"${LIBPATH}/
+		rm *.a *.la *.so
+		popd
+	fi
+
+	if [[ -n ${GCC_LIB_USE_SUBDIR} ]] ; then
+		mkdir -p "${WORKDIR}"/${GCC_LIB_USE_SUBDIR}/
+		mv "${D}"${LIBPATH}/* "${WORKDIR}"/${GCC_LIB_USE_SUBDIR}/
+		mv "${WORKDIR}"/${GCC_LIB_USE_SUBDIR}/ "${D}"${LIBPATH}
+
+		dodir /etc/env.d
+		echo "LDPATH=\"${LIBPATH}/${GCC_LIB_USE_SUBDIR}/\"" >> "${D}"/etc/env.d/99${PN}
+	fi
+
+	if [[ ${GCC_VAR_TYPE} == "non-versioned" ]] ; then
+		# if we're not using versioned directories, we need to use versioned
+		# filenames.
+		add_version_to_shared
+	fi
+}
+
+gcc-compiler_src_install() {
+	local x=
+
+	# Do allow symlinks in ${PREFIX}/lib/gcc-lib/${CHOST}/${GCC_CONFIG_VER}/include as
+	# this can break the build.
+	for x in "${WORKDIR}"/build/gcc/include/* ; do
+		[[ -L ${x} ]] && rm -f "${x}"
+	done
+	# Remove generated headers, as they can cause things to break
+	# (ncurses, openssl, etc).
+	for x in $(find "${WORKDIR}"/build/gcc/include/ -name '*.h') ; do
+		grep -q 'It has been auto-edited by fixincludes from' "${x}" \
+			&& rm -f "${x}"
+	done
+	einfo "Installing GCC..."
+	# Do the 'make install' from the build directory
+	cd "${WORKDIR}"/build
+	S=${WORKDIR}/build \
+	make DESTDIR="${D}" install || die
+	# Punt some tools which are really only useful while building gcc
+	rm -r "${D}${LIBEXECPATH}"/install-tools
+	# This one comes with binutils
+	find "${D}" -name libiberty.a -exec rm -f {} \;
+	# Move libgcj.pc to libgcj-${PV}
+	mv ${D}/usr/lib/pkgconfig/libgcj.pc ${D}/usr/lib/pkgconfig/libgcj-${PV}.pc
+
+	# Move the libraries to the proper location
+	gcc_movelibs
+
+	# Basic sanity check
+	if ! is_crosscompile ; then
+		local EXEEXT
+		eval $(grep ^EXEEXT= "${WORKDIR}"/build/gcc/config.log)
+		[[ -r ${D}${BINPATH}/gcc${EXEEXT} ]] || die "gcc not found in ${D}"
+	fi
+
+	dodir /etc/env.d/gcc
+	create_gcc_env_entry
+
+	if want_split_specs ; then
+		if use hardened ; then
+			create_gcc_env_entry vanilla
+		elif hardened_gcc_works ; then
+			create_gcc_env_entry hardened
+		fi
+
+		hardened_gcc_works pie &&
+			create_gcc_env_entry hardenednossp
+
+		hardened_gcc_works ssp &&
+			create_gcc_env_entry hardenednopie
+
+		create_gcc_env_entry hardenednopiessp
+
+		insinto ${LIBPATH}
+		doins "${WORKDIR}"/build/*.specs || die "failed to install specs"
+	fi
+
+	# Make sure we dont have stuff lying around that
+	# can nuke multiple versions of gcc
+	if ! use build ; then
+		cd ${D}${LIBPATH}
+
+		# Move Java headers to compiler-specific dir
+		for x in ${D}${PREFIX}/include/gc*.h ${D}${PREFIX}/include/j*.h ; do
+			[[ -f ${x} ]] && mv -f "${x}" ${D}${LIBPATH}/include/
+		done
+		for x in gcj gnu java javax org ; do
+			if [[ -d ${D}${PREFIX}/include/${x} ]] ; then
+				dodir /${LIBPATH}/include/${x}
+				mv -f ${D}${PREFIX}/include/${x}/* ${D}${LIBPATH}/include/${x}/
+				rm -rf ${D}${PREFIX}/include/${x}
+			fi
+		done
+
+		if [[ -d ${D}${PREFIX}/lib/security ]] ; then
+			dodir /${LIBPATH}/security
+			mv -f ${D}${PREFIX}/lib/security/* ${D}${LIBPATH}/security
+			rm -rf ${D}${PREFIX}/lib/security
+		fi
+
+		# Move libgcj.spec to compiler-specific directories
+		[[ -f ${D}${PREFIX}/lib/libgcj.spec ]] && \
+			mv -f ${D}${PREFIX}/lib/libgcj.spec ${D}${LIBPATH}/libgcj.spec
+
+		# Rename jar because it could clash with Kaffe's jar if this gcc is
+		# primary compiler (aka don't have the -<version> extension)
+		cd ${D}${BINPATH}
+		[[ -f jar ]] && mv -f jar gcj-jar
+
+		# Move <cxxabi.h> to compiler-specific directories
+		[[ -f ${D}${STDCXX_INCDIR}/cxxabi.h ]] && \
+			mv -f ${D}${STDCXX_INCDIR}/cxxabi.h ${D}${LIBPATH}/include/
+
+		# These should be symlinks
+		dodir /usr/bin
+		cd "${D}"${BINPATH}
+		for x in cpp gcc g++ c++ g77 gcj gcjh gfortran ; do
+			# For some reason, g77 gets made instead of ${CTARGET}-g77...
+			# this should take care of that
+			[[ -f ${x} ]] && mv ${x} ${CTARGET}-${x}
+
+			if [[ -f ${CTARGET}-${x} ]] && ! is_crosscompile ; then
+				ln -sf ${CTARGET}-${x} ${x}
+
+				# Create version-ed symlinks
+				dosym ${BINPATH}/${CTARGET}-${x} \
+					/usr/bin/${CTARGET}-${x}-${GCC_CONFIG_VER}
+				dosym ${BINPATH}/${CTARGET}-${x} \
+					/usr/bin/${x}-${GCC_CONFIG_VER}
+			fi
+
+			if [[ -f ${CTARGET}-${x}-${GCC_CONFIG_VER} ]] ; then
+				rm -f ${CTARGET}-${x}-${GCC_CONFIG_VER}
+				ln -sf ${CTARGET}-${x} ${CTARGET}-${x}-${GCC_CONFIG_VER}
+			fi
+		done
+
+		# I do not know if this will break gcj stuff, so I'll only do it for
+		#   objc for now; basically "ffi.h" is the correct file to include,
+		#   but it gets installed in .../GCCVER/include and yet it does
+		#   "#include <ffitarget.h>" which (correctly, as it's an "extra" file)
+		#   is installed in .../GCCVER/include/libffi; the following fixes
+		#   ffi.'s include of ffitarget.h - Armando Di Cianno <fafhrd@gentoo.org>
+		if is_objc && ! is_gcj ; then
+			#dosed "s:<ffitarget.h>:<libffi/ffitarget.h>:g" /${LIBPATH}/include/ffi.h
+			mv "${D}"${LIBPATH}/include/libffi/* "${D}"${LIBPATH}/include
+			rm -Rf "${D}"${LIBPATH}/include/libffi
+		fi
+	fi
+
+	# Now do the fun stripping stuff
+	env RESTRICT="" CHOST=${CHOST} prepstrip "${D}${BINPATH}" "${D}${LIBEXECPATH}"
+	env RESTRICT="" CHOST=${CTARGET} prepstrip "${D}${LIBPATH}"
+
+	cd "${S}"
+	if use build || is_crosscompile; then
+		rm -rf "${D}"/usr/share/{man,info}
+		rm -rf "${D}"${DATAPATH}/{man,info}
+	else
+		local cxx_mandir=${WORKDIR}/build/${CTARGET}/libstdc++-v3/docs/doxygen/man
+		if [[ -d ${cxx_mandir} ]] ; then
+			# clean bogus manpages #113902
+			find "${cxx_mandir}" -name '*_build_*' -exec rm {} \;
+			cp -r "${cxx_mandir}"/man? "${D}/${DATAPATH}"/man/
+		fi
+		has noinfo ${FEATURES} \
+			&& rm -r "${D}/${DATAPATH}"/info \
+			|| prepinfo "${DATAPATH}"
+		has noman ${FEATURES} \
+			&& rm -r "${D}/${DATAPATH}"/man \
+			|| prepman "${DATAPATH}"
+	fi
+	# prune empty dirs left behind
+	find "${D}" -type d | xargs rmdir >& /dev/null
+
+	# Rather install the script, else portage with changing $FILESDIR
+	# between binary and source package borks things ....
+	if ! is_crosscompile ; then
+		insinto "${DATAPATH}"
+		if tc_version_is_at_least 4.0 ; then
+			newins "${GCC_FILESDIR}"/awk/fixlafiles.awk-no_gcc_la fixlafiles.awk || die
+			find "${D}/${LIBPATH}" -name libstdc++.la -type f -exec rm "{}" \;
+		else
+			doins "${GCC_FILESDIR}"/awk/fixlafiles.awk || die
+		fi
+		exeinto "${DATAPATH}"
+		doexe "${GCC_FILESDIR}"/fix_libtool_files.sh || die
+		doexe "${GCC_FILESDIR}"/c{89,99} || die
+	fi
+
+	# use gid of 0 because some stupid ports don't have
+	# the group 'root' set to gid 0
+	chown -R root:0 "${D}"${LIBPATH}
+
+	# Create config files for eselect-compiler
+	create_eselect_conf
+
+	# Build system specs file which, if it exists, must be a complete set of
+	# specs as it completely and unconditionally overrides the builtin specs.
+	if use hardened && want_minispecs ; then
+		$(XGCC) -dumpspecs > "${WORKDIR}"/build/specs
+		if hardened_gcc_works ; then
+			concat_minispecs hardened.specs "${WORKDIR}"/build specs
+		elif hardened_gcc_works pie ; then
+			concat_minispecs hardenednossp.specs "${WORKDIR}"/build specs
+		elif hardened_gcc_works ssp ; then
+			concat_minispecs hardenednopie.specs "${WORKDIR}"/build specs
+		else
+			concat_minispecs hardenednopiessp.specs "${WORKDIR}"/build specs
+		fi
+		insinto ${LIBPATH}
+		doins "${WORKDIR}"/build/specs || die "Failed to install hardened system specs"
+	fi
+}
+
+# Move around the libs to the right location.  For some reason,
+# when installing gcc, it dumps internal libraries into /usr/lib
+# instead of the private gcc lib path
+gcc_movelibs() {
+	local multiarg removedirs=""
+	for multiarg in $($(XGCC) -print-multi-lib) ; do
+		multiarg=${multiarg#*;}
+		multiarg=${multiarg//@/ -}
+
+		local OS_MULTIDIR=$($(XGCC) ${multiarg} --print-multi-os-directory)
+		local MULTIDIR=$($(XGCC) ${multiarg} --print-multi-directory)
+		local TODIR=${D}${LIBPATH}/${MULTIDIR}
+		local FROMDIR=
+
+		[[ -d ${TODIR} ]] || mkdir -p ${TODIR}
+
+		for FROMDIR in \
+			${LIBPATH}/${OS_MULTIDIR} \
+			${LIBPATH}/../${MULTIDIR} \
+			${PREFIX}/lib/${OS_MULTIDIR} \
+			${PREFIX}/${CTARGET}/lib/${OS_MULTIDIR} \
+			${PREFIX}/lib/${MULTIDIR}
+		do
+			removedirs="${removedirs} ${FROMDIR}"
+			FROMDIR=${D}${FROMDIR}
+			if [[ ${FROMDIR} != "${TODIR}" && -d ${FROMDIR} ]] ; then
+				local files=$(find "${FROMDIR}" -maxdepth 1 ! -type d 2>/dev/null)
+				if [[ -n ${files} ]] ; then
+					mv ${files} "${TODIR}"
+				fi
+			fi
+		done
+	done
+
+	# We remove directories separately to avoid this case:
+	#   mv SRC/lib/../lib/*.o DEST
+	#   rmdir SRC/lib/../lib/
+	#   mv SRC/lib/../lib32/*.o DEST  # Bork
+	for FROMDIR in ${removedirs} ; do
+		rmdir "${D}"${FROMDIR} >& /dev/null
+	done
+	find "${D}" -type d | xargs rmdir >& /dev/null
+
+	# make sure the libtool archives have libdir set to where they actually
+	# -are-, and not where they -used- to be.
+	fix_libtool_libdir_paths "$(find ${D}${LIBPATH} -name *.la)"
+}
+
+#----<< src_* >>----
+
+#---->> unorganized crap in need of refactoring follows
+
+# gcc_quick_unpack will unpack the gcc tarball and patches in a way that is
+# consistant with the behavior of get_gcc_src_uri. The only patch it applies
+# itself is the branch update if present.
+#
+# Travis Tilley <lv@gentoo.org> (03 Sep 2004)
+#
+gcc_quick_unpack() {
+	pushd "${WORKDIR}" > /dev/null
+	export PATCH_GCC_VER=${PATCH_GCC_VER:-${GCC_RELEASE_VER}}
+	export UCLIBC_GCC_VER=${UCLIBC_GCC_VER:-${PATCH_GCC_VER}}
+	export PIE_GCC_VER=${PIE_GCC_VER:-${GCC_RELEASE_VER}}
+	export PP_GCC_VER=${PP_GCC_VER:-${GCC_RELEASE_VER}}
+	export HTB_GCC_VER=${HTB_GCC_VER:-${GCC_RELEASE_VER}}
+
+	if [[ -n ${GCC_A_FAKEIT} ]] ; then
+		unpack ${GCC_A_FAKEIT}
+	elif [[ -n ${PRERELEASE} ]] ; then
+		unpack gcc-${PRERELEASE}.tar.bz2
+	elif [[ -n ${SNAPSHOT} ]] ; then
+		unpack gcc-${SNAPSHOT}.tar.bz2
+	else
+		unpack gcc-${GCC_RELEASE_VER}.tar.bz2
+		# We want branch updates to be against a release tarball
+		if [[ -n ${BRANCH_UPDATE} ]] ; then
+			pushd ${S:-"$(gcc_get_s_dir)"} > /dev/null
+			epatch ${DISTDIR}/gcc-${GCC_RELEASE_VER}-branch-update-${BRANCH_UPDATE}.patch.bz2
+			popd > /dev/null
+		fi
+	fi
+
+	[[ -n ${PATCH_VER} ]] && \
+		unpack gcc-${PATCH_GCC_VER}-patches-${PATCH_VER}.tar.bz2
+
+	[[ -n ${UCLIBC_VER} ]] && \
+		unpack gcc-${UCLIBC_GCC_VER}-uclibc-patches-${UCLIBC_VER}.tar.bz2
+
+	if want_ssp && ! gcc_has_native_ssp ; then
+		if [[ -n ${PP_FVER} ]] ; then
+			# The gcc 3.4 propolice versions are meant to be unpacked to ${S}
+			pushd ${S:-$(gcc_get_s_dir)} > /dev/null
+			unpack protector-${PP_FVER}.tar.gz
+			popd > /dev/null
+		else
+			unpack gcc-${PP_GCC_VER}-ssp-${PP_VER}.tar.bz2
+		fi
+	fi
+
+	if want_pie ; then
+		if [[ -n ${PIE_CORE} ]] ; then
+			unpack ${PIE_CORE}
+		else
+			unpack gcc-${PIE_GCC_VER}-piepatches-v${PIE_VER}.tar.bz2
+		fi
+	fi
+
+	# pappy@gentoo.org - Fri Oct  1 23:24:39 CEST 2004
+	want_boundschecking && \
+		unpack "bounds-checking-gcc-${HTB_GCC_VER}-${HTB_VER}.patch.bz2"
+
+	popd > /dev/null
+}
+
+# Exclude any unwanted patches, as specified by the following variables:
+#
+#	GENTOO_PATCH_EXCLUDE
+#			List of filenames, relative to ${WORKDIR}/patch/
+#
+#	PIEPATCH_EXCLUDE
+#			List of filenames, relative to ${WORKDIR}/piepatch/
+#
+# Travis Tilley <lv@gentoo.org> (03 Sep 2004)
+#
+exclude_gcc_patches() {
+	local i
+	for i in ${GENTOO_PATCH_EXCLUDE} ; do
+		if [[ -f ${WORKDIR}/patch/${i} ]] ; then
+			einfo "Excluding patch ${i}"
+			rm -f "${WORKDIR}"/patch/${i} || die "failed to delete ${i}"
+		fi
+	done
+	for i in ${PIEPATCH_EXCLUDE} ; do
+		if [[ -f ${WORKDIR}/piepatch/${i} ]] ; then
+			einfo "Excluding piepatch ${i}"
+			rm -f "${WORKDIR}"/piepatch/${i} || die "failed to delete ${i}"
+		fi
+	done
+}
+
+# Try to apply some stub patches so that gcc won't error out when
+# passed parameters like -fstack-protector but no ssp is found
+do_gcc_stub() {
+	local v stub_patch=""
+	for v in ${GCC_RELEASE_VER} ${GCC_BRANCH_VER} ; do
+		stub_patch=${GCC_FILESDIR}/stubs/gcc-${v}-$1-stub.patch
+		if [[ -e ${stub_patch} ]] && ! use vanilla ; then
+			EPATCH_SINGLE_MSG="Applying stub patch for $1 ..." \
+			epatch "${stub_patch}"
+			return 0
+		fi
+	done
+}
+
+do_gcc_HTB_patches() {
+	if ! want_boundschecking || \
+	   (want_ssp && [[ ${HTB_EXCLUSIVE} == "true" ]])
+	then
+		do_gcc_stub htb
+		return 0
+	fi
+
+	# modify the bounds checking patch with a regression patch
+	epatch "${WORKDIR}/bounds-checking-gcc-${HTB_GCC_VER}-${HTB_VER}.patch"
+	release_version="${release_version}, HTB-${HTB_GCC_VER}-${HTB_VER}"
+}
+
+# patch in ProPolice Stack Smashing protection
+do_gcc_SSP_patches() {
+	if ! gcc_has_native_ssp ; then
+		# PARISC has no love ... it's our stack :(
+		if [[ $(tc-arch) == "hppa" ]] || \
+			! want_ssp || \
+			(want_boundschecking && [[ ${HTB_EXCLUSIVE} == "true" ]])
+		then
+			do_gcc_stub ssp
+			return 0
+		fi
+
+		local ssppatch
+		local sspdocs
+
+		if [[ -n ${PP_FVER} ]] ; then
+			# Etoh keeps changing where files are and what the patch is named
+			if tc_version_is_at_least 3.4.1 ; then
+				# >3.4.1 uses version in patch name, and also includes docs
+				ssppatch="${S}/gcc_${PP_VER}.dif"
+				sspdocs="yes"
+			elif tc_version_is_at_least 3.4.0 ; then
+				# >3.4 put files where they belong and 3_4 uses old patch name
+				ssppatch="${S}/protector.dif"
+				sspdocs="no"
+			elif tc_version_is_at_least 3.2.3 ; then
+				# earlier versions have no directory structure or docs
+				mv "${S}"/protector.{c,h} "${S}"/gcc
+				ssppatch="${S}/protector.dif"
+				sspdocs="no"
+			fi
+		else
+			# Just start packaging the damn thing ourselves
+			mv "${WORKDIR}"/ssp/protector.{c,h} "${S}"/gcc/
+			ssppatch=${WORKDIR}/ssp/gcc-${PP_GCC_VER}-ssp.patch
+			# allow boundschecking and ssp to get along
+			(want_boundschecking && [[ -e ${WORKDIR}/ssp/htb-ssp.patch ]]) \
+				&& patch -s "${ssppatch}" "${WORKDIR}"/ssp/htb-ssp.patch
+		fi
+
+		[[ -z ${ssppatch} ]] && die "Sorry, SSP is not supported in this version"
+		epatch ${ssppatch}
+
+		if [[ ${PN} == "gcc" && ${sspdocs} == "no" ]] ; then
+			epatch "${GCC_FILESDIR}"/pro-police-docs.patch
+		fi
+	fi
+
+	# Don't build crtbegin/end with ssp
+	sed -e 's|^CRTSTUFF_CFLAGS = |CRTSTUFF_CFLAGS = -fno-stack-protector |' \
+		-i gcc/Makefile.in || die "Failed to update crtstuff!"
+
+	# if gcc in a stage3 defaults to ssp, is version 3.4.0 and a stage1 is built
+	# the build fails building timevar.o (3.4.x) or ggc-common.o (4.x) w/:
+	# cc1: stack smashing attack in function ix86_split_to_parts()
+	# it fails also on normal update from 3.4.4 to 4.x
+	# this should be moved out of do_GCC_ssp_patches(), because it fails if gcc
+	# is hardened, but we build w/ nossp as well
+	if tc_version_is_at_least 3.4.0 ; then
+		if tc_version_is_at_least 4.0.0 ; then
+			if [[ ${GCCMINOR} -lt 2 ]] ; then
+				epatch "${GCC_FILESDIR}"/4.0.2/gcc-4.0.2-cc1-no-stack-protector.patch
+			else
+				epatch "${GCC_FILESDIR}"/4.2.0/gcc-4.2.0-cc1-no-stack-protector.patch
+			fi
+		else
+			epatch "${GCC_FILESDIR}"/3.4.0/gcc-3.4.0-cc1-no-stack-protector.patch
+		fi
+	fi
+
+	if gcc_has_native_ssp ; then
+		if [[ ${GCCMAJOR}.${GCCMINOR} == 4.0 ]] ; then
+			# Indicate that ssp support is a backport
+			release_version="${release_version}, ssp-4.1-backport"
+		fi
+	else
+		release_version="${release_version}, ssp-${PP_FVER:-${PP_GCC_VER}-${PP_VER}}"
+	fi
+
+	if ! gcc_has_native_ssp ; then
+		if want_libssp ; then
+			update_gcc_for_libssp
+		else
+			update_gcc_for_libc_ssp
+		fi
+	fi
+
+	# Don't build libgcc with ssp
+	sed -e 's|^LIBGCC2_CFLAGS = |LIBGCC2_CFLAGS = -fno-stack-protector |' \
+		-i gcc/Makefile.in || die "Failed to update libgcc2!"
+}
+
+# If glibc or uclibc has been patched to provide the necessary symbols itself,
+# then lets use those for SSP instead of libgcc.
+# Legacy support for ancient gcc-3.x ssp patches.
+update_gcc_for_libc_ssp() {
+	if libc_has_ssp ; then
+		einfo "Updating gcc to use SSP from libc ..."
+		sed -e 's|^LIBGCC2_CFLAGS = |LIBGCC2_CFLAGS = -D_LIBC_PROVIDES_SSP_ |' \
+			-i "${S}"/gcc/Makefile.in || die "Failed to update gcc!"
+	fi
+}
+
+# a split out non-libc non-libgcc ssp requires additional spec logic changes
+# Legacy support for ancient gcc-3.x ssp patches.
+update_gcc_for_libssp() {
+	einfo "Updating gcc to use SSP from libssp..."
+	sed -e 's|^\(INTERNAL_CFLAGS.*\)$|\1 -D_LIBSSP_PROVIDES_SSP_|' \
+		-i "${S}"/gcc/Makefile.in || die "Failed to update gcc!"
+}
+
+fixup_crtstuff_for_nopie() {
+	# First try modifying an existing assignmet; if that fails, insert
+	# a new one.
+	if [[ -f "${S}"/$1 ]]; then
+		if grep -q '^CRTSTUFF_T_CFLAGS =' "${S}"/$1; then
+			sed -e 's/^CRTSTUFF_T_CFLAGS =/CRTSTUFF_T_CFLAGS = -fno-PIE /' \
+				-i "${S}"/$1 ||
+			die "Failed to modify $1 for no-PIE crtstuff"
+		else
+			sed -e '1 iCRTSTUFF_T_CFLAGS = -fno-PIE' \
+				-i "${S}"/$1 ||
+			die "Failed to add to $1 for no-PIE crtstuff"
+		fi
+	fi
+}
+
+# do various updates to PIE logic
+do_gcc_PIE_patches() {
+	local arch
+
+	if ! want_pie || \
+		(want_boundschecking && [[ ${HTB_EXCLUSIVE} == "true" ]])
+	then
+		return 0
+	fi
+
+#	# New multilib approach - drop pie from specs
+#	# x86 and x86_64 only for the moment
+#	sed -e "s:^MULTILIB_OPTIONS = m64/m32$:MULTILIB_OPTIONS = m64/m32 fpie|fPIE:" \
+#		-e 's:^MULTILIB_DIRNAMES = 64 32$:MULTILIB_DIRNAMES = 64 32 pie:' \
+#		-e 's:^MULTILIB_OSDIRNAMES = ../lib64 ../lib$:MULTILIB_OSDIRNAMES = ../lib64 ../lib pie' \
+#		-i "${S}"/gcc/config/i386/t-linux64 ||
+#		die "Failed to fixup x86_64 configuration for hardened multilib"
+#
+#	printf "MULTILIB_OPTIONS = fpie|fPIE\n" >> "${S}"/gcc/config/t-linux
+#	printf "MULTILIB_DIRNAMES = pie\n" >> "${S}"/gcc/config/t-linux
+#	printf "MULTILIB_MATCHES = fpie=fPIE\n" >> "${S}"/gcc/config/t-linux
+#	printf "MULTILIB_OSDIRNAMS = pie\n" >> "${S}"/gcc/config/t-linux
+#
+#	return 0
+
+	want_boundschecking \
+		&& rm -f "${WORKDIR}"/piepatch/*/*-boundschecking-no.patch* \
+		|| rm -f "${WORKDIR}"/piepatch/*/*-boundschecking-yes.patch*
+
+	(use vanilla || [[ -z ${UCLIBC_VER} ]]) && rm -f "${WORKDIR}"/piepatch/*/*uclibc*
+
+	guess_patch_type_in_dir "${WORKDIR}"/piepatch/upstream
+
+	# corrects startfile/endfile selection and shared/static/pie flag usage
+	EPATCH_MULTI_MSG="Applying upstream pie patches ..." \
+	epatch "${WORKDIR}"/piepatch/upstream
+	# adds non-default pie support (rs6000)
+	EPATCH_MULTI_MSG="Applying non-default pie patches ..." \
+	epatch "${WORKDIR}"/piepatch/nondef
+
+#	# Force crt{begin,end}.o to be built normally; for all linux
+#	# If Gentoo/FreeBSD ever want hardened, need to do the same to t-freebsd
+#	# If an arch has t-crtstuff, it'll take precedence over t-linux*.  If the
+#	# arch doesn't have t-crtstuff, try t-linux/t-linux64; then try the
+#	# generic t-linux.
+#	einfo "Fixing up make configuration to build crtstuff properly with pie compiler"
+#	for arch in $(ls -1 "${S}"/gcc/config); do
+#		[[ -d "${S}"/gcc/config/${arch} ]] || continue
+#		fixup_crtstuff_for_nopie gcc/config/${arch}/t-crtstuff
+#		fixup_crtstuff_for_nopie gcc/config/${arch}/t-linux
+#		fixup_crtstuff_for_nopie gcc/config/${arch}/t-linux64
+#	done
+#	fixup_crtstuff_for_nopie gcc/config/t-linux
+#	# powerpc (32) is an exception - it sets CRTSTUFF_T_CFLAGS in t-ppccomm
+#	fixup_crtstuff_for_nopie gcc/config/rs6000/t-ppccomm
+#	# Lastly, rig it in Makefile.in (the last fall-back)
+#	fixup_crtstuff_for_nopie gcc/Makefile.in
+#
+#	# Now fix libgcc.a and friends - add '-fno-PIE' to CFLAGS for the .a's
+#	ed "${S}"/gcc/Makefile.in > /dev/null 2>&1 <<EOF || die "Failed to fixup gcc/Makefile.in for libgcc.a and friends"
+#/libgcc.a:
+#/CFLAGS=
+#s/"/"-fno-PIE /
+#w
+#q
+#EOF
+
+	# adds default pie support (rs6000 too) if DEFAULT_PIE[_SSP] is defined
+	want_minispecs ||
+		EPATCH_MULTI_MSG="Applying default pie patches ..." \
+		epatch "${WORKDIR}"/piepatch/def
+
+	# we want to be able to control the pie patch logic via something other
+	# than ALL_CFLAGS...
+	want_minispecs ||
+		sed -e '/^ALL_CFLAGS/iHARD_CFLAGS = ' \
+			-e 's|^ALL_CFLAGS = |ALL_CFLAGS = $(HARD_CFLAGS) |' \
+			-i "${S}"/gcc/Makefile.in
+
+	release_version="${release_version}, pie-${PIE_VER}"
+}
+
+should_we_gcc_config() {
+	# we only want to switch compilers if installing to / or /tmp/stage1root
+	[[ ${ROOT} == "/" || ${ROOT} == "/tmp/stage1root" ]] || return 1
+
+	# we always want to run gcc-config if we're bootstrapping, otherwise
+	# we might get stuck with the c-only stage1 compiler
+	use bootstrap && return 0
+	use build && return 0
+
+	# if the current config is invalid, we definitely want a new one
+	# Note: due to bash quirkiness, the following must not be 1 line
+	local curr_config
+	curr_config=$(env -i gcc-config -c ${CTARGET} 2>&1) || return 0
+
+	# if the previously selected config has the same major.minor (branch) as
+	# the version we are installing, then it will probably be uninstalled
+	# for being in the same SLOT, make sure we run gcc-config.
+	local curr_config_ver=$(env -i gcc-config -S ${curr_config} | awk '{print $2}')
+
+	local curr_branch_ver=$(get_version_component_range 1-2 ${curr_config_ver})
+
+	# If we're using multislot, just run gcc-config if we're installing
+	# to the same profile as the current one.
+	use multislot && return $([[ ${curr_config_ver} == ${GCC_CONFIG_VER} ]])
+
+	if [[ ${curr_branch_ver} == ${GCC_BRANCH_VER} ]] ; then
+		return 0
+	else
+		# if we're installing a genuinely different compiler version,
+		# we should probably tell the user -how- to switch to the new
+		# gcc version, since we're not going to do it for him/her.
+		# We don't want to switch from say gcc-3.3 to gcc-3.4 right in
+		# the middle of an emerge operation (like an 'emerge -e world'
+		# which could install multiple gcc versions).
+		einfo "The current gcc config appears valid, so it will not be"
+		einfo "automatically switched for you.  If you would like to"
+		einfo "switch to the newly installed gcc version, do the"
+		einfo "following:"
+		echo
+		einfo "gcc-config ${CTARGET}-${GCC_CONFIG_VER}"
+		einfo "source /etc/profile"
+		echo
+		ebeep
+		return 1
+	fi
+}
+
+do_gcc_config() {
+	if ! should_we_gcc_config ; then
+		env -i gcc-config --use-old --force
+		return 0
+	fi
+
+	local current_gcc_config="" current_specs="" use_specs=""
+
+	# We grep out any possible errors
+	current_gcc_config=$(env -i gcc-config -c ${CTARGET} | grep -v '^ ')
+	if [[ -n ${current_gcc_config} ]] ; then
+		# figure out which specs-specific config is active
+		current_specs=$(gcc-config -S ${current_gcc_config} | awk '{print $3}')
+		[[ -n ${current_specs} ]] && use_specs=-${current_specs}
+	fi
+	if [[ -n ${use_specs} ]] && \
+	   [[ ! -e ${ROOT}/etc/env.d/gcc/${CTARGET}-${GCC_CONFIG_VER}${use_specs} ]]
+	then
+		ewarn "The currently selected specs-specific gcc config,"
+		ewarn "${current_specs}, doesn't exist anymore. This is usually"
+		ewarn "due to enabling/disabling hardened or switching to a version"
+		ewarn "of gcc that doesnt create multiple specs files. The default"
+		ewarn "config will be used, and the previous preference forgotten."
+		ebeep
+		epause
+		use_specs=""
+	fi
+
+	gcc-config ${CTARGET}-${GCC_CONFIG_VER}${use_specs}
+}
+
+should_we_eselect_compiler() {
+	# we only want to switch compilers if installing to / or /tmp/stage1root
+	[[ ${ROOT} == "/" || ${ROOT} == "/tmp/stage1root" ]] || return 1
+
+	# we always want to run gcc-config if we're bootstrapping, otherwise
+	# we might get stuck with the c-only stage1 compiler
+	use bootstrap && return 0
+	use build && return 0
+
+	# if the current config is invalid, we definitely want a new one
+	# Note: due to bash quirkiness, the following must not be 1 line
+	local curr_config
+	curr_config=$(env -i eselect compiler show ${CTARGET} 2>&1) || return 0
+	[[ -z ${curr_config} || ${curr_config} == "(none)" ]] && return 0
+
+	# if the previously selected config has the same major.minor (branch) as
+	# the version we are installing, then it will probably be uninstalled
+	# for being in the same SLOT, make sure we run gcc-config.
+	local curr_config_ver=$(echo ${curr_config} | cut -f1 -d/ | awk -F - '{ print $5 }')
+	local curr_branch_ver=$(get_version_component_range 1-2 ${curr_config_ver})
+
+	# If we're using multislot, just run gcc-config if we're installing
+	# to the same profile as the current one.
+	use multislot && return $([[ ${curr_config_ver} == ${GCC_CONFIG_VER} ]])
+
+	if [[ ${curr_branch_ver} == ${GCC_BRANCH_VER} ]] ; then
+		return 0
+	else
+		# if we're installing a genuinely different compiler version,
+		# we should probably tell the user -how- to switch to the new
+		# gcc version, since we're not going to do it for him/her.
+		# We don't want to switch from say gcc-3.3 to gcc-3.4 right in
+		# the middle of an emerge operation (like an 'emerge -e world'
+		# which could install multiple gcc versions).
+		einfo "The current gcc config appears valid, so it will not be"
+		einfo "automatically switched for you.  If you would like to"
+		einfo "switch to the newly installed gcc version, do the"
+		einfo "following:"
+		echo
+		einfo "eselect compiler set <profile>"
+		echo
+		ebeep
+		return 1
+	fi
+}
+
+do_eselect_compiler() {
+	if ! should_we_eselect_compiler; then
+		eselect compiler update
+		return 0
+	fi
+
+	for abi in $(get_all_abis) ; do
+		local ctarget=$(get_abi_CHOST ${abi})
+		local current_specs=$(env -i eselect compiler show ${ctarget} | cut -f2 -d/)
+
+		if [[ -n ${current_specs} && ${current_specs} != "(none)" ]] && eselect compiler set ${CTARGET}-${GCC_CONFIG_VER}/${current_specs} &> /dev/null; then
+			einfo "The following compiler profile has been activated based on your previous profile:"
+			einfo "${CTARGET}-${GCC_CONFIG_VER}/${current_specs}"
+		else
+			# We couldn't choose based on the old specs, so fall back on vanilla/hardened based on USE
+
+			local spec
+			if use hardened ; then
+				spec="hardened"
+			else
+				spec="vanilla"
+			fi
+
+			local profile
+			local isset=0
+			for profile in "${current_specs%-*}-${spec}" "${abi}-${spec}" "${spec}" ; do
+				if eselect compiler set ${CTARGET}-${GCC_CONFIG_VER}/${profile} &> /dev/null ; then
+					ewarn "The newly installed version of gcc does not have a profile that matches the name of your"
+					ewarn "currently selected profile for ${ctarget}, so we have enabled the following instead:"
+					ewarn "${CTARGET}-${GCC_CONFIG_VER}/${profile}"
+					ewarn "If this is incorrect, please use 'eselect compiler set' to"
+					ewarn "select another profile."
+
+					isset=1
+					break
+				fi
+			done
+
+			if [[ ${isset} == 0 ]] ; then
+				eerror "We were not able to automatically set the current compiler for ${ctarget}"
+				eerror "to your newly emerged gcc.  Please use 'eselect compiler set'"
+				eerror "to select your compiler."
+			fi
+		fi
+	done
+}
+
+# This function allows us to gentoo-ize gcc's version number and bugzilla
+# URL without needing to use patches.
+#
+# Travis Tilley <lv@gentoo.org> (02 Sep 2004)
+#
+gcc_version_patch() {
+	[[ -z $1 ]] && die "no arguments to gcc_version_patch"
+
+	if grep -qs VERSUFFIX "${S}"/gcc/version.c ; then
+		sed -i -e "s~VERSUFFIX \"\"~VERSUFFIX \" ($2)\"~" \
+			"${S}"/gcc/version.c || die "failed to update VERSUFFIX with Gentoo branding"
+	else
+		version_string="$1 ($2)"
+		sed -i -e "s~\(const char version_string\[\] = \"\).*\(\".*\)~\1$version_string\2~" \
+			"${S}"/gcc/version.c || die "failed to update version.c with Gentoo branding."
+	fi
+	sed -i -e 's~gcc\.gnu\.org\/bugs\.html~bugs\.gentoo\.org\/~' \
+		"${S}"/gcc/version.c || die "Failed to change the bug URL"
+}
+
+# The purpose of this DISGUSTING gcc multilib hack is to allow 64bit libs
+# to live in lib instead of lib64 where they belong, with 32bit libraries
+# in lib32. This hack has been around since the beginning of the amd64 port,
+# and we're only now starting to fix everything that's broken. Eventually
+# this should go away.
+#
+# Travis Tilley <lv@gentoo.org> (03 Sep 2004)
+#
+disgusting_gcc_multilib_HACK() {
+	local config
+	local libdirs
+	if has_multilib_profile ; then
+		case $(tc-arch) in
+			amd64)
+				config="i386/t-linux64"
+				libdirs="../$(get_abi_LIBDIR amd64) ../$(get_abi_LIBDIR x86)" \
+			;;
+			ppc64)
+				config="rs6000/t-linux64"
+				libdirs="../$(get_abi_LIBDIR ppc64) ../$(get_abi_LIBDIR ppc)" \
+			;;
+		esac
+	else
+		# Remove this hunk when amd64's 2004.3 is purged from portage.
+		use amd64 || die "Your profile is no longer supported by portage."
+		config="i386/t-linux64"
+		libdirs="../$(get_libdir) ../$(get_multilibdir)"
+	fi
+
+	einfo "updating multilib directories to be: ${libdirs}"
+	sed -i -e "s:^MULTILIB_OSDIRNAMES.*:MULTILIB_OSDIRNAMES = ${libdirs}:" "${S}"/gcc/config/${config}
+}
+
+disable_multilib_libjava() {
+	if is_gcj ; then
+		# We dont want a multilib libjava, so lets use this hack taken from fedora
+		pushd "${S}" > /dev/null
+		sed -i -e 's/^all: all-redirect/ifeq (\$(MULTISUBDIR),)\nall: all-redirect\nelse\nall:\n\techo Multilib libjava build disabled\nendif/' libjava/Makefile.in
+		sed -i -e 's/^install: install-redirect/ifeq (\$(MULTISUBDIR),)\ninstall: install-redirect\nelse\ninstall:\n\techo Multilib libjava install disabled\nendif/' libjava/Makefile.in
+		sed -i -e 's/^check: check-redirect/ifeq (\$(MULTISUBDIR),)\ncheck: check-redirect\nelse\ncheck:\n\techo Multilib libjava check disabled\nendif/' libjava/Makefile.in
+		sed -i -e 's/^all: all-recursive/ifeq (\$(MULTISUBDIR),)\nall: all-recursive\nelse\nall:\n\techo Multilib libjava build disabled\nendif/' libjava/Makefile.in
+		sed -i -e 's/^install: install-recursive/ifeq (\$(MULTISUBDIR),)\ninstall: install-recursive\nelse\ninstall:\n\techo Multilib libjava install disabled\nendif/' libjava/Makefile.in
+		sed -i -e 's/^check: check-recursive/ifeq (\$(MULTISUBDIR),)\ncheck: check-recursive\nelse\ncheck:\n\techo Multilib libjava check disabled\nendif/' libjava/Makefile.in
+		popd > /dev/null
+	fi
+}
+
+fix_libtool_libdir_paths() {
+	local dirpath
+	for archive in $* ; do
+		dirpath=$(dirname ${archive} | sed -e "s:^${D}::")
+		sed -i ${archive} -e "s:^libdir.*:libdir=\'${dirpath}\':"
+	done
+}
+
+is_multilib() {
+	[[ ${GCCMAJOR} < 3 ]] && return 1
+	case ${CTARGET} in
+		i[345a76]86*|mips64*|powerpc64*|s390x*|sparc64*|x86_64*)
+			has_multilib_profile || use multilib ;;
+		*)	false ;;
+	esac
+}
+
+is_cxx() {
+	gcc-lang-supported 'c++' || return 1
+	use build && return 1
+	! use nocxx
+}
+
+is_f77() {
+	gcc-lang-supported f77 || return 1
+	use build && return 1
+	use fortran
+}
+
+is_f95() {
+	gcc-lang-supported f95 || return 1
+	use build && return 1
+	use fortran
+}
+
+is_fortran() {
+	gcc-lang-supported fortran || return 1
+	use build && return 1
+	use fortran
+}
+
+is_gcj() {
+	gcc-lang-supported java || return 1
+	use build && return 1
+	use gcj
+}
+
+is_objc() {
+	gcc-lang-supported objc || return 1
+	use build && return 1
+	use objc
+}
+
+is_objcxx() {
+	gcc-lang-supported 'obj-c++' || return 1
+	use build && return 1
+	use objc++
+}
+
+is_ada() {
+	gcc-lang-supported ada || return 1
+	use build && return 1
+	use ada
+}
diff --git a/hardened/toolchain/branches/gcc-glibc-nopie/sys-devel/gcc/Manifest b/hardened/toolchain/branches/gcc-glibc-nopie/sys-devel/gcc/Manifest
new file mode 100644
index 0000000..5e4aaf1
--- /dev/null
+++ b/hardened/toolchain/branches/gcc-glibc-nopie/sys-devel/gcc/Manifest
@@ -0,0 +1,164 @@
+AUX 3.4.0/gcc-3.4.0-cc1-no-stack-protector.patch 563 RMD160 8d78b1270682050dd6e778e8d37aa0fa1cdd6fca SHA1 9be76babe84c50d2bbe8d0ce4e6ffa9c59264970 SHA256 abf20019827d50b4e4fa6bd27803083930a79a31ba7392ddf4fa3fcb5a2aee42
+MD5 17b3190d64e34ed7709d022b326d08ae files/3.4.0/gcc-3.4.0-cc1-no-stack-protector.patch 563
+RMD160 8d78b1270682050dd6e778e8d37aa0fa1cdd6fca files/3.4.0/gcc-3.4.0-cc1-no-stack-protector.patch 563
+SHA256 abf20019827d50b4e4fa6bd27803083930a79a31ba7392ddf4fa3fcb5a2aee42 files/3.4.0/gcc-3.4.0-cc1-no-stack-protector.patch 563
+AUX 3.4.1/gcc-3.4.1-mips-n32only.patch 614 RMD160 a629e12dc99f1bcbea60bc69eee5c3ffb7be8ddc SHA1 509b17d58acc232de7ef64666bccfb083638d3e5 SHA256 f75cbf7aab59b73f23f2a6b327f9c00bfa87f38a67a054c4aa5637dcbb8dad1e
+MD5 7cb2138ac2df6f8674d19974e966a45b files/3.4.1/gcc-3.4.1-mips-n32only.patch 614
+RMD160 a629e12dc99f1bcbea60bc69eee5c3ffb7be8ddc files/3.4.1/gcc-3.4.1-mips-n32only.patch 614
+SHA256 f75cbf7aab59b73f23f2a6b327f9c00bfa87f38a67a054c4aa5637dcbb8dad1e files/3.4.1/gcc-3.4.1-mips-n32only.patch 614
+AUX 3.4.1/gcc-3.4.1-mips-n64only.patch 614 RMD160 dae00afd5ffd41e0a66a0e42e778098b25fc6303 SHA1 31d5c6f6447beb3587b6b99142e77db80a16f948 SHA256 4e94950bdaec5d089af8a60471e75dd1bf117a2eff9867aa95ebc7800dcdb6c7
+MD5 aa8e15a63d797df37bbd4e489ed0267f files/3.4.1/gcc-3.4.1-mips-n64only.patch 614
+RMD160 dae00afd5ffd41e0a66a0e42e778098b25fc6303 files/3.4.1/gcc-3.4.1-mips-n64only.patch 614
+SHA256 4e94950bdaec5d089af8a60471e75dd1bf117a2eff9867aa95ebc7800dcdb6c7 files/3.4.1/gcc-3.4.1-mips-n64only.patch 614
+AUX 3.4.2/gcc-3.4.2-mips-ip28_cache_barriers-v4.patch 12951 RMD160 fa7caaf9b41ed22ed5ccb1649c693248895ec3fb SHA1 cc60d62597865fef56844bc3e92640f2c64a98db SHA256 8cef3779bc962b9a9c20daabea28791514b6f54824659e2f5824c493cdc3f6c7
+MD5 d49acaf7a8dc1f939f4d05cee97ac3a5 files/3.4.2/gcc-3.4.2-mips-ip28_cache_barriers-v4.patch 12951
+RMD160 fa7caaf9b41ed22ed5ccb1649c693248895ec3fb files/3.4.2/gcc-3.4.2-mips-ip28_cache_barriers-v4.patch 12951
+SHA256 8cef3779bc962b9a9c20daabea28791514b6f54824659e2f5824c493cdc3f6c7 files/3.4.2/gcc-3.4.2-mips-ip28_cache_barriers-v4.patch 12951
+AUX 3.4.2/gcc-3.4.x-mips-add-march-r10k.patch 14248 RMD160 25f72003b241836ec3e08ae4108a39b0ffd9b170 SHA1 abc47bce08334eafc65d167cfdbaaa0c68663248 SHA256 10d6947954f03145d8ac16f497826cf25583d37f0e1e63b9df1a33d91f59e2c8
+MD5 b2922cfe76692e7d2b373a0a255f405e files/3.4.2/gcc-3.4.x-mips-add-march-r10k.patch 14248
+RMD160 25f72003b241836ec3e08ae4108a39b0ffd9b170 files/3.4.2/gcc-3.4.x-mips-add-march-r10k.patch 14248
+SHA256 10d6947954f03145d8ac16f497826cf25583d37f0e1e63b9df1a33d91f59e2c8 files/3.4.2/gcc-3.4.x-mips-add-march-r10k.patch 14248
+AUX 3.4.3/libffi-nogcj-lib-path-fix.patch 1691 RMD160 d3a9c9af4972232cd58986ad1d91fed0291c67ca SHA1 69c5a1aea1e5328c73aad52dd1f302c63b84390f SHA256 030e2c9f31b325ea975792bdfee88272d1065b8794511410dc30bd2caf8b3451
+MD5 3f6d070c2a4a899e7d879fdb55eecba4 files/3.4.3/libffi-nogcj-lib-path-fix.patch 1691
+RMD160 d3a9c9af4972232cd58986ad1d91fed0291c67ca files/3.4.3/libffi-nogcj-lib-path-fix.patch 1691
+SHA256 030e2c9f31b325ea975792bdfee88272d1065b8794511410dc30bd2caf8b3451 files/3.4.3/libffi-nogcj-lib-path-fix.patch 1691
+AUX 3.4.3/libffi-without-libgcj.patch 1658 RMD160 b0911c754cf76bff624dd9a572e2a5a30a5a2283 SHA1 1242b5b5c3ca07a399379d8378406715b7e12ebc SHA256 41fd051cc16b61da4abf4f696f13b8b574fce76c65d1a731de3dd0d39f335037
+MD5 007c62d92efd70fd44c4d2e6a326036b files/3.4.3/libffi-without-libgcj.patch 1658
+RMD160 b0911c754cf76bff624dd9a572e2a5a30a5a2283 files/3.4.3/libffi-without-libgcj.patch 1658
+SHA256 41fd051cc16b61da4abf4f696f13b8b574fce76c65d1a731de3dd0d39f335037 files/3.4.3/libffi-without-libgcj.patch 1658
+AUX 3.4.3/libssp.patch 2029 RMD160 583053708d359d2aa5f0889bd3da91c4a2a32b0e SHA1 6acc8424d4580d2eba4e08dfd9f86d04261119cd SHA256 bab3ad94911d856fa8abd1d69b89cd4b478d2697acc1b596e83bd05e6b0d1f54
+MD5 7434140298091f759eba5e9706264130 files/3.4.3/libssp.patch 2029
+RMD160 583053708d359d2aa5f0889bd3da91c4a2a32b0e files/3.4.3/libssp.patch 2029
+SHA256 bab3ad94911d856fa8abd1d69b89cd4b478d2697acc1b596e83bd05e6b0d1f54 files/3.4.3/libssp.patch 2029
+AUX 3.4.4/gcc-3.4.4-cross-compile.patch 1912 RMD160 40c62da68d62326bc77f0ce37d163314f095576b SHA1 53ab64bbad7b5fdad4479f3b8a3e124cbe7b437f SHA256 f8bc4cb8cc012f40f9a988ed8344e9e75df5cb3714d98a2eb19e5320e32c7724
+MD5 520c8e6799b5c4bff0fdcb81e81fbe88 files/3.4.4/gcc-3.4.4-cross-compile.patch 1912
+RMD160 40c62da68d62326bc77f0ce37d163314f095576b files/3.4.4/gcc-3.4.4-cross-compile.patch 1912
+SHA256 f8bc4cb8cc012f40f9a988ed8344e9e75df5cb3714d98a2eb19e5320e32c7724 files/3.4.4/gcc-3.4.4-cross-compile.patch 1912
+AUX 3.4.4/gcc-3.4.4-softfloat.patch 5242 RMD160 7607a94c3bbb599704153bb0041f369abff4a5f4 SHA1 e0fdef7851bce8f1958d49c2af0d62e5a46409e7 SHA256 fd4bf1bf8e78e2c7f041866594351be359341db876d81c0e9ad089db8e84a516
+MD5 2c355d808b490994c6566b10f3c0ba27 files/3.4.4/gcc-3.4.4-softfloat.patch 5242
+RMD160 7607a94c3bbb599704153bb0041f369abff4a5f4 files/3.4.4/gcc-3.4.4-softfloat.patch 5242
+SHA256 fd4bf1bf8e78e2c7f041866594351be359341db876d81c0e9ad089db8e84a516 files/3.4.4/gcc-3.4.4-softfloat.patch 5242
+AUX 4.0.2/gcc-4.0.2-cc1-no-stack-protector.patch 482 RMD160 d72d1b8687490bf5517c0f24b4d7d578069a7201 SHA1 1aa636426ccbda7399dc521600eb6074ae0da18c SHA256 539c869a6f840a1322da0da825b0dfb45d968b04ccc7ac23c5c6cc3dd78b96b9
+MD5 24e6c277b836127491ce8f7e7f03f790 files/4.0.2/gcc-4.0.2-cc1-no-stack-protector.patch 482
+RMD160 d72d1b8687490bf5517c0f24b4d7d578069a7201 files/4.0.2/gcc-4.0.2-cc1-no-stack-protector.patch 482
+SHA256 539c869a6f840a1322da0da825b0dfb45d968b04ccc7ac23c5c6cc3dd78b96b9 files/4.0.2/gcc-4.0.2-cc1-no-stack-protector.patch 482
+AUX 4.0.2/gcc-4.0.2-softfloat.patch 2790 RMD160 c5ad6efdacf01b128db4a1226e254af6f2789330 SHA1 d99d6f940a42be9576195eb851261d3a208b705b SHA256 1525a48bd087c0f0d89db128a16ee106252daf7bf34ffb45867d30f6c452de2c
+MD5 51eab04de222aa60204d6c3a23f0c3d2 files/4.0.2/gcc-4.0.2-softfloat.patch 2790
+RMD160 c5ad6efdacf01b128db4a1226e254af6f2789330 files/4.0.2/gcc-4.0.2-softfloat.patch 2790
+SHA256 1525a48bd087c0f0d89db128a16ee106252daf7bf34ffb45867d30f6c452de2c files/4.0.2/gcc-4.0.2-softfloat.patch 2790
+AUX 4.1.0/gcc-4.1.0-cross-compile.patch 1134 RMD160 70d7ba1cf19700597b812a08c7dcd72633a25c2a SHA1 d016b84010d2cd049d8974a8fcc1dae02e043d3d SHA256 8ee57285151659793df88e025f1225b401a0c805bfc8d1685e04ef75393a24ab
+MD5 6b71690a4a020aa0604a1f8fad21151b files/4.1.0/gcc-4.1.0-cross-compile.patch 1134
+RMD160 70d7ba1cf19700597b812a08c7dcd72633a25c2a files/4.1.0/gcc-4.1.0-cross-compile.patch 1134
+SHA256 8ee57285151659793df88e025f1225b401a0c805bfc8d1685e04ef75393a24ab files/4.1.0/gcc-4.1.0-cross-compile.patch 1134
+AUX 4.1.0/gcc-4.1.0-fast-math-i386-Os-workaround.patch 1686 RMD160 420e02e85e261759154daf5e3c149344be57af76 SHA1 3f56dce71bf57de5abd4ed7f5549e80946ca3df3 SHA256 7547293b945808f63b70aafed644a43c99e19f82aaf1d2f2df8502d87ab3f01d
+MD5 ab66a2c85bc3324fe4f0729927f63072 files/4.1.0/gcc-4.1.0-fast-math-i386-Os-workaround.patch 1686
+RMD160 420e02e85e261759154daf5e3c149344be57af76 files/4.1.0/gcc-4.1.0-fast-math-i386-Os-workaround.patch 1686
+SHA256 7547293b945808f63b70aafed644a43c99e19f82aaf1d2f2df8502d87ab3f01d files/4.1.0/gcc-4.1.0-fast-math-i386-Os-workaround.patch 1686
+AUX awk/fixlafiles.awk 7865 RMD160 6283a91bfa309a91f46cbff3c1c4f0d848312ba4 SHA1 0bd923243492496eceb8ec1407ed9f4ac5ad8c1a SHA256 9fccd7f4ee7170a8f05d21777974efc3f23072f501cb7d2a8e9eeea15e541249
+MD5 fed3620378df7a876d6709ddf3f7bbec files/awk/fixlafiles.awk 7865
+RMD160 6283a91bfa309a91f46cbff3c1c4f0d848312ba4 files/awk/fixlafiles.awk 7865
+SHA256 9fccd7f4ee7170a8f05d21777974efc3f23072f501cb7d2a8e9eeea15e541249 files/awk/fixlafiles.awk 7865
+AUX awk/fixlafiles.awk-no_gcc_la 8614 RMD160 b2eac0355af83ea2fee02222d1179b23d062ddc2 SHA1 b65717ce21049ba04a4628ceeb662f69797ada40 SHA256 98e1e669906bd5928b695fdcfbf8e56618f12ce9311d31ce1b11dff68d35bb6f
+MD5 44266957a734b05646b0abd91f2aa055 files/awk/fixlafiles.awk-no_gcc_la 8614
+RMD160 b2eac0355af83ea2fee02222d1179b23d062ddc2 files/awk/fixlafiles.awk-no_gcc_la 8614
+SHA256 98e1e669906bd5928b695fdcfbf8e56618f12ce9311d31ce1b11dff68d35bb6f files/awk/fixlafiles.awk-no_gcc_la 8614
+AUX c89 428 RMD160 1030ea2af20b5bb4c2b07668230b3e752ddab035 SHA1 c70119483d984a7c2300947679663fffd5df1419 SHA256 999b40b67f690638f601d76b756d529dd40a4325f42dfd9fd2e629ad0a91947c
+MD5 ddef29c39d1a5d5ac6a5380627309ad5 files/c89 428
+RMD160 1030ea2af20b5bb4c2b07668230b3e752ddab035 files/c89 428
+SHA256 999b40b67f690638f601d76b756d529dd40a4325f42dfd9fd2e629ad0a91947c files/c89 428
+AUX c99 451 RMD160 b0e058d8ad3e2eac5f0e7b6e85583de5b1c4be93 SHA1 939df3f67e73790ae785fddb86a41b3dcf87686a SHA256 474357dd9ce161b6db3ce88a5c0bd1e536a0f40d66a86894d48abe30226ee193
+MD5 b397ff885850ebf98a36fc0b877becbb files/c99 451
+RMD160 b0e058d8ad3e2eac5f0e7b6e85583de5b1c4be93 files/c99 451
+SHA256 474357dd9ce161b6db3ce88a5c0bd1e536a0f40d66a86894d48abe30226ee193 files/c99 451
+AUX fix_libtool_files.sh 1712 RMD160 01788fd6927a9f7bba4a01ec133d6f3494644fe9 SHA1 157be8228ac7338991ae4461ccd3cea7a702565a SHA256 6b47fb8fa34920ca9ccb449396b25205ad8fe307c869a50e5c4442971e8d4d15
+MD5 1acd56209164ab837c5f91723434464e files/fix_libtool_files.sh 1712
+RMD160 01788fd6927a9f7bba4a01ec133d6f3494644fe9 files/fix_libtool_files.sh 1712
+SHA256 6b47fb8fa34920ca9ccb449396b25205ad8fe307c869a50e5c4442971e8d4d15 files/fix_libtool_files.sh 1712
+AUX gcc-spec-env.patch 1478 RMD160 c3b9071296dbb7a37901714ef4db75bf04211381 SHA1 1f3cd57bab7187947d244ca843b7bd485f72c633 SHA256 167f2a1994c51c1c82d62943fb214f13540859dc89fe578632f3b60daf79c289
+MD5 c4045bfa85d8be780affd465be9d8ca8 files/gcc-spec-env.patch 1478
+RMD160 c3b9071296dbb7a37901714ef4db75bf04211381 files/gcc-spec-env.patch 1478
+SHA256 167f2a1994c51c1c82d62943fb214f13540859dc89fe578632f3b60daf79c289 files/gcc-spec-env.patch 1478
+AUX specs/hardened.specs 112 RMD160 172523bc2abfbefc4885fa2e61b9a9a78de9f2a2 SHA1 d582fc41e20fa0c5d1cc80025ea9af274d1c3d62 SHA256 44fc655762ca35c93c8d9b7259191c525a8c096d9fa76a69d8a62afd6a26916a
+MD5 764f3706b9e287900b2cd5aadee2fc14 files/specs/hardened.specs 112
+RMD160 172523bc2abfbefc4885fa2e61b9a9a78de9f2a2 files/specs/hardened.specs 112
+SHA256 44fc655762ca35c93c8d9b7259191c525a8c096d9fa76a69d8a62afd6a26916a files/specs/hardened.specs 112
+AUX specs/hardenednopie.specs 114 RMD160 23bf3e56f372423221f56d916c7e3de75b8ad466 SHA1 087b160481e0ed4a3f0f77ca3ce285f9175a75de SHA256 b0cde68b9031579aa8c4ac7089f9c543b7198ba5831aefcb35bff5be037733be
+MD5 3d2fbf8941bd3f404e29a6ad46832fe4 files/specs/hardenednopie.specs 114
+RMD160 23bf3e56f372423221f56d916c7e3de75b8ad466 files/specs/hardenednopie.specs 114
+SHA256 b0cde68b9031579aa8c4ac7089f9c543b7198ba5831aefcb35bff5be037733be files/specs/hardenednopie.specs 114
+AUX specs/hardenednopiessp.specs 118 RMD160 61e4e32936277471f9d24cb18cc60d31d2f53d76 SHA1 76ac43ca50f9d18dcaf478c17ce2b451f3b5d085 SHA256 457bd3a41d6fd10a896a716745bba0f48a198aaa9f0f763b9815d40141f2795b
+MD5 29b5dc1e06a3b8b629862ebf635b8058 files/specs/hardenednopiessp.specs 118
+RMD160 61e4e32936277471f9d24cb18cc60d31d2f53d76 files/specs/hardenednopiessp.specs 118
+SHA256 457bd3a41d6fd10a896a716745bba0f48a198aaa9f0f763b9815d40141f2795b files/specs/hardenednopiessp.specs 118
+AUX specs/hardenednossp.specs 116 RMD160 0fd5bbbe6c9e784b9070956015a2306cf07803de SHA1 f9a8207f558bcbbb4c3dbb607dce81dafd8f7613 SHA256 d9abfc087b8d1bdcf5ef221dc1f47ea0e698dcae28333c92f1d2c08114f5b208
+MD5 666d4e67ea95513920dd44aff7537f61 files/specs/hardenednossp.specs 116
+RMD160 0fd5bbbe6c9e784b9070956015a2306cf07803de files/specs/hardenednossp.specs 116
+SHA256 d9abfc087b8d1bdcf5ef221dc1f47ea0e698dcae28333c92f1d2c08114f5b208 files/specs/hardenednossp.specs 116
+AUX specs/nopie.specs 213 RMD160 5bcf6b335dbef37bc4e847bb5bb6ecbbcdbf6b92 SHA1 5278b37ac0702c37db5b136898d082ce5574d066 SHA256 3595be07eafc907520d9489c50cab525c51e0201f11fe15d53ff26f658e175fa
+MD5 d34eedf353096764f57ce16888b51926 files/specs/nopie.specs 213
+RMD160 5bcf6b335dbef37bc4e847bb5bb6ecbbcdbf6b92 files/specs/nopie.specs 213
+SHA256 3595be07eafc907520d9489c50cab525c51e0201f11fe15d53ff26f658e175fa files/specs/nopie.specs 213
+AUX specs/nossp.specs 12 RMD160 d3b3142906d9599281d90c17d01d10827ee0e7e4 SHA1 295be72021ee86e40dde675cfb0c8cbc7a75df75 SHA256 18983fbe4692384776029f16a573752882c1e42dab90afc75f5afbc994cc967c
+MD5 5fbdcc1af84f9fca8a18bd2bfbc0122b files/specs/nossp.specs 12
+RMD160 d3b3142906d9599281d90c17d01d10827ee0e7e4 files/specs/nossp.specs 12
+SHA256 18983fbe4692384776029f16a573752882c1e42dab90afc75f5afbc994cc967c files/specs/nossp.specs 12
+AUX specs/nosspall.specs 16 RMD160 c34fc3e2f71b2b1dcad9bc85b5f41e1b310c16b5 SHA1 b488967318bc4cdf7853de70f636557bc15d01b3 SHA256 2773fbfa69b95e0d904514d303aa3bd2b7f7d821d45af80a5b98ec552f7b00e8
+MD5 57d8390f031831d02f599d570994b605 files/specs/nosspall.specs 16
+RMD160 c34fc3e2f71b2b1dcad9bc85b5f41e1b310c16b5 files/specs/nosspall.specs 16
+SHA256 2773fbfa69b95e0d904514d303aa3bd2b7f7d821d45af80a5b98ec552f7b00e8 files/specs/nosspall.specs 16
+AUX specs/noznow.specs 22 RMD160 3391d96ce3f1700692c357b20efaabafb4d5e2b2 SHA1 a74ce341c84bfddac1d8244a201ab31fc092fd8f SHA256 2cbbfd6686e5dc3683c56b059a2e0bd4cb2ee557ff466578aeb22c5d7a0b5996
+MD5 1032edd5469a7f7ad4fc8cc7001f2e75 files/specs/noznow.specs 22
+RMD160 3391d96ce3f1700692c357b20efaabafb4d5e2b2 files/specs/noznow.specs 22
+SHA256 2cbbfd6686e5dc3683c56b059a2e0bd4cb2ee557ff466578aeb22c5d7a0b5996 files/specs/noznow.specs 22
+AUX specs/nozrelro.specs 26 RMD160 e2262ae761f699fc682536fa419a20de8e7c6096 SHA1 d12fef26f2ca9f145f46db01f38a5102095b0cbc SHA256 a01b894e420761f5620eb050200e925a69d5e22b5fb9d34a6dbd1b5ef3e2021f
+MD5 3d7e9e4e50ca5244e15fecbe59aa6bb8 files/specs/nozrelro.specs 26
+RMD160 e2262ae761f699fc682536fa419a20de8e7c6096 files/specs/nozrelro.specs 26
+SHA256 a01b894e420761f5620eb050200e925a69d5e22b5fb9d34a6dbd1b5ef3e2021f files/specs/nozrelro.specs 26
+AUX specs/pie.specs 750 RMD160 d185a98beff101912250f2a4f086f70098af8dd7 SHA1 5759aa1a7a3c5f242c7f274d51811ae9432273c7 SHA256 d74e3200c450d3ffbeae6b63a8464fb6d160dc11ac50f0ad1e90efe975f953b6
+MD5 b66d131ce925f921806321384569b269 files/specs/pie.specs 750
+RMD160 d185a98beff101912250f2a4f086f70098af8dd7 files/specs/pie.specs 750
+SHA256 d74e3200c450d3ffbeae6b63a8464fb6d160dc11ac50f0ad1e90efe975f953b6 files/specs/pie.specs 750
+AUX specs/ssp.specs 148 RMD160 0e1a23ec7c9b6be5687d620fe4c93acb532b5c3c SHA1 7f3739c35c84df458c37d3355ddf50f746bddf1f SHA256 24dddc1260d89411294c60f3464c3b3aa14b8e7f81157a03cdf40d53cb97590a
+MD5 2bf1f08a7e56492b19340fffd7e7a3fd files/specs/ssp.specs 148
+RMD160 0e1a23ec7c9b6be5687d620fe4c93acb532b5c3c files/specs/ssp.specs 148
+SHA256 24dddc1260d89411294c60f3464c3b3aa14b8e7f81157a03cdf40d53cb97590a files/specs/ssp.specs 148
+AUX specs/sspall.specs 65 RMD160 532a77d6f1f86e99b605d76030955450dd458822 SHA1 d04aed2b137292481c2589b2d1bb75e17e726468 SHA256 4ed9dd1c6dfdbaf0828f962ab6249747db6b40bb5be10b33a3ef2b6d262748cc
+MD5 8b13a5ac8728ea9aca9efe3b4cccfaa8 files/specs/sspall.specs 65
+RMD160 532a77d6f1f86e99b605d76030955450dd458822 files/specs/sspall.specs 65
+SHA256 4ed9dd1c6dfdbaf0828f962ab6249747db6b40bb5be10b33a3ef2b6d262748cc files/specs/sspall.specs 65
+AUX specs/vanilla.specs 122 RMD160 d990eb44465510ba55c18fd915d3ab7f9c6f4868 SHA1 459710093610f2c8939507205d9b509b15d4f0c1 SHA256 e7da2a47413a5584900da19b2a89946c3ca4183d46c7af928e50b0052372c01e
+MD5 80ebe9ed2c3fa445f1b0ff76a5e272ee files/specs/vanilla.specs 122
+RMD160 d990eb44465510ba55c18fd915d3ab7f9c6f4868 files/specs/vanilla.specs 122
+SHA256 e7da2a47413a5584900da19b2a89946c3ca4183d46c7af928e50b0052372c01e files/specs/vanilla.specs 122
+AUX specs/znow.specs 29 RMD160 4bbdef1b9adcad566805d3c9b56915b9abb9aaa3 SHA1 fe917e6c54a62ea8a5cb70b0dda6bd6f29b45650 SHA256 995e2a8366dc21db7ead9d8d060be81b812c82ca9c3d772f6c4d80931612f038
+MD5 7bf3f07d91ba8af18258e94b7a08d762 files/specs/znow.specs 29
+RMD160 4bbdef1b9adcad566805d3c9b56915b9abb9aaa3 files/specs/znow.specs 29
+SHA256 995e2a8366dc21db7ead9d8d060be81b812c82ca9c3d772f6c4d80931612f038 files/specs/znow.specs 29
+AUX specs/zrelro.specs 35 RMD160 6b35cd93db30848afc9721dbac2e43b218bc32c7 SHA1 a62078ba0b3b8940409fb7fc510809ebc1ae05a6 SHA256 43e48d9f5f0b99db15bfae2eb0ab2625eaa9a3a8d3d6caf7ca3ac313059f62a4
+MD5 8199831a779335e195f452c133d62eb9 files/specs/zrelro.specs 35
+RMD160 6b35cd93db30848afc9721dbac2e43b218bc32c7 files/specs/zrelro.specs 35
+SHA256 43e48d9f5f0b99db15bfae2eb0ab2625eaa9a3a8d3d6caf7ca3ac313059f62a4 files/specs/zrelro.specs 35
+DIST bounds-checking-gcc-3.4.4-1.00.patch.bz2 815608 RMD160 b5e1d4716a5ab881b5d7742bb6650e0492edce93 SHA1 dad2fea0818e8361eba78ad01020769067cd9c3f SHA256 a29adc9260071f5928f2e491803b73117ee176e4b19b56ce421aa3ca461370b2
+DIST gcc-3.4.5-uclibc-patches-1.1.tar.bz2 70923 RMD160 89e42889420fbab22e418261d248a89ee2bbbe9b SHA1 ee30203bd1528057b7639a7186adc16fbbabf206 SHA256 5b92fac2afe835a127976fdb6602fb5628cf28e67dd19e8289768a3bb8631ec2
+DIST gcc-3.4.6-patches-1.2.tar.bz2 54757 RMD160 d4e1240b9e45b7661b7f8bf4f57bb2c9cac17686 SHA1 be5868d0ba17d0d8952cda5a82064aaca9168cb3 SHA256 43253a8defa6111bd6f107178cc46f425ec81efe0eb26b730c11c422a4d4de26
+DIST gcc-3.4.6-piepatches-v9.0.5.tar.bz2 6723 RMD160 eada7d8d45d9cc1e4547fe16e481c3ca41c8e600 SHA1 9c5dabec7c7b6c3bd58820ed187d22f56307dc85 SHA256 9298df21e95e5c97aa812be4c8d9dd14704cc4578b9d59e25146ab8c9095599e
+DIST gcc-3.4.6-ssp-1.0.tar.bz2 34468 RMD160 0f668e3ffc08297b5ebe3d5cbb9575426008e096 SHA1 d5c6634632b340657e416ecd2ab5b43048c75c23 SHA256 27ff25099ca8617fe2a76cf8ea06acaab39cff9eb91ef64c84971ba324a664e9
+DIST gcc-3.4.6.tar.bz2 28193401 RMD160 b15003368cedc7964f6ceaee0c39ddc43a46c442 SHA1 97b290fdc572c8e490b3b39f243e69bacad23c2b SHA256 7791a601878b765669022b8b3409fba33cc72f9e39340fec8af6d0e6f72dec39
+DIST gcc-4.1.1-patches-1.9.tar.bz2 51152 RMD160 4e9c774c23e5fe96be60de897fee7c3a5a51d942 SHA1 13326fc922d983c4496a0e23d780d04258169863 SHA256 b7d84e319b8cceaa087fa2095f6dbfba34109c7d422ae588d43e2fff41324591
+DIST gcc-4.1.1-piepatches-v9.0.6.tar.bz2 5120 RMD160 7bf6af65708c1633c65beec17bb003d040fe97ad SHA1 44d9675b3df9a9fdb2e06a6dc3b1434108494d6c SHA256 57d82883facc411591c405ff68553c20fe7813df8eca5ede67ca52eb663522c1
+DIST gcc-4.1.1-uclibc-patches-1.1.tar.bz2 20981 RMD160 ca12459f3ec8ee8a9dc5c260bea4bb20d6a80a65 SHA1 c004fbace98a1159115a81f0b733a4a248b2d096 SHA256 f97cf0f9fe52a529b41a78bb5d0d57899805fae00c3e7b2dff87c8192195b6f3
+DIST gcc-4.1.1.tar.bz2 39172003 RMD160 0edeac242d900b075a7e36796380492b5b3c8564 SHA1 a398b95d38b6e35f4c4e02c34c0a3bff79811f8f SHA256 985cbb23a486570a8783395a42a8689218f5218a0ccdd6bec590eef341367bb7
+EBUILD gcc-3.4.6-r3.ebuild 5023 RMD160 5c219c10fd594ddc9def680da716edb7c09d8736 SHA1 2f94b37676e932fb8e97139baa37f065b8364b16 SHA256 38490fa68cb84b77a6cd868257e4700c3ae22d9d55440166889edee2f0273082
+MD5 12e8ce429498cd4768d9464b417380a8 gcc-3.4.6-r3.ebuild 5023
+RMD160 5c219c10fd594ddc9def680da716edb7c09d8736 gcc-3.4.6-r3.ebuild 5023
+SHA256 38490fa68cb84b77a6cd868257e4700c3ae22d9d55440166889edee2f0273082 gcc-3.4.6-r3.ebuild 5023
+EBUILD gcc-4.1.1-r3.ebuild 3009 RMD160 b844335b58de71d0960d16c6c2f2845f604b8b0b SHA1 aeacc440cc7523b1e2f9ce10cd6a5846a1fcaa24 SHA256 9e197718d22736ebfef6d592b7e1e83a6b6516e4792da353a110e2ddb4903e53
+MD5 25730568c870638dd9fcd7bbbc6fd79c gcc-4.1.1-r3.ebuild 3009
+RMD160 b844335b58de71d0960d16c6c2f2845f604b8b0b gcc-4.1.1-r3.ebuild 3009
+SHA256 9e197718d22736ebfef6d592b7e1e83a6b6516e4792da353a110e2ddb4903e53 gcc-4.1.1-r3.ebuild 3009
+MD5 25769cef09f895c0867caf01eb288436 files/digest-gcc-3.4.6-r3 1623
+RMD160 d58cfe1955c20064c63ad0e47eaa15c698fec2e8 files/digest-gcc-3.4.6-r3 1623
+SHA256 69528d8037d0e2019bfc8deae140847116073acc0aa6946fc8bbd934cb47793d files/digest-gcc-3.4.6-r3 1623
+MD5 999cc0e908bc64ab913514396b8859c1 files/digest-gcc-4.1.1-r3 1069
+RMD160 d6ff22ff681d6510bb7dd5f9e02466b2789fdbf0 files/digest-gcc-4.1.1-r3 1069
+SHA256 c16acb71c2d63e66a1f7830fc4c64c9daecb6a8e43d38d1232e753bbc08c9311 files/digest-gcc-4.1.1-r3 1069
diff --git a/hardened/toolchain/branches/gcc-glibc-nopie/sys-devel/gcc/files/3.4.0/gcc-3.4.0-cc1-no-stack-protector.patch b/hardened/toolchain/branches/gcc-glibc-nopie/sys-devel/gcc/files/3.4.0/gcc-3.4.0-cc1-no-stack-protector.patch
new file mode 100644
index 0000000..72bce28
--- /dev/null
+++ b/hardened/toolchain/branches/gcc-glibc-nopie/sys-devel/gcc/files/3.4.0/gcc-3.4.0-cc1-no-stack-protector.patch
@@ -0,0 +1,11 @@
+--- gcc/Makefile.in.mps	2004-06-01 22:06:17.000000000 +0200
++++ gcc/Makefile.in	2004-06-01 22:06:56.000000000 +0200
+@@ -1845,7 +1845,7 @@ $(out_object_file): $(out_file) $(CONFIG
+    output.h $(INSN_ATTR_H) $(SYSTEM_H) toplev.h $(TARGET_H) libfuncs.h \
+    $(TARGET_DEF_H) function.h sched-int.h $(TM_P_H) $(EXPR_H) $(OPTABS_H) \
+    langhooks.h
+-	$(CC) -c $(ALL_CFLAGS) $(ALL_CPPFLAGS) $(INCLUDES) \
++	$(CC) -c $(ALL_CFLAGS) -fno-stack-protector $(ALL_CPPFLAGS) $(INCLUDES) \
+ 		$(out_file) $(OUTPUT_OPTION)
+ 
+ # Build auxiliary files that support ecoff format.
diff --git a/hardened/toolchain/branches/gcc-glibc-nopie/sys-devel/gcc/files/3.4.1/gcc-3.4.1-mips-n32only.patch b/hardened/toolchain/branches/gcc-glibc-nopie/sys-devel/gcc/files/3.4.1/gcc-3.4.1-mips-n32only.patch
new file mode 100644
index 0000000..6fba12b
--- /dev/null
+++ b/hardened/toolchain/branches/gcc-glibc-nopie/sys-devel/gcc/files/3.4.1/gcc-3.4.1-mips-n32only.patch
@@ -0,0 +1,17 @@
+Index: gcc/config/mips/t-linux64
+===================================================================
+RCS file: /cvsroot/gcc/gcc/gcc/config/mips/t-linux64,v
+retrieving revision 1.3
+diff -u -r1.3 t-linux64
+--- gcc/config/mips/t-linux64	4 Jun 2003 05:35:15 -0000	1.3
++++ gcc/config/mips/t-linux64	10 Aug 2004 18:26:26 -0000
+@@ -1,6 +1,6 @@
+-MULTILIB_OPTIONS = mabi=32/mabi=n32/mabi=64
+-MULTILIB_DIRNAMES = o32 32 64
+-MULTILIB_OSDIRNAMES = ../lib ../lib32 ../lib64
++MULTILIB_OPTIONS = mabi=n32
++MULTILIB_DIRNAMES =
++MULTILIB_OSDIRNAMES =
+ 
+ EXTRA_MULTILIB_PARTS=crtbegin.o crtend.o crtbeginS.o crtendS.o crtbeginT.o
+ 
diff --git a/hardened/toolchain/branches/gcc-glibc-nopie/sys-devel/gcc/files/3.4.1/gcc-3.4.1-mips-n64only.patch b/hardened/toolchain/branches/gcc-glibc-nopie/sys-devel/gcc/files/3.4.1/gcc-3.4.1-mips-n64only.patch
new file mode 100644
index 0000000..81baf62
--- /dev/null
+++ b/hardened/toolchain/branches/gcc-glibc-nopie/sys-devel/gcc/files/3.4.1/gcc-3.4.1-mips-n64only.patch
@@ -0,0 +1,17 @@
+Index: gcc/config/mips/t-linux64
+===================================================================
+RCS file: /cvsroot/gcc/gcc/gcc/config/mips/t-linux64,v
+retrieving revision 1.3
+diff -u -r1.3 t-linux64
+--- gcc/config/mips/t-linux64	4 Jun 2003 05:35:15 -0000	1.3
++++ gcc/config/mips/t-linux64	10 Aug 2004 18:26:53 -0000
+@@ -1,6 +1,6 @@
+-MULTILIB_OPTIONS = mabi=32/mabi=n32/mabi=64
+-MULTILIB_DIRNAMES = o32 32 64
+-MULTILIB_OSDIRNAMES = ../lib ../lib32 ../lib64
++MULTILIB_OPTIONS = mabi=n64
++MULTILIB_DIRNAMES =
++MULTILIB_OSDIRNAMES =
+ 
+ EXTRA_MULTILIB_PARTS=crtbegin.o crtend.o crtbeginS.o crtendS.o crtbeginT.o
+ 
diff --git a/hardened/toolchain/branches/gcc-glibc-nopie/sys-devel/gcc/files/3.4.2/gcc-3.4.2-mips-ip28_cache_barriers-v4.patch b/hardened/toolchain/branches/gcc-glibc-nopie/sys-devel/gcc/files/3.4.2/gcc-3.4.2-mips-ip28_cache_barriers-v4.patch
new file mode 100644
index 0000000..02edc37
--- /dev/null
+++ b/hardened/toolchain/branches/gcc-glibc-nopie/sys-devel/gcc/files/3.4.2/gcc-3.4.2-mips-ip28_cache_barriers-v4.patch
@@ -0,0 +1,366 @@
+diff -Naurp gcc-3.4.6.orig/gcc/config/mips/mips.c gcc-3.4.6/gcc/config/mips/mips.c
+--- gcc-3.4.6.orig/gcc/config/mips/mips.c	2005-07-31 04:35:15.000000000 -0400
++++ gcc-3.4.6/gcc/config/mips/mips.c	2006-04-08 17:41:44.000000000 -0400
+@@ -8801,6 +8801,11 @@ mips_reorg (void)
+ 	dbr_schedule (get_insns (), rtl_dump_file);
+       mips_avoid_hazards ();
+     }
++  if (mips_r10k_cache_barrier)
++    {
++      static int r10k_insert_cache_barriers (void);
++      r10k_insert_cache_barriers ();
++    }
+ }
+ 
+ /* We need to use a special set of functions to handle hard floating
+@@ -9661,5 +9666,5 @@ irix_section_type_flags (tree decl, cons
+ }
+ 
+ #endif /* TARGET_IRIX */
+-
++#include "r10k-cacheb.c"
+ #include "gt-mips.h"
+diff -Naurp gcc-3.4.6.orig/gcc/config/mips/mips.h gcc-3.4.6/gcc/config/mips/mips.h
+--- gcc-3.4.6.orig/gcc/config/mips/mips.h	2004-07-14 20:42:49.000000000 -0400
++++ gcc-3.4.6/gcc/config/mips/mips.h	2006-04-08 17:41:01.000000000 -0400
+@@ -122,6 +122,7 @@ extern const char *mips_tune_string;    
+ extern const char *mips_isa_string;	/* for -mips{1,2,3,4} */
+ extern const char *mips_abi_string;	/* for -mabi={32,n32,64} */
+ extern const char *mips_cache_flush_func;/* for -mflush-func= and -mno-flush-func */
++extern const char *mips_r10k_cache_barrier;/* for -mr10k-cache-barrier[={1,2}] */
+ extern int mips_string_length;		/* length of strings for mips16 */
+ extern const struct mips_cpu_info mips_cpu_info_table[];
+ extern const struct mips_cpu_info *mips_arch_info;
+@@ -752,6 +753,10 @@ extern const struct mips_cpu_info *mips_
+       N_("Don't call any cache flush functions"), 0},			\
+   { "flush-func=", &mips_cache_flush_func,				\
+       N_("Specify cache flush function"), 0},				\
++  { "r10k-cache-barrier", &mips_r10k_cache_barrier,			\
++      N_("[=1|2]\tGenerate cache barriers for SGI Indigo2/O2 R10k"), 0},	\
++  { "ip28-cache-barrier", &mips_r10k_cache_barrier,			\
++      N_(""), 0},	\
+ }
+ 
+ /* This is meant to be redefined in the host dependent files.  */
+diff -Naurp gcc-3.4.6.orig/gcc/config/mips/r10k-cacheb.c gcc-3.4.6/gcc/config/mips/r10k-cacheb.c
+--- gcc-3.4.6.orig/gcc/config/mips/r10k-cacheb.c	1969-12-31 19:00:00.000000000 -0500
++++ gcc-3.4.6/gcc/config/mips/r10k-cacheb.c	2006-04-08 17:41:22.000000000 -0400
+@@ -0,0 +1,318 @@
++/* Subroutines used for MIPS code generation: generate cache-barriers
++   for SiliconGraphics IP28 and IP32/R10000 kernel-code.
++   Copyright (C) 2005,2006 peter fuerst, pf@net.alphadv.de.
++
++This file is intended to become part of GCC.
++
++This file is free software; you can redistribute it and/or modify it
++under the terms of the GNU General Public License as published
++by the Free Software Foundation; either version 2, or (at your
++option) any later version.
++
++This file is distributed in the hope that it will be useful,
++but WITHOUT ANY WARRANTY; without even the implied warranty of
++MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++GNU General Public License for more details.
++
++You should have received a copy of the GNU General Public License
++along with GCC; see the file COPYING.  If not, write to the
++Free Software Foundation, 51 Franklin Street, Fifth Floor, Boston,
++MA  02110-1301  USA.  */
++
++
++#define ASM_R10K_CACHE_BARRIER	"cache 0x14,0($sp)"
++
++/* Some macros, ported back from 4.x ... */
++
++#define CALL_P(X)  (GET_CODE (X) == CALL_INSN)
++#define MEM_P(X)   (GET_CODE (X) == MEM)
++#define NONJUMP_INSN_P(X)  (GET_CODE (X) == INSN)
++
++#define SEQ_BEGIN(insn)                        \
++  (INSN_P (insn) && GET_CODE (PATTERN (insn)) == SEQUENCE  \
++   ? XVECEXP (PATTERN (insn), 0, 0)                        \
++   : (insn))
++
++#define SEQ_END(insn)                          \
++  (INSN_P (insn) && GET_CODE (PATTERN (insn)) == SEQUENCE      \
++   ? XVECEXP (PATTERN (insn), 0, XVECLEN (PATTERN (insn), 0) - 1)  \
++   : (insn))
++
++#define FOR_EACH_SUBINSN(subinsn, insn)        \
++  for ((subinsn) = SEQ_BEGIN (insn);       \
++       (subinsn) != NEXT_INSN (SEQ_END (insn));    \
++       (subinsn) = NEXT_INSN (subinsn))
++
++
++/* Nonzero means generate special cache barriers to inhibit speculative
++   stores which might endanger cache coherency or reference invalid
++   addresses (especially on SGI's Indigo2 R10k (IP28)).  */
++const char *mips_r10k_cache_barrier;
++static int TARGET_R10K_SPECEX;
++
++/* Check, whether an instruction is a possibly harmful store instruction,
++   i.e. a store which might cause damage, if speculatively executed. */
++
++/* Return truth value whether the expression `*memx' instantiates
++   (mem:M (not (stackpointer_address or constant))). */
++
++static int
++is_stack_pointer (rtx *x, void *data)
++{
++  return (*x == stack_pointer_rtx);
++}
++
++static int
++check_p_mem_expr (rtx *memx, void *data)
++{
++  if (!MEM_P (*memx) || for_each_rtx (memx, is_stack_pointer, 0))
++    return 0;
++
++  /* Stores/Loads to/from constant addresses can be considered
++     harmless, since:
++     1)  the address is always valid, even when taken speculatively.
++     2a) the location is (hopefully) never used as a dma-target, thus
++         there is no danger of cache-inconsistency.
++     2b) uncached loads/stores are guaranteed to be non-speculative. */
++  if ( CONSTANT_P(XEXP (*memx, 0)) )
++    return 0;
++
++  return 1;
++}
++
++/* Return truth value whether we find (set (mem:M (non_stackpointer_address)
++   ...)) in instruction-pattern `body'.
++   Here we assume, that addressing with the stackpointer accesses neither
++   uncached-aliased nor invalid memory.
++   (May be, this applies to the global pointer and frame pointer also,
++   but its saver not to assume it. And probably it's not worthwile to
++   regard these registers)
++
++   Speculative loads from invalid addresses also cause bus errors...
++   So check for (set (reg:M ...) (mem:M (non_stackpointer_address)))
++   too, unless there is an enhanced bus-error handler. */
++
++static int
++check_p_pattern_for_store (rtx *body, void *data)
++{
++  if (*body && GET_CODE (*body) == SET)
++    {
++      /* Cache-barriers for SET_SRC may be requested as well. */
++      if (!(TARGET_R10K_SPECEX & 2))
++        body = &SET_DEST(*body);
++
++      if (for_each_rtx (body, check_p_mem_expr, 0))
++        return 1;
++
++      /* Don't traverse sub-expressions again. */
++      return -1;
++    }
++  return 0;
++}
++
++static int
++strmatch (const char *txt, const char *match)
++{
++  return !strncmp(txt, match, strlen (match));
++}
++
++/* Check for (ins (set (mem:M (dangerous_address)) ...)) or end of the
++   current basic block in instruction `insn'.
++   `state': (internal) recursion-counter and delayslot-flag
++   Criteria to recognize end-of/next basic-block are reduplicated here
++   from final_scan_insn.
++   return >0: `insn' is critical.
++   return <0: `insn' is at end of current basic-block.
++   return 0:  `insn' can be ignored. */
++
++static int
++check_insn_for_store (int state, rtx insn)
++{
++  rtx body;
++
++  if (INSN_DELETED_P (insn))
++    return 0;
++
++  if (LABEL_P (insn))
++    return -1;
++
++  if (CALL_P (insn) || JUMP_P (insn) || NONJUMP_INSN_P (insn))
++    {
++      body = PATTERN (insn);
++      if (GET_CODE (body) == SEQUENCE)
++        {
++          /* A delayed-branch sequence. */
++          rtx insq;
++          FOR_EACH_SUBINSN(insq, insn)
++            if (! INSN_DELETED_P (insq))
++              {
++                /* |1: delay-slot completely contained in sequence. */
++                if (check_insn_for_store (8+state|1, insq) > 0)
++                  return 1;
++              }
++          /* Following a (conditional) branch sequence, we have a new
++             basic block.  */
++          if (JUMP_P (SEQ_BEGIN(insn)))
++            return -1;
++          /* Handle a call sequence like a conditional branch sequence. */
++          if (CALL_P (SEQ_BEGIN(insn)))
++            return -1;
++        }
++      if (GET_CODE (body) == PARALLEL)
++        if (for_each_rtx (&body, check_p_pattern_for_store, 0))
++           return 1;
++
++      /* Now, only a `simple' INSN or JUMP_INSN remains to be checked. */
++      if (NONJUMP_INSN_P (insn))
++        {
++          /* Since we don't know what's inside, we must take inline
++             assembly to be dangerous. */
++          if (GET_CODE (body) == ASM_INPUT)
++            {
++              const char *t = XSTR (body, 0);
++              if (t && !strmatch(t, ASM_R10K_CACHE_BARRIER))
++                return 1;
++            }
++
++          if (check_p_pattern_for_store (&body, 0) > 0)
++            return 1;
++        }
++      /* Handle a CALL_INSN instruction like a conditional branch. */
++      if (JUMP_P (insn) || CALL_P (insn))
++        {
++          /* Following a (conditional) branch, we have a new basic block. */
++          /* But check insn(s) in delay-slot first.  If we could know in
++             advance that this jump is in `.reorder' mode, where gas will
++             insert a `nop' into the delay-slot, we could skip this test.
++             Since we don't know, always assume `.noreorder', sometimes
++             emitting a cache-barrier, that isn't needed.  */
++          /* But if we are here recursively, already checking a (pseudo-)
++             delay-slot, we are done.  */
++          if ( !(state & 1) )
++            for (insn = NEXT_INSN (insn); insn; insn = NEXT_INSN (insn))
++              {
++                if (LABEL_P (insn) || CALL_P (insn) || JUMP_P (insn))
++                  /* Not in delay-slot at all. */
++                  break;
++
++                if (NONJUMP_INSN_P (insn))
++                  {
++                    if (GET_CODE (PATTERN (insn)) == SEQUENCE)
++                      /* Not in delay-slot at all. */
++                      break;
++
++                    if (check_insn_for_store (8+state|1, insn) > 0)
++                      return 1;
++                    /* We're done anyway. */
++                    break;
++                  }
++                /* skip NOTE,... */;
++              }
++          return -1;
++        }
++    }
++  return 0;
++}
++
++
++/* Scan a basic block, starting with `insn', for a possibly harmful store
++   instruction.  If found, output a cache barrier at the start of this
++   block.  */
++
++static int
++bb_insert_store_cache_barrier (rtx head, rtx nxtb)
++{
++  rtx insn = head;
++
++  if (!insn || insn == nxtb)
++     return 0;
++
++  while ((insn = NEXT_INSN (insn)) && insn != nxtb)
++    {
++      int found;
++
++      if (NOTE_INSN_BASIC_BLOCK_P(insn)) /* See scan_1_bb_for_store() */
++        break;
++      
++      found = check_insn_for_store (0, insn);
++      if (found < 0)
++        break;
++      if (found > 0)
++        {
++          /* found critical store instruction */
++          insn = gen_rtx_ASM_INPUT (VOIDmode,
++                                    ASM_R10K_CACHE_BARRIER "\t"
++                                    ASM_COMMENT_START " Cache Barrier");
++          /* Here we rely on the assumption, that an explicit delay-slot
++             - if any - is already embedded (in a sequence) in 'head'! */
++          insn = emit_insn_after (insn, head);
++          return 1;
++        }
++    }
++  return 0;
++}
++
++
++/* Scan one basic block for a possibly harmful store instruction.
++   If found, insert a cache barrier at the start of this block,
++   return number of inserted cache_barriers. */
++
++static int
++scan_1_bb_for_store (rtx head, rtx end)
++{
++  rtx nxtb;
++  int count;
++
++  /* Note: 'end' is not necessarily reached from 'head' (hidden in
++     SEQUENCE, PARALLEL), but 'nxtb' is. */
++  nxtb = NEXT_INSN (end);
++
++  /* Each basic block starts with zero or more CODE_LABEL(s), followed
++     by one NOTE_INSN_BASIC_BLOCK.
++     Note: bb_head may equal next_insn(bb_end) already ! */
++  while (head && head != nxtb && LABEL_P (head))
++    head = NEXT_INSN (head);
++
++  if (!head || head == nxtb)
++    return 0;
++
++  /* Handle the basic block itself, at most up to next CALL_INSN. */
++  count = bb_insert_store_cache_barrier (head, nxtb);
++
++  /* 1) Handle any CALL_INSN instruction like a conditional branch.
++     2) There may be "basic blocks" in the list, which are no basic blocks
++        at all. (containing CODE_LABELs in the body or gathering several
++        other basic blocks (e.g. bb5 containing bb6,bb7,bb8)). */
++
++  while ((head = NEXT_INSN (head)) && head != nxtb)
++    {
++      if (INSN_DELETED_P (head))
++        continue;
++
++      /* Later we'll be called again for this bb on its own. */
++      if (NOTE_INSN_BASIC_BLOCK_P(head))
++        break;
++
++      if (CALL_P (SEQ_BEGIN (head)) || LABEL_P (head))
++        count += bb_insert_store_cache_barrier (head, nxtb);
++    }
++  return count;
++}
++
++static int
++r10k_insert_cache_barriers (void)
++{
++  if (mips_r10k_cache_barrier)
++    {
++      basic_block bb;
++
++      const char *s = mips_r10k_cache_barrier;
++      /* Default is to protect stores (only). */
++      TARGET_R10K_SPECEX = 1 | strtol(*s != '=' ? s:s+1, (char**)0, 0);
++
++      FOR_EACH_BB (bb)
++        if (0 <= bb->index)
++          scan_1_bb_for_store (BB_HEAD (bb), BB_END (bb));
++    }
++  return 0;
++}
diff --git a/hardened/toolchain/branches/gcc-glibc-nopie/sys-devel/gcc/files/3.4.2/gcc-3.4.x-mips-add-march-r10k.patch b/hardened/toolchain/branches/gcc-glibc-nopie/sys-devel/gcc/files/3.4.2/gcc-3.4.x-mips-add-march-r10k.patch
new file mode 100644
index 0000000..d02a5e9
--- /dev/null
+++ b/hardened/toolchain/branches/gcc-glibc-nopie/sys-devel/gcc/files/3.4.2/gcc-3.4.x-mips-add-march-r10k.patch
@@ -0,0 +1,460 @@
+diff -Naurp gcc-3.4.1.orig/gcc/config/mips/mips.c gcc-3.4.1/gcc/config/mips/mips.c
+--- gcc-3.4.1.orig/gcc/config/mips/mips.c	2004-06-28 09:58:42.000000000 -0400
++++ gcc-3.4.1/gcc/config/mips/mips.c	2004-08-09 22:37:21.983939192 -0400
+@@ -707,6 +707,7 @@ const struct mips_cpu_info mips_cpu_info
+ 
+   /* MIPS IV */
+   { "r8000", PROCESSOR_R8000, 4 },
++  { "r10000", PROCESSOR_R10000, 4 },
+   { "vr5000", PROCESSOR_R5000, 4 },
+   { "vr5400", PROCESSOR_R5400, 4 },
+   { "vr5500", PROCESSOR_R5500, 4 },
+@@ -9401,6 +9402,9 @@ mips_issue_rate (void)
+ {
+   switch (mips_tune)
+     {
++    case PROCESSOR_R10000:
++      return 4;
++
+     case PROCESSOR_R5400:
+     case PROCESSOR_R5500:
+     case PROCESSOR_R7000:
+diff -Naurp gcc-3.4.1.orig/gcc/config/mips/mips.h gcc-3.4.1/gcc/config/mips/mips.h
+--- gcc-3.4.1.orig/gcc/config/mips/mips.h	2004-03-11 16:52:33.000000000 -0500
++++ gcc-3.4.1/gcc/config/mips/mips.h	2004-08-09 01:02:35.042149496 -0400
+@@ -66,6 +66,7 @@ enum processor_type {
+   PROCESSOR_R7000,
+   PROCESSOR_R8000,
+   PROCESSOR_R9000,
++  PROCESSOR_R10000,
+   PROCESSOR_SB1,
+   PROCESSOR_SR71000
+ };
+diff -Naurp gcc-3.4.1.orig/gcc/config/mips/mips.md gcc-3.4.1/gcc/config/mips/mips.md
+--- gcc-3.4.1.orig/gcc/config/mips/mips.md	2004-06-25 03:35:30.000000000 -0400
++++ gcc-3.4.1/gcc/config/mips/mips.md	2004-08-09 04:55:10.158649320 -0400
+@@ -103,6 +103,7 @@
+ ;; arith	integer arithmetic instruction
+ ;; darith	double precision integer arithmetic instructions
+ ;; const	load constant
++;; shift        integer shift
+ ;; imul		integer multiply
+ ;; imadd	integer multiply-add
+ ;; idiv		integer divide
+@@ -120,7 +121,7 @@
+ ;; multi	multiword sequence (or user asm statements)
+ ;; nop		no operation
+ (define_attr "type"
+-  "unknown,branch,jump,call,load,store,prefetch,prefetchx,move,condmove,xfer,hilo,const,arith,darith,imul,imadd,idiv,icmp,fadd,fmul,fmadd,fdiv,fabs,fneg,fcmp,fcvt,fsqrt,frsqrt,multi,nop"
++  "unknown,branch,jump,call,load,store,prefetch,prefetchx,move,condmove,xfer,hilo,const,arith,darith,shift,imul,imadd,idiv,icmp,fadd,fmul,fmadd,fdiv,fabs,fneg,fcmp,fcvt,fsqrt,frsqrt,multi,nop"
+   (cond [(eq_attr "jal" "!unset") (const_string "call")
+ 	 (eq_attr "got" "load") (const_string "load")]
+ 	(const_string "unknown")))
+@@ -214,7 +215,7 @@
+ ;; Attribute describing the processor.  This attribute must match exactly
+ ;; with the processor_type enumeration in mips.h.
+ (define_attr "cpu"
+-  "default,4kc,5kc,20kc,m4k,r3000,r3900,r6000,r4000,r4100,r4111,r4120,r4300,r4600,r4650,r5000,r5400,r5500,r7000,r8000,r9000,sb1,sr71000"
++  "default,4kc,5kc,20kc,m4k,r3000,r3900,r6000,r4000,r4100,r4111,r4120,r4300,r4600,r4650,r5000,r5400,r5500,r7000,r8000,r9000,r10000,sb1,sr71000"
+   (const (symbol_ref "mips_tune")))
+ 
+ ;; The type of hardware hazard associated with this instruction.
+@@ -305,12 +306,12 @@
+ 
+ (define_function_unit "memory" 1 0
+   (and (eq_attr "type" "load")
+-       (eq_attr "cpu" "!r3000,r3900,r4600,r4650,r4100,r4120,r4300,r5000"))
++       (eq_attr "cpu" "!r3000,r3900,r4600,r4650,r4100,r4120,r4300,r5000,r10000"))
+   3 0)
+ 
+ (define_function_unit "memory" 1 0
+   (and (eq_attr "type" "load")
+-       (eq_attr "cpu" "r3000,r3900,r4600,r4650,r4100,r4120,r4300,r5000"))
++       (eq_attr "cpu" "r3000,r3900,r4600,r4650,r4100,r4120,r4300,r5000,r10000"))
+   2 0)
+ 
+ (define_function_unit "memory"   1 0 (eq_attr "type" "store") 1 0)
+@@ -323,7 +324,7 @@
+ 
+ (define_function_unit "imuldiv"  1 0
+   (and (eq_attr "type" "imul,imadd")
+-       (eq_attr "cpu" "!r3000,r3900,r4000,r4600,r4650,r4100,r4120,r4300,r5000"))
++       (eq_attr "cpu" "!r3000,r3900,r4000,r4600,r4650,r4100,r4120,r4300,r5000,r10000"))
+   17 17)
+ 
+ ;; On them mips16, we want to stronly discourage a mult from appearing
+@@ -375,7 +376,7 @@
+ 
+ (define_function_unit "imuldiv"  1 0
+   (and (eq_attr "type" "idiv")
+-       (eq_attr "cpu" "!r3000,r3900,r4000,r4600,r4650,r4100,r4120,r4300,r5000"))
++       (eq_attr "cpu" "!r3000,r3900,r4000,r4600,r4650,r4100,r4120,r4300,r5000,r10000"))
+   38 38)
+ 
+ (define_function_unit "imuldiv"  1 0
+@@ -424,6 +425,40 @@
+        (and (eq_attr "mode" "DI") (eq_attr "cpu" "r5000")))
+   68 68)
+ 
++;; R10000 has 2 integer ALUs
++(define_function_unit "alu" 2 0
++  (and (eq_attr "type" "arith,darith,shift")
++       (eq_attr "cpu" "r10000"))
++  1 0)
++
++;; Only ALU1 can do shifts.  We model shifts as an additional unit
++(define_function_unit "alu1" 1 0
++  (and (eq_attr "type" "shift")
++       (eq_attr "cpu" "r10000"))
++  1 0)
++
++;; only ALU2 does multiplications and divisions
++(define_function_unit "alu2"  1 0
++  (and (eq_attr "type" "imul")
++       (and (eq_attr "mode" "SI") (eq_attr "cpu" "r10000")))
++  6 6)
++
++(define_function_unit "alu2"  1 0
++  (and (eq_attr "type" "imul")
++       (and (eq_attr "mode" "DI") (eq_attr "cpu" "r10000")))
++  10 10)
++
++(define_function_unit "alu2"  1 0
++  (and (eq_attr "type" "idiv")
++       (and (eq_attr "mode" "SI") (eq_attr "cpu" "r10000")))
++  35 35)
++
++(define_function_unit "alu2"  1 0
++  (and (eq_attr "type" "idiv")
++       (and (eq_attr "mode" "DI") (eq_attr "cpu" "r10000")))
++  67 67)
++
++
+ ;; The R4300 does *NOT* have a separate Floating Point Unit, instead
+ ;; the FP hardware is part of the normal ALU circuitry.  This means FP
+ ;; instructions affect the pipe-line, and no functional unit
+@@ -432,11 +467,11 @@
+ ;; instructions to be processed in the "imuldiv" unit.
+ 
+ (define_function_unit "adder" 1 1
+-  (and (eq_attr "type" "fcmp") (eq_attr "cpu" "!r3000,r3900,r6000,r4300,r5000"))
++  (and (eq_attr "type" "fcmp") (eq_attr "cpu" "!r3000,r3900,r6000,r4300,r5000,r10000"))
+   3 0)
+ 
+ (define_function_unit "adder" 1 1
+-  (and (eq_attr "type" "fcmp") (eq_attr "cpu" "r3000,r3900,r6000"))
++  (and (eq_attr "type" "fcmp") (eq_attr "cpu" "r3000,r3900,r6000,r10000"))
+   2 0)
+ 
+ (define_function_unit "adder" 1 1
+@@ -444,7 +479,7 @@
+   1 0)
+ 
+ (define_function_unit "adder" 1 1
+-  (and (eq_attr "type" "fadd") (eq_attr "cpu" "!r3000,r3900,r6000,r4300"))
++  (and (eq_attr "type" "fadd") (eq_attr "cpu" "!r3000,r3900,r6000,r4300,r10000"))
+   4 0)
+ 
+ (define_function_unit "adder" 1 1
+@@ -456,6 +491,10 @@
+   3 0)
+ 
+ (define_function_unit "adder" 1 1
++  (and (eq_attr "type" "fadd,fmadd") (eq_attr "cpu" "r10000"))
++  2 0)
++
++(define_function_unit "adder" 1 1
+   (and (eq_attr "type" "fabs,fneg")
+        (eq_attr "cpu" "!r3000,r3900,r4600,r4650,r4300,r5000"))
+   2 0)
+@@ -467,7 +506,7 @@
+ (define_function_unit "mult" 1 1
+   (and (eq_attr "type" "fmul")
+        (and (eq_attr "mode" "SF")
+-	    (eq_attr "cpu" "!r3000,r3900,r6000,r4600,r4650,r4300,r5000")))
++	    (eq_attr "cpu" "!r3000,r3900,r6000,r4600,r4650,r4300,r5000,r10000")))
+   7 0)
+ 
+ (define_function_unit "mult" 1 1
+@@ -487,7 +526,7 @@
+ 
+ (define_function_unit "mult" 1 1
+   (and (eq_attr "type" "fmul")
+-       (and (eq_attr "mode" "DF") (eq_attr "cpu" "!r3000,r3900,r6000,r4300,r5000")))
++       (and (eq_attr "mode" "DF") (eq_attr "cpu" "!r3000,r3900,r6000,r4300,r5000,r10000")))
+   8 0)
+ 
+ (define_function_unit "mult" 1 1
+@@ -500,10 +539,14 @@
+        (and (eq_attr "mode" "DF") (eq_attr "cpu" "r6000")))
+   6 0)
+ 
++(define_function_unit "mult" 1 1
++  (and (eq_attr "type" "fmul,fmadd") (eq_attr "cpu" "r10000"))
++  2 0)
++
+ (define_function_unit "divide" 1 1
+   (and (eq_attr "type" "fdiv")
+        (and (eq_attr "mode" "SF")
+-	    (eq_attr "cpu" "!r3000,r3900,r6000,r4600,r4650,r4300,r5000")))
++	    (eq_attr "cpu" "!r3000,r3900,r6000,r4600,r4650,r4300,r5000,r10000")))
+   23 0)
+ 
+ (define_function_unit "divide" 1 1
+@@ -529,7 +572,7 @@
+ (define_function_unit "divide" 1 1
+   (and (eq_attr "type" "fdiv")
+        (and (eq_attr "mode" "DF")
+-	    (eq_attr "cpu" "!r3000,r3900,r6000,r4600,r4650,r4300")))
++	    (eq_attr "cpu" "!r3000,r3900,r6000,r4600,r4650,r4300,r10000")))
+   36 0)
+ 
+ (define_function_unit "divide" 1 1
+@@ -547,10 +590,21 @@
+        (and (eq_attr "mode" "DF") (eq_attr "cpu" "r4600,r4650")))
+   61 0)
+ 
++;; divisions keep multiplier busy on R10000
++(define_function_unit "mult" 1 1
++  (and (eq_attr "type" "fdiv") 
++       (and (eq_attr "mode" "SF") (eq_attr "cpu" "r10000")))
++  12 14)
++
++(define_function_unit "mult" 1 1
++  (and (eq_attr "type" "fdiv") 
++       (and (eq_attr "mode" "DF") (eq_attr "cpu" "r10000")))
++  19 21)
++
+ ;;; ??? Is this number right?
+ (define_function_unit "divide" 1 1
+   (and (eq_attr "type" "fsqrt,frsqrt")
+-       (and (eq_attr "mode" "SF") (eq_attr "cpu" "!r4600,r4650,r4300,r5000")))
++       (and (eq_attr "mode" "SF") (eq_attr "cpu" "!r4600,r4650,r4300,r5000,r10000")))
+   54 0)
+ 
+ (define_function_unit "divide" 1 1
+@@ -566,7 +620,7 @@
+ ;;; ??? Is this number right?
+ (define_function_unit "divide" 1 1
+   (and (eq_attr "type" "fsqrt,frsqrt")
+-       (and (eq_attr "mode" "DF") (eq_attr "cpu" "!r4600,r4650,r4300,r5000")))
++       (and (eq_attr "mode" "DF") (eq_attr "cpu" "!r4600,r4650,r4300,r5000,r10000")))
+   112 0)
+ 
+ (define_function_unit "divide" 1 1
+@@ -579,6 +633,17 @@
+        (and (eq_attr "mode" "DF") (eq_attr "cpu" "r5000")))
+   36 0)
+ 
++;; sqrt is executed by multiplier on R10000
++(define_function_unit "mult" 1 1
++  (and (eq_attr "type" "fsqrt")
++       (and (eq_attr "mode" "SF") (eq_attr "cpu" "r10000")))
++  18 20)
++
++(define_function_unit "mult" 1 1
++  (and (eq_attr "type" "fsqrt")
++       (and (eq_attr "mode" "DF") (eq_attr "cpu" "r10000")))
++  33 35)
++
+ ;; R4300 FP instruction classes treated as part of the "imuldiv"
+ ;; functional unit:
+ 
+@@ -3157,7 +3222,7 @@ dsrl\t%3,%3,1\n\
+   "@
+     sll\t%0,%1,0
+     sw\t%1,%0"
+-  [(set_attr "type" "darith,store")
++  [(set_attr "type" "shift,store")
+    (set_attr "mode" "SI")
+    (set_attr "extended_mips16" "yes,*")])
+ 
+@@ -3191,7 +3256,7 @@ dsrl\t%3,%3,1\n\
+                                   (match_operand:DI 2 "small_int" "I"))))]
+   "TARGET_64BIT && !TARGET_MIPS16 && INTVAL (operands[2]) >= 32"
+   "dsra\t%0,%1,%2"
+-  [(set_attr "type" "darith")
++  [(set_attr "type" "shift")
+    (set_attr "mode" "SI")])
+ 
+ (define_insn ""
+@@ -3200,7 +3265,7 @@ dsrl\t%3,%3,1\n\
+                                   (const_int 32))))]
+   "TARGET_64BIT && !TARGET_MIPS16"
+   "dsra\t%0,%1,32"
+-  [(set_attr "type" "darith")
++  [(set_attr "type" "shift")
+    (set_attr "mode" "SI")])
+ 
+ 
+@@ -5241,7 +5306,7 @@ dsrl\t%3,%3,1\n\
+ 
+   return "sll\t%0,%1,%2";
+ }
+-  [(set_attr "type"	"arith")
++  [(set_attr "type"	"shift")
+    (set_attr "mode"	"SI")])
+ 
+ (define_insn "ashlsi3_internal1_extend"
+@@ -5255,7 +5320,7 @@ dsrl\t%3,%3,1\n\
+ 
+   return "sll\t%0,%1,%2";
+ }
+-  [(set_attr "type"    "arith")
++  [(set_attr "type"    "shift")
+    (set_attr "mode"    "DI")])
+ 
+ 
+@@ -5273,7 +5338,7 @@ dsrl\t%3,%3,1\n\
+ 
+   return "sll\t%0,%1,%2";
+ }
+-  [(set_attr "type"	"arith")
++  [(set_attr "type"	"shift")
+    (set_attr "mode"	"SI")
+    (set_attr_alternative "length"
+ 		[(const_int 4)
+@@ -5374,7 +5439,7 @@ sll\t%L0,%L1,%2\n\
+   operands[2] = GEN_INT (INTVAL (operands[2]) & 0x1f);
+   return "sll\t%M0,%L1,%2\;move\t%L0,%.";
+ }
+-  [(set_attr "type"	"darith")
++  [(set_attr "type"	"shift")
+    (set_attr "mode"	"DI")
+    (set_attr "length"	"8")])
+ 
+@@ -5429,7 +5494,7 @@ sll\t%L0,%L1,%2\n\
+ 
+   return "sll\t%M0,%M1,%2\;srl\t%3,%L1,%4\;or\t%M0,%M0,%3\;sll\t%L0,%L1,%2";
+ }
+-  [(set_attr "type"	"darith")
++  [(set_attr "type"	"shift")
+    (set_attr "mode"	"DI")
+    (set_attr "length"	"16")])
+ 
+@@ -5513,7 +5578,7 @@ sll\t%L0,%L1,%2\n\
+ 
+   return "dsll\t%0,%1,%2";
+ }
+-  [(set_attr "type"	"arith")
++  [(set_attr "type"	"shift")
+    (set_attr "mode"	"DI")])
+ 
+ (define_insn ""
+@@ -5530,7 +5595,7 @@ sll\t%L0,%L1,%2\n\
+ 
+   return "dsll\t%0,%1,%2";
+ }
+-  [(set_attr "type"	"arith")
++  [(set_attr "type"	"shift")
+    (set_attr "mode"	"DI")
+    (set_attr_alternative "length"
+ 		[(const_int 4)
+@@ -5591,7 +5656,7 @@ sll\t%L0,%L1,%2\n\
+ 
+   return "sra\t%0,%1,%2";
+ }
+-  [(set_attr "type"	"arith")
++  [(set_attr "type"	"shift")
+    (set_attr "mode"	"SI")])
+ 
+ (define_insn "ashrsi3_internal2"
+@@ -5608,7 +5673,7 @@ sll\t%L0,%L1,%2\n\
+ 
+   return "sra\t%0,%1,%2";
+ }
+-  [(set_attr "type"	"arith")
++  [(set_attr "type"	"shift")
+    (set_attr "mode"	"SI")
+    (set_attr_alternative "length"
+ 		[(const_int 4)
+@@ -5705,7 +5770,7 @@ sra\t%M0,%M1,%2\n\
+   operands[2] = GEN_INT (INTVAL (operands[2]) & 0x1f);
+   return "sra\t%L0,%M1,%2\;sra\t%M0,%M1,31";
+ }
+-  [(set_attr "type"	"darith")
++  [(set_attr "type"	"shift")
+    (set_attr "mode"	"DI")
+    (set_attr "length"	"8")])
+ 
+@@ -5760,7 +5825,7 @@ sra\t%M0,%M1,%2\n\
+ 
+   return "srl\t%L0,%L1,%2\;sll\t%3,%M1,%4\;or\t%L0,%L0,%3\;sra\t%M0,%M1,%2";
+ }
+-  [(set_attr "type"	"darith")
++  [(set_attr "type"	"shift")
+    (set_attr "mode"	"DI")
+    (set_attr "length"	"16")])
+ 
+@@ -5844,7 +5909,7 @@ sra\t%M0,%M1,%2\n\
+ 
+   return "dsra\t%0,%1,%2";
+ }
+-  [(set_attr "type"	"arith")
++  [(set_attr "type"	"shift")
+    (set_attr "mode"	"DI")])
+ 
+ (define_insn ""
+@@ -5858,7 +5923,7 @@ sra\t%M0,%M1,%2\n\
+ 
+   return "dsra\t%0,%2";
+ }
+-  [(set_attr "type"	"arith")
++  [(set_attr "type"	"shift")
+    (set_attr "mode"	"DI")
+    (set_attr_alternative "length"
+ 		[(const_int 4)
+@@ -5918,7 +5983,7 @@ sra\t%M0,%M1,%2\n\
+ 
+   return "srl\t%0,%1,%2";
+ }
+-  [(set_attr "type"	"arith")
++  [(set_attr "type"	"shift")
+    (set_attr "mode"	"SI")])
+ 
+ (define_insn "lshrsi3_internal2"
+@@ -5935,7 +6000,7 @@ sra\t%M0,%M1,%2\n\
+ 
+   return "srl\t%0,%1,%2";
+ }
+-  [(set_attr "type"	"arith")
++  [(set_attr "type"	"shift")
+    (set_attr "mode"	"SI")
+    (set_attr_alternative "length"
+ 		[(const_int 4)
+@@ -6056,7 +6121,7 @@ srl\t%M0,%M1,%2\n\
+   operands[2] = GEN_INT (INTVAL (operands[2]) & 0x1f);
+   return "srl\t%L0,%M1,%2\;move\t%M0,%.";
+ }
+-  [(set_attr "type"	"darith")
++  [(set_attr "type"	"shift")
+    (set_attr "mode"	"DI")
+    (set_attr "length"	"8")])
+ 
+@@ -6111,7 +6176,7 @@ srl\t%M0,%M1,%2\n\
+ 
+   return "srl\t%L0,%L1,%2\;sll\t%3,%M1,%4\;or\t%L0,%L0,%3\;srl\t%M0,%M1,%2";
+ }
+-  [(set_attr "type"	"darith")
++  [(set_attr "type"	"shift")
+    (set_attr "mode"	"DI")
+    (set_attr "length"	"16")])
+ 
+@@ -6195,7 +6260,7 @@ srl\t%M0,%M1,%2\n\
+ 
+   return "dsrl\t%0,%1,%2";
+ }
+-  [(set_attr "type"	"arith")
++  [(set_attr "type"	"shift")
+    (set_attr "mode"	"DI")])
+ 
+ (define_insn ""
+@@ -6209,7 +6274,7 @@ srl\t%M0,%M1,%2\n\
+ 
+   return "dsrl\t%0,%2";
+ }
+-  [(set_attr "type"	"arith")
++  [(set_attr "type"	"shift")
+    (set_attr "mode"	"DI")
+    (set_attr_alternative "length"
+ 		[(const_int 4)
diff --git a/hardened/toolchain/branches/gcc-glibc-nopie/sys-devel/gcc/files/3.4.3/libffi-nogcj-lib-path-fix.patch b/hardened/toolchain/branches/gcc-glibc-nopie/sys-devel/gcc/files/3.4.3/libffi-nogcj-lib-path-fix.patch
new file mode 100644
index 0000000..b5195e4
--- /dev/null
+++ b/hardened/toolchain/branches/gcc-glibc-nopie/sys-devel/gcc/files/3.4.3/libffi-nogcj-lib-path-fix.patch
@@ -0,0 +1,40 @@
+diff -ur gcc-3.4.3/libffi/Makefile.in gcc-3.4.3-ffi-fixes/libffi/Makefile.in
+--- gcc-3.4.3/libffi/Makefile.in	2003-11-22 08:41:32.000000000 -0500
++++ gcc-3.4.3-ffi-fixes/libffi/Makefile.in	2004-11-28 17:31:50.000000000 -0500
+@@ -89,7 +89,7 @@
+ libffi_basedir = @libffi_basedir@
+ tool_include_dir = @tool_include_dir@
+ toolexecdir = @toolexecdir@
+-toolexeclibdir = @toolexeclibdir@
++toolexeclibdir = @toolexeclibdir@/@gcc_version@
+ 
+ AUTOMAKE_OPTIONS = cygnus
+ 
+diff -ur gcc-3.4.3/libffi/configure gcc-3.4.3-ffi-fixes/libffi/configure
+--- gcc-3.4.3/libffi/configure	2004-05-18 05:08:39.000000000 -0400
++++ gcc-3.4.3-ffi-fixes/libffi/configure	2004-11-28 17:48:19.000000000 -0500
+@@ -3800,8 +3800,8 @@
+   toolexecdir='$(exec_prefix)/$(target_alias)'
+   toolexeclibdir='$(toolexecdir)/lib'
+ else
+-  toolexecdir='$(libdir)/gcc-lib/$(target_alias)'
+-  toolexeclibdir='$(libdir)'
++  toolexecdir='$(libdir)/gcc/$(target_alias)'
++  toolexeclibdir='$(libdir)/gcc/$(target_alias)/$(gcc-version)'
+ fi
+ multi_os_directory=`$CC -print-multi-os-directory`
+ case $multi_os_directory in
+diff -ur gcc-3.4.3/libffi/configure.in gcc-3.4.3-ffi-fixes/libffi/configure.in
+--- gcc-3.4.3/libffi/configure.in	2004-04-27 01:10:19.000000000 -0400
++++ gcc-3.4.3-ffi-fixes/libffi/configure.in	2004-11-28 17:40:30.000000000 -0500
+@@ -225,8 +225,8 @@
+   toolexecdir='$(exec_prefix)/$(target_alias)'
+   toolexeclibdir='$(toolexecdir)/lib'
+ else
+-  toolexecdir='$(libdir)/gcc-lib/$(target_alias)'
+-  toolexeclibdir='$(libdir)'
++  toolexecdir='$(libdir)/gcc/$(target_alias)'
++  toolexeclibdir='$(libdir)/gcc/$(target_alias)/$(gcc_version)'
+ fi
+ multi_os_directory=`$CC -print-multi-os-directory`
+ case $multi_os_directory in
diff --git a/hardened/toolchain/branches/gcc-glibc-nopie/sys-devel/gcc/files/3.4.3/libffi-without-libgcj.patch b/hardened/toolchain/branches/gcc-glibc-nopie/sys-devel/gcc/files/3.4.3/libffi-without-libgcj.patch
new file mode 100644
index 0000000..b270a06
--- /dev/null
+++ b/hardened/toolchain/branches/gcc-glibc-nopie/sys-devel/gcc/files/3.4.3/libffi-without-libgcj.patch
@@ -0,0 +1,40 @@
+--- configure.in.orig	2004-08-03 00:53:36.000000000 +0200
++++ configure.in	2004-08-03 00:52:35.000000000 +0200
+@@ -136,8 +136,7 @@
+ host_tools="texinfo byacc flex bison binutils gas ld gcc sid sim gdb make patch prms send-pr gprof etc expect dejagnu ash bash bzip2 m4 autoconf automake libtool diff rcs fileutils shellutils time textutils wdiff find uudecode hello tar gzip indent recode release sed utils guile perl gawk findutils gettext zip fastjar"
+ 
+ # libgcj represents the runtime libraries only used by gcj.
+-libgcj="target-libffi \
+-	target-boehm-gc \
++libgcj="target-boehm-gc \
+ 	target-zlib \
+ 	target-qthreads \
+ 	target-libjava"
+@@ -150,6 +150,7 @@
+ 		target-libstdc++-v3 \
+ 		target-libf2c \
+ 		${libgcj} \
++		target-libffi \
+ 		target-libobjc"
+ 
+ # these tools are built using the target libraries, and are intended to
+--- configure~	2004-08-28 02:31:04.000000000 +0200
++++ configure	2004-08-28 10:55:28.000000000 +0200
+@@ -876,8 +876,7 @@
+ host_tools="texinfo byacc flex bison binutils gas ld gcc sid sim gdb make patch prms send-pr gprof etc expect dejagnu ash bash bzip2 m4 autoconf automake libtool diff rcs fileutils shellutils time textutils wdiff find uudecode hello tar gzip indent recode release sed utils guile perl gawk findutils gettext zip fastjar"
+ 
+ # libgcj represents the runtime libraries only used by gcj.
+-libgcj="target-libffi \
+-	target-boehm-gc \
++libgcj="target-boehm-gc \
+ 	target-zlib \
+ 	target-qthreads \
+ 	target-libjava"
+@@ -891,6 +890,7 @@
+ 		target-libstdc++-v3 \
+ 		target-libf2c \
+ 		${libgcj} \
++		target-libffi \
+ 		target-libobjc"
+ 
+ # these tools are built using the target libraries, and are intended to
diff --git a/hardened/toolchain/branches/gcc-glibc-nopie/sys-devel/gcc/files/3.4.3/libssp.patch b/hardened/toolchain/branches/gcc-glibc-nopie/sys-devel/gcc/files/3.4.3/libssp.patch
new file mode 100644
index 0000000..0f9608a
--- /dev/null
+++ b/hardened/toolchain/branches/gcc-glibc-nopie/sys-devel/gcc/files/3.4.3/libssp.patch
@@ -0,0 +1,51 @@
+--- gcc-3.4.3-ssp/gcc/gcc.c	2004-11-14 21:17:58.585438344 -0500
++++ gcc-3.4.3-ssp-libssp/gcc/gcc.c	2004-11-21 13:28:43.699379520 -0500
+@@ -711,7 +711,17 @@
+ static const char *link_gcc_c_sequence_spec = LINK_GCC_C_SEQUENCE_SPEC;
+ static const char *asm_spec = ASM_SPEC;
+ static const char *asm_final_spec = ASM_FINAL_SPEC;
++
++#if defined(_LIBSSP_PROVIDES_SSP_)
++#if defined(EFAULT_PIE_SSP) || defined(EFAULT_SSP)
++static const char *link_spec = LINK_SPEC " %{!fno-stack-protector|!fno-stack-protector-all:-lssp %{static: -lc}}";
++#else
++static const char *link_spec = LINK_SPEC " %{fstack-protector|fstack-protector-all:-lssp %{static: -lc}}";
++#endif // defined(EFAULT_PIE_SSP) || defined(EFAULT_SSP)
++#else 
+ static const char *link_spec = LINK_SPEC;
++#endif // defined(_LIBSSP_PROVIDES_SSP_)
++
+ static const char *lib_spec = LIB_SPEC;
+ static const char *libgcc_spec = LIBGCC_SPEC;
+ static const char *endfile_spec = ENDFILE_SPEC;
+diff -Nru gcc-3.4.3-ssp/gcc/libgcc-std.ver gcc-3.4.3-ssp-libssp/gcc/libgcc-std.ver
+--- gcc-3.4.3-ssp/gcc/libgcc-std.ver	2004-11-14 21:18:00.004222656 -0500
++++ gcc-3.4.3-ssp-libssp/gcc/libgcc-std.ver	2004-11-15 19:22:11.802713352 -0500
+@@ -175,7 +175,7 @@
+   _Unwind_SjLj_ForcedUnwind
+   _Unwind_SjLj_Resume
+ 
+-%if !defined(_LIBC_PROVIDES_SSP_)
++%if !defined(_LIBC_PROVIDES_SSP_) && !defined(_LIBSSP_PROVIDES_SSP_)
+   # stack smash handler symbols
+   __guard
+   __stack_smash_handler
+diff -Nru gcc-3.4.3-ssp/gcc/libgcc2.c gcc-3.4.3-ssp-libssp/gcc/libgcc2.c
+--- gcc-3.4.3-ssp/gcc/libgcc2.c	2004-11-14 21:18:00.004222656 -0500
++++ gcc-3.4.3-ssp-libssp/gcc/libgcc2.c	2004-11-15 19:24:58.428382400 -0500
+@@ -1680,7 +1680,7 @@
+ 
+ 
+ #ifdef L_stack_smash_handler
+-#ifndef _LIBC_PROVIDES_SSP_
++#if !defined(_LIBC_PROVIDES_SSP_) && !defined(_LIBSSP_PROVIDES_SSP_)
+ #include <stdio.h>
+ #include <string.h>
+ #include <fcntl.h>
+@@ -1797,5 +1797,5 @@
+ #endif
+   _exit (127);
+ }
+-#endif /* _LIBC_PROVIDES_SSP_ */
++#endif /* _LIBC_PROVIDES_SSP_ && _LIBSSP_PROVIDES_SSP_ */
+ #endif /* L_stack_smash_handler */
diff --git a/hardened/toolchain/branches/gcc-glibc-nopie/sys-devel/gcc/files/3.4.4/gcc-3.4.4-cross-compile.patch b/hardened/toolchain/branches/gcc-glibc-nopie/sys-devel/gcc/files/3.4.4/gcc-3.4.4-cross-compile.patch
new file mode 100644
index 0000000..0389543
--- /dev/null
+++ b/hardened/toolchain/branches/gcc-glibc-nopie/sys-devel/gcc/files/3.4.4/gcc-3.4.4-cross-compile.patch
@@ -0,0 +1,63 @@
+Some notes on the 'bootstrap with or without libc headers' debate:
+http://linuxfromscratch.org/pipermail/lfs-dev/2005-July/052409.html
+http://gcc.gnu.org/ml/gcc/2005-07/msg01195.html
+
+--- gcc/config/sh/linux.h
++++ gcc/config/sh/linux.h
+@@ -145,6 +145,7 @@
+ /* Do code reading to identify a signal frame, and set the frame
+    state data appropriately.  See unwind-dw2.c for the structs.  */
+ 
++#ifndef inhibit_libc
+ #ifdef IN_LIBGCC2
+ #include <signal.h>
+ #include <sys/ucontext.h>
+@@ -295,6 +296,7 @@
+ 
+ #endif /* defined (__SH5__) */
+ #endif /* IN_LIBGCC2 */
++#endif /* inhibit_libc */
+ 
+ /* For SH3 and SH4, we use a slot of the unwind frame which correspond
+    to a fake register number 16 as a placeholder for the return address
+--- gcc/config/i386/linux.h
++++ gcc/config/i386/linux.h
+@@ -208,6 +208,7 @@
+ /* Do code reading to identify a signal frame, and set the frame
+    state data appropriately.  See unwind-dw2.c for the structs.  */
+ 
++#ifndef inhibit_libc
+ #ifdef IN_LIBGCC2
+ /* There's no sys/ucontext.h for some (all?) libc1, so no
+    signal-turned-exceptions for them.  There's also no configure-run for
+@@ -272,3 +273,4 @@
+   } while (0)
+ #endif /* not USE_GNULIBC_1 */
+ #endif /* IN_LIBGCC2 */
++#endif /* inhibit_libc */
+--- gcc/config/alpha/linux.h
++++ gcc/config/alpha/linux.h
+@@ -73,6 +73,7 @@
+ /* Do code reading to identify a signal frame, and set the frame
+    state data appropriately.  See unwind-dw2.c for the structs.  */
+ 
++#ifndef inhibit_libc
+ #ifdef IN_LIBGCC2
+ #include <signal.h>
+ #include <sys/ucontext.h>
+@@ -122,3 +123,4 @@
+     (FS)->retaddr_column = 64;						\
+     goto SUCCESS;							\
+   } while (0)
++#endif /* inhibit_libc */
+--- gcc/config.gcc
++++ gcc/config.gcc
+@@ -321,7 +321,7 @@
+ 	need_64bit_hwint=yes
+ 	;;
+ # Note the 'l'; we need to be able to match e.g. "shle" or "shl".
+-sh[123456789l]*-*-*)
++sh[123456789lbe]*-*-*)
+ 	cpu_type=sh
+ 	need_64bit_hwint=yes
+ 	;;
diff --git a/hardened/toolchain/branches/gcc-glibc-nopie/sys-devel/gcc/files/3.4.4/gcc-3.4.4-softfloat.patch b/hardened/toolchain/branches/gcc-glibc-nopie/sys-devel/gcc/files/3.4.4/gcc-3.4.4-softfloat.patch
new file mode 100644
index 0000000..9646bed
--- /dev/null
+++ b/hardened/toolchain/branches/gcc-glibc-nopie/sys-devel/gcc/files/3.4.4/gcc-3.4.4-softfloat.patch
@@ -0,0 +1,156 @@
+The hunk for gcc/config/arm/t-linux comes from:
+http://gcc.gnu.org/PR14352
+
+The rest is a custom job by Yuri Vasilevski.
+
+The idea here is that we add soft float support into the spec file
+so that we don't have to worry about packages stripping out softfloat
+flags from CFLAGS/CXXFLAGS.
+
+http://bugs.gentoo.org/75585
+
+--- gcc-3.4.4/gcc/config/arm/coff.h
++++ gcc-3.4.4/gcc/config/arm/coff.h
+@@ -31,11 +31,16 @@
+ #define TARGET_VERSION fputs (" (ARM/coff)", stderr)
+ 
+ #undef  TARGET_DEFAULT
+-#define TARGET_DEFAULT (ARM_FLAG_SOFT_FLOAT | ARM_FLAG_APCS_32 | ARM_FLAG_APCS_FRAME | ARM_FLAG_MMU_TRAPS)
++#define TARGET_DEFAULT		\
++	( ARM_FLAG_SOFT_FLOAT	\
++	| ARM_FLAG_VFP		\
++	| ARM_FLAG_APCS_32	\
++	| ARM_FLAG_APCS_FRAME	\
++	| ARM_FLAG_MMU_TRAPS )
+ 
+ #ifndef MULTILIB_DEFAULTS
+ #define MULTILIB_DEFAULTS \
+-  { "marm", "mlittle-endian", "msoft-float", "mapcs-32", "mno-thumb-interwork" }
++  { "marm", "mlittle-endian", "mapcs-32", "mno-thumb-interwork" }
+ #endif
+ 
+ /* This is COFF, but prefer stabs.  */
+--- gcc-3.4.4/gcc/config/arm/elf.h
++++ gcc-3.4.4/gcc/config/arm/elf.h
+@@ -46,7 +46,9 @@
+ 
+ #ifndef SUBTARGET_ASM_FLOAT_SPEC
+ #define SUBTARGET_ASM_FLOAT_SPEC "\
+-%{mapcs-float:-mfloat} %{msoft-float:-mfpu=softfpa}"
++%{mapcs-float:-mfloat} \
++%{mhard-float:-mfpu=fpa} \
++%{!mhard-float: %{msoft-float:-mfpu=softvfp} %{!msoft-float:-mfpu=softvfp}}"
+ #endif
+ 
+ #ifndef ASM_SPEC
+@@ -106,12 +108,17 @@
+ #endif
+ 
+ #ifndef TARGET_DEFAULT
+-#define TARGET_DEFAULT (ARM_FLAG_SOFT_FLOAT | ARM_FLAG_APCS_32 | ARM_FLAG_APCS_FRAME | ARM_FLAG_MMU_TRAPS)
++#define TARGET_DEFAULT		\
++	(ARM_FLAG_SOFT_FLOAT	\
++	| ARM_FLAG_VFP		\
++	| ARM_FLAG_APCS_32	\
++	| ARM_FLAG_APCS_FRAME	\
++	| ARM_FLAG_MMU_TRAPS )
+ #endif
+ 
+ #ifndef MULTILIB_DEFAULTS
+ #define MULTILIB_DEFAULTS \
+-  { "marm", "mlittle-endian", "msoft-float", "mapcs-32", "mno-thumb-interwork", "fno-leading-underscore" }
++  { "marm", "mlittle-endian", "mapcs-32", "mno-thumb-interwork", "fno-leading-underscore" }
+ #endif
+ 
+ #define TARGET_ASM_FILE_START_APP_OFF true
+--- gcc-3.4.4/gcc/config/arm/linux-elf.h
++++ gcc-3.4.4/gcc/config/arm/linux-elf.h
+@@ -44,20 +44,33 @@
+ #define TARGET_LINKER_EMULATION "armelf_linux"
+ #endif
+ 
+-/* Default is to use APCS-32 mode.  */
++/*
++ * Default is to use APCS-32 mode with soft-vfp.
++ * The old Linux default for floats can be achieved with -mhard-float
++ * or with the configure --with-float=hard option.
++ * If -msoft-float or --with-float=soft is used then software float
++ * support will be used just like the default but with the legacy
++ * big endian word ordering for double float representation instead.
++ */
+ #undef  TARGET_DEFAULT
+ #define TARGET_DEFAULT \
+ 		( ARM_FLAG_APCS_32 | \
++		  ARM_FLAG_SOFT_FLOAT | \
++		  ARM_FLAG_VFP | \
+ 		  ARM_FLAG_MMU_TRAPS | \
+ 		  TARGET_ENDIAN_DEFAULT )
+ 
++#undef  SUBTARGET_EXTRA_ASM_SPEC
++#define SUBTARGET_EXTRA_ASM_SPEC "%{mhard-float:-mfpu=fpa} \
++%{!mhard-float: %{msoft-float:-mfpu=softvfp} %{!msoft-float:-mfpu=softvfp}}"
++
+ #define SUBTARGET_CPU_DEFAULT TARGET_CPU_arm6
+ 
+ #define SUBTARGET_EXTRA_LINK_SPEC " -m " TARGET_LINKER_EMULATION " -p"
+ 
+ #undef  MULTILIB_DEFAULTS
+ #define MULTILIB_DEFAULTS \
+-	{ "marm", TARGET_ENDIAN_OPTION, "mhard-float", "mapcs-32", "mno-thumb-interwork" }
++	{ "marm", TARGET_ENDIAN_OPTION, "mapcs-32", "mno-thumb-interwork" }
+ 
+ #define CPP_APCS_PC_DEFAULT_SPEC "-D__APCS_32__"
+ 
+@@ -72,7 +85,7 @@
+    %{shared:-lc} \
+    %{!shared:%{profile:-lc_p}%{!profile:-lc}}"
+ 
+-#define LIBGCC_SPEC "%{msoft-float:-lfloat} -lgcc"
++#define LIBGCC_SPEC "-lgcc"
+ 
+ /* Provide a STARTFILE_SPEC appropriate for GNU/Linux.  Here we add
+    the GNU/Linux magical crtbegin.o file (see crtstuff.c) which
+--- gcc-3.4.4/gcc/config/arm/t-linux
++++ gcc-3.4.4/gcc/config/arm/t-linux
+@@ -4,7 +4,10 @@
+ LIBGCC2_DEBUG_CFLAGS = -g0
+ 
+ LIB1ASMSRC = arm/lib1funcs.asm
+-LIB1ASMFUNCS = _udivsi3 _divsi3 _umodsi3 _modsi3 _dvmd_lnx
++LIB1ASMFUNCS = _udivsi3 _divsi3 _umodsi3 _modsi3 _dvmd_lnx \
++	_negdf2 _addsubdf3 _muldivdf3 _cmpdf2 _unorddf2 _fixdfsi _fixunsdfsi \
++	_truncdfsf2 _negsf2 _addsubsf3 _muldivsf3 _cmpsf2 _unordsf2 \
++	_fixsfsi _fixunssfsi
+ 
+ # MULTILIB_OPTIONS = mhard-float/msoft-float
+ # MULTILIB_DIRNAMES = hard-float soft-float
+--- gcc-3.4.4/gcc/config/arm/unknown-elf.h
++++ gcc-3.4.4/gcc/config/arm/unknown-elf.h
+@@ -30,7 +30,12 @@
+ 
+ /* Default to using APCS-32 and software floating point.  */
+ #ifndef TARGET_DEFAULT
+-#define TARGET_DEFAULT	(ARM_FLAG_SOFT_FLOAT | ARM_FLAG_APCS_32 | ARM_FLAG_APCS_FRAME | ARM_FLAG_MMU_TRAPS)
++#define TARGET_DEFAULT		\
++	( ARM_FLAG_SOFT_FLOAT	\
++	| ARM_FLAG_VFP		\
++	| ARM_FLAG_APCS_32 	\
++	| ARM_FLAG_APCS_FRAME 	\
++	| ARM_FLAG_MMU_TRAPS )
+ #endif
+ 
+ /* Now we define the strings used to build the spec file.  */
+--- gcc-3.4.4/gcc/config/arm/xscale-elf.h
++++ gcc-3.4.4/gcc/config/arm/xscale-elf.h
+@@ -51,9 +51,9 @@
+ 		     
+ #define SUBTARGET_EXTRA_ASM_SPEC "%{!mcpu=*:-mcpu=xscale} \
+   %{mhard-float:-mfpu=fpa} \
+-  %{!mhard-float: %{msoft-float:-mfpu=softfpa;:-mfpu=softvfp}}"
++  %{!mhard-float: %{msoft-float:-mfpu=softvfp} %{!msoft-float:-mfpu=softvfp}}"
+ 
+ #ifndef MULTILIB_DEFAULTS
+ #define MULTILIB_DEFAULTS \
+-  { "mlittle-endian", "mno-thumb-interwork", "marm", "msoft-float" }
++  { "mlittle-endian", "mno-thumb-interwork", "marm" }
+ #endif
diff --git a/hardened/toolchain/branches/gcc-glibc-nopie/sys-devel/gcc/files/4.0.2/gcc-4.0.2-cc1-no-stack-protector.patch b/hardened/toolchain/branches/gcc-glibc-nopie/sys-devel/gcc/files/4.0.2/gcc-4.0.2-cc1-no-stack-protector.patch
new file mode 100644
index 0000000..46c4879
--- /dev/null
+++ b/hardened/toolchain/branches/gcc-glibc-nopie/sys-devel/gcc/files/4.0.2/gcc-4.0.2-cc1-no-stack-protector.patch
@@ -0,0 +1,11 @@
+--- gcc/Makefile.in.orig	2006-10-04 07:31:01 +0000
++++ gcc/Makefile.in	2006-10-04 07:32:45 +0000
+@@ -2498,7 +2498,7 @@
+    output.h $(INSN_ATTR_H) $(SYSTEM_H) toplev.h $(TARGET_H) libfuncs.h \
+    $(TARGET_DEF_H) function.h $(SCHED_INT_H) $(TM_P_H) $(EXPR_H) $(OPTABS_H) \
+    langhooks.h
+-	$(CC) -c $(ALL_CFLAGS) $(ALL_CPPFLAGS) \
++	$(CC) -c $(ALL_CFLAGS) -fno-stack-protector $(ALL_CPPFLAGS) \
+ 		$(out_file) $(OUTPUT_OPTION)
+ 
+ # Build auxiliary files that support ecoff format.
diff --git a/hardened/toolchain/branches/gcc-glibc-nopie/sys-devel/gcc/files/4.0.2/gcc-4.0.2-softfloat.patch b/hardened/toolchain/branches/gcc-glibc-nopie/sys-devel/gcc/files/4.0.2/gcc-4.0.2-softfloat.patch
new file mode 100644
index 0000000..e49fea6
--- /dev/null
+++ b/hardened/toolchain/branches/gcc-glibc-nopie/sys-devel/gcc/files/4.0.2/gcc-4.0.2-softfloat.patch
@@ -0,0 +1,84 @@
+The hunk for gcc/config/arm/t-linux comes from:
+http://gcc.gnu.org/PR14352
+
+The rest is a custom job by Yuri Vasilevski.
+
+The idea here is that we add soft float support into the spec file
+so that we don't have to worry about packages stripping out softfloat
+flags from CFLAGS/CXXFLAGS.
+
+http://bugs.gentoo.org/75585
+
+--- gcc-4.0.2/gcc/config/arm/elf.h
++++ gcc-4.0.2/gcc/config/arm/elf.h
+@@ -45,8 +45,9 @@
+ #endif
+ 
+ #ifndef SUBTARGET_ASM_FLOAT_SPEC
+-#define SUBTARGET_ASM_FLOAT_SPEC "\
+-%{mapcs-float:-mfloat}"
++#define SUBTARGET_ASM_FLOAT_SPEC "%{mapcs-float:-mfloat} \
++  %{mhard-float:-mfpu=fpa} \
++  %{!mhard-float: %{msoft-float:-mfpu=softfpa;:-mfpu=softvfp}}"
+ #endif
+ 
+ #ifndef ASM_SPEC
+@@ -58,8 +59,6 @@
+ %{mapcs-*:-mapcs-%*} \
+ %(subtarget_asm_float_spec) \
+ %{mthumb-interwork:-mthumb-interwork} \
+-%{msoft-float:-mfloat-abi=soft} %{mhard-float:-mfloat-abi=hard} \
+-%{mfloat-abi=*} %{mfpu=*} \
+ %(subtarget_extra_asm_spec)"
+ #endif
+ 
+--- gcc-4.0.2/gcc/config/arm/linux-elf.h
++++ gcc-4.0.2/gcc/config/arm/linux-elf.h
+@@ -32,18 +32,22 @@
+ #endif
+ 
+ #undef  TARGET_DEFAULT_FLOAT_ABI
+-#define TARGET_DEFAULT_FLOAT_ABI ARM_FLOAT_ABI_HARD
++#define TARGET_DEFAULT_FLOAT_ABI ARM_FLOAT_ABI_SOFT
+ 
+ #undef  TARGET_DEFAULT
+ #define TARGET_DEFAULT (TARGET_ENDIAN_DEFAULT)
+ 
++#undef  SUBTARGET_EXTRA_ASM_SPEC
++#define SUBTARGET_EXTRA_ASM_SPEC "%{mhard-float:-mfpu=fpa} \
++  %{!mhard-float: %{msoft-float:-mfpu=softfpa;:-mfpu=softvfp}}"
++
+ #define SUBTARGET_CPU_DEFAULT TARGET_CPU_arm6
+ 
+ #define SUBTARGET_EXTRA_LINK_SPEC " -m " TARGET_LINKER_EMULATION " -p"
+ 
+ #undef  MULTILIB_DEFAULTS
+ #define MULTILIB_DEFAULTS \
+-	{ "marm", TARGET_ENDIAN_OPTION, "mhard-float", "mno-thumb-interwork" }
++	{ "marm", TARGET_ENDIAN_OPTION, "msoft-float", "mno-thumb-interwork" }
+ 
+ /* The GNU C++ standard library requires that these macros be defined.  */
+ #undef CPLUSPLUS_CPP_SPEC
+@@ -56,7 +60,7 @@
+    %{shared:-lc} \
+    %{!shared:%{profile:-lc_p}%{!profile:-lc}}"
+ 
+-#define LIBGCC_SPEC "%{msoft-float:-lfloat} %{mfloat-abi=soft*:-lfloat} -lgcc"
++#define LIBGCC_SPEC "-lgcc"
+ 
+ /* Provide a STARTFILE_SPEC appropriate for GNU/Linux.  Here we add
+    the GNU/Linux magical crtbegin.o file (see crtstuff.c) which
+--- gcc-4.0.2/gcc/config/arm/t-linux
++++ gcc-4.0.2/gcc/config/arm/t-linux
+@@ -4,7 +4,10 @@ TARGET_LIBGCC2_CFLAGS = -fomit-frame-poi
+ LIBGCC2_DEBUG_CFLAGS = -g0
+ 
+ LIB1ASMSRC = arm/lib1funcs.asm
+-LIB1ASMFUNCS = _udivsi3 _divsi3 _umodsi3 _modsi3 _dvmd_lnx
++LIB1ASMFUNCS = _udivsi3 _divsi3 _umodsi3 _modsi3 _dvmd_lnx \
++	_negdf2 _addsubdf3 _muldivdf3 _cmpdf2 _unorddf2 _fixdfsi _fixunsdfsi \
++	_truncdfsf2 _negsf2 _addsubsf3 _muldivsf3 _cmpsf2 _unordsf2 \
++	_fixsfsi _fixunssfsi _floatdidf _floatdisf
+ 
+ # MULTILIB_OPTIONS = mhard-float/msoft-float
+ # MULTILIB_DIRNAMES = hard-float soft-float
diff --git a/hardened/toolchain/branches/gcc-glibc-nopie/sys-devel/gcc/files/4.1.0/gcc-4.1.0-cross-compile.patch b/hardened/toolchain/branches/gcc-glibc-nopie/sys-devel/gcc/files/4.1.0/gcc-4.1.0-cross-compile.patch
new file mode 100644
index 0000000..523caa4
--- /dev/null
+++ b/hardened/toolchain/branches/gcc-glibc-nopie/sys-devel/gcc/files/4.1.0/gcc-4.1.0-cross-compile.patch
@@ -0,0 +1,40 @@
+Some notes on the 'bootstrap with or without libc headers' debate:
+http://linuxfromscratch.org/pipermail/lfs-dev/2005-July/052409.html
+http://gcc.gnu.org/ml/gcc/2005-07/msg01195.html
+
+--- gcc/unwind-dw2.c
++++ gcc/unwind-dw2.c
+@@ -253,9 +253,11 @@
+ }
+ #endif
+ 
++#ifndef inhibit_libc
+ #ifdef MD_UNWIND_SUPPORT
+ #include MD_UNWIND_SUPPORT
+ #endif
++#endif
+ 
+ /* Extract any interesting information from the CIE for the translation
+    unit F belongs to.  Return a pointer to the byte after the augmentation,
+--- gcc/configure
++++ gcc/configure
+@@ -12857,7 +12857,7 @@ then
+ 	    | powerpc*-*-*,powerpc64*-*-*)
+ 		CROSS="$CROSS -DNATIVE_CROSS" ;;
+ 	esac
+-elif test "x$TARGET_SYSTEM_ROOT" != x; then
++elif test "x$TARGET_SYSTEM_ROOT" != x -o $build != $host; then
+         SYSTEM_HEADER_DIR=$build_system_header_dir
+ fi
+ 
+--- gcc/configure.ac
++++ gcc/configure.ac
+@@ -1717,7 +1717,7 @@ then
+ 	    | powerpc*-*-*,powerpc64*-*-*)
+ 		CROSS="$CROSS -DNATIVE_CROSS" ;;
+ 	esac
+-elif test "x$TARGET_SYSTEM_ROOT" != x; then
++elif test "x$TARGET_SYSTEM_ROOT" != x -o $build != $host; then
+         SYSTEM_HEADER_DIR=$build_system_header_dir 
+ fi
+ 
diff --git a/hardened/toolchain/branches/gcc-glibc-nopie/sys-devel/gcc/files/4.1.0/gcc-4.1.0-fast-math-i386-Os-workaround.patch b/hardened/toolchain/branches/gcc-glibc-nopie/sys-devel/gcc/files/4.1.0/gcc-4.1.0-fast-math-i386-Os-workaround.patch
new file mode 100644
index 0000000..6090d66
--- /dev/null
+++ b/hardened/toolchain/branches/gcc-glibc-nopie/sys-devel/gcc/files/4.1.0/gcc-4.1.0-fast-math-i386-Os-workaround.patch
@@ -0,0 +1,64 @@
+workaround for lame stack packing on i386 ...
+
+	- build gcc with -Os (crtfastmath.o to be specific)
+	- crtfastmath.o is installed into gcc libdir
+	- run gcc with -ffast-math and get crtfastmath.o linked in
+	- resulting compiled app segfaults due to init code in
+	  crtfastmath.o that has mis-aligned structure on stack
+
+http://bugs.gentoo.org/147020
+http://gcc.gnu.org/PR28621
+
+this is supposed to be fixed in current 4.1 branch, but i'm unable to get
+the fix to work so until i can figure out what i'm doing wrong, we'll use
+this workaround for now.
+
+--- gcc-4.1.1/gcc/config/i386/crtfastmath.c
++++ gcc-4.1.1/gcc/config/i386/crtfastmath.c
+@@ -37,6 +37,23 @@
+ #define FXSAVE	(1 << 24)
+ #define SSE	(1 << 25)
+ 
++struct
++{
++	unsigned short int cwd;
++	unsigned short int swd;
++	unsigned short int twd;
++	unsigned short int fop;
++	long int fip;
++	long int fcs;
++	long int foo;
++	long int fos;
++	long int mxcsr;
++	long int mxcsr_mask;
++	long int st_space[32];
++	long int xmm_space[32];
++	long int padding[56];
++} __attribute__ ((aligned (16))) fxsave;
++
+ static void __attribute__((constructor))
+ set_fast_math (void)
+ {
+@@ -75,22 +92,6 @@
+       if (edx & FXSAVE)
+ 	{
+ 	  /* Check if DAZ is available.  */
+-	  struct
+-	    {
+-	      unsigned short int cwd;
+-	      unsigned short int swd;
+-	      unsigned short int twd;
+-	      unsigned short int fop;
+-	      long int fip;
+-	      long int fcs;
+-	      long int foo;
+-	      long int fos;
+-	      long int mxcsr;
+-	      long int mxcsr_mask;
+-	      long int st_space[32];
+-	      long int xmm_space[32];
+-	      long int padding[56];
+-	    } __attribute__ ((aligned (16))) fxsave;
+ 
+ 	  __builtin_memset (&fxsave, 0, sizeof (fxsave));
+ 
diff --git a/hardened/toolchain/branches/gcc-glibc-nopie/sys-devel/gcc/files/awk/fixlafiles.awk b/hardened/toolchain/branches/gcc-glibc-nopie/sys-devel/gcc/files/awk/fixlafiles.awk
new file mode 100644
index 0000000..c4798f2
--- /dev/null
+++ b/hardened/toolchain/branches/gcc-glibc-nopie/sys-devel/gcc/files/awk/fixlafiles.awk
@@ -0,0 +1,314 @@
+# Copyright 1999-2005 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-devel/gcc/files/awk/fixlafiles.awk,v 1.14 2005/09/24 07:31:28 vapier Exp $
+
+#
+# Helper functions
+#
+function printn(string) {
+	system("echo -n \"" string "\"")
+}
+function einfo(string) {
+	system("echo -e \" \\e[32;01m*\\e[0m " string "\"")
+}
+function einfon(string) {
+	system("echo -ne \" \\e[32;01m*\\e[0m " string "\"")
+}
+function ewarn(string) {
+	system("echo -e \" \\e[33;01m*\\e[0m " string "\"")
+}
+function ewarnn(string) {
+	system("echo -ne \" \\e[33;01m*\\e[0m " string "\"")
+}
+function eerror(string) {
+	system("echo -e \" \\e[31;01m*\\e[0m " string "\"")
+}
+
+#
+# assert(condition, errmsg)
+#   assert that a condition is true.  Otherwise exit.
+#
+function assert(condition, string) {
+	if (! condition) {
+		printf("%s:%d: assertion failed: %s\n",
+		       FILENAME, FNR, string) > "/dev/stderr"
+		_assert_exit = 1
+		exit 1
+	}
+}
+
+#
+# system(command, return)
+#   wrapper that normalizes return codes ...
+#
+function dosystem(command, ret) {
+	ret = 0
+	ret = system(command)
+	if (ret == 0)
+		return 1
+	else
+		return 0
+}
+
+BEGIN {
+	#
+	# Get our variables from environment
+	#
+	OLDVER = ENVIRON["OLDVER"]
+	OLDCHOST = ENVIRON["OLDCHOST"]
+
+	if (OLDVER == "") {
+		eerror("Could not get OLDVER!");
+		exit 1
+	}
+
+	# Setup some sane defaults
+	LIBCOUNT = 2
+	HAVE_GCC34 = 0
+	DIRLIST[1] = "/lib"
+	DIRLIST[2] = "/usr/lib"
+
+	#
+	# Walk /etc/ld.so.conf to discover all our library paths
+	#
+	pipe = "cat /etc/ld.so.conf | sort 2>/dev/null"
+	while(((pipe) | getline ldsoconf_data) > 0) {
+		if (ldsoconf_data !~ /^[[:space:]]*#/) {
+			if (ldsoconf_data == "") continue
+
+			# Remove any trailing comments
+			sub(/#.*$/, "", ldsoconf_data)
+			# Remove any trailing spaces
+			sub(/[[:space:]]+$/, "", ldsoconf_data)
+
+			# If there's more than one path per line, split 
+			# it up as if they were sep lines
+			split(ldsoconf_data, nodes, /[:,[:space:]]/)
+
+			# Now add the rest from ld.so.conf
+			for (x in nodes) {
+				# wtf does this line do ?
+				sub(/=.*/, "", nodes[x])
+				# Prune trailing /
+				sub(/\/$/, "", nodes[x])
+
+				if (nodes[x] == "") continue
+
+				#
+				# Drop the directory if its a child directory of
+				# one that was already added ...
+				# For example, if we have:
+				#   /usr/lib /usr/libexec /usr/lib/mozilla /usr/lib/nss
+				# We really just want to save /usr/lib /usr/libexec
+				#
+				CHILD = 0
+				for (y in DIRLIST) {
+					if (nodes[x] ~ "^" DIRLIST[y] "(/|$)") {
+						CHILD = 1
+						break
+					}
+				}
+				if (CHILD) continue
+
+				DIRLIST[++LIBCOUNT] = nodes[x]
+			}
+		}
+	}
+	close(pipe)
+
+	#
+	# Get line from gcc's output containing CHOST
+	#
+	pipe = "gcc -print-file-name=libgcc.a 2>/dev/null"
+	if ((!((pipe) | getline TMP_CHOST)) || (TMP_CHOST == "")) {
+		close(pipe)
+
+		# If we fail to get the CHOST, see if we can get the CHOST
+		# portage thinks we are using ...
+		pipe = "/usr/bin/portageq envvar 'CHOST'"
+		assert(((pipe) | getline CHOST), "(" pipe ") | getline CHOST")
+	} else {
+		# Check pre gcc-3.4.x versions
+		CHOST = gensub("^.+lib/gcc-lib/([^/]+)/[0-9]+.+$", "\\1", 1, TMP_CHOST)
+
+		if (CHOST == TMP_CHOST || CHOST == "") {
+			# Check gcc-3.4.x or later
+			CHOST = gensub("^.+lib/gcc/([^/]+)/[0-9]+.+$", "\\1", 1, TMP_CHOST);
+
+			if (CHOST == TMP_CHOST || CHOST == "")
+				CHOST = ""
+			else
+				HAVE_GCC34 = 1
+		}
+	}
+	close(pipe)
+
+	if (CHOST == "") {
+		eerror("Could not get gcc's CHOST!")
+		exit 1
+	}
+
+	if (OLDCHOST != "")
+		if (OLDCHOST == CHOST)
+			OLDCHOST = ""
+
+	GCCLIBPREFIX_OLD = "/usr/lib/gcc-lib/"
+	GCCLIBPREFIX_NEW = "/usr/lib/gcc/"
+
+	if (HAVE_GCC34)
+		GCCLIBPREFIX = GCCLIBPREFIX_NEW
+	else
+		GCCLIBPREFIX = GCCLIBPREFIX_OLD
+
+	GCCLIB = GCCLIBPREFIX CHOST
+
+	if (OLDCHOST != "") {
+		OLDGCCLIB1 = GCCLIBPREFIX_OLD OLDCHOST
+		OLDGCCLIB2 = GCCLIBPREFIX_NEW OLDCHOST
+	}
+
+	# Get current gcc's version
+	pipe = "gcc -dumpversion"
+	assert(((pipe) | getline NEWVER), "(" pipe ") | getline NEWVER)")
+	close(pipe)
+
+	if (NEWVER == "") {
+		eerror("Could not get gcc's version!")
+		exit 1
+	}
+
+	# Nothing to do ?
+	if ((OLDVER == NEWVER) && (OLDCHOST == ""))
+		exit 0
+
+	#
+	# Ok, now let's scan for the .la files and actually fix them up
+	#
+	for (x = 1; x <= LIBCOUNT; x++) {
+		# Do nothing if the target dir is gcc's internal library path
+		if (DIRLIST[x] ~ GCCLIBPREFIX_OLD ||
+		    DIRLIST[x] ~ GCCLIBPREFIX_NEW)
+			continue
+
+		einfo("  [" x "/" LIBCOUNT "] Scanning " DIRLIST[x] " ...")
+
+		pipe = "find " DIRLIST[x] "/ -name '*.la' 2>/dev/null"
+		while (((pipe) | getline la_files) > 0) {
+
+			# Do nothing if the .la file is located in gcc's internal lib path
+			if (la_files ~ GCCLIBPREFIX_OLD ||
+			    la_files ~ GCCLIBPREFIX_NEW)
+				continue
+
+			CHANGED = 0
+			CHOST_CHANGED = 0
+
+			# See if we need to fix the .la file
+			while ((getline la_data < (la_files)) > 0) {
+				if (OLDCHOST != "") {
+					if ((gsub(OLDGCCLIB1 "[/[:space:]]+",
+					          GCCLIB, la_data) > 0) ||
+					    (gsub(OLDGCCLIB2 "[/[:space:]]+",
+					          GCCLIB, la_data) > 0)) {
+						CHANGED = 1
+						CHOST_CHANGED = 1
+					}
+				}
+				if (OLDVER != NEWVER) {
+					if ((gsub(GCCLIBPREFIX_OLD CHOST "/" OLDVER "[/[:space:]]*",
+					          GCCLIB "/" NEWVER, la_data) > 0) ||
+					    (gsub(GCCLIBPREFIX_NEW CHOST "/" OLDVER "[/[:space:]]*",
+					          GCCLIB "/" NEWVER, la_data) > 0))
+						CHANGED = 1
+				}
+			}
+			close(la_files)
+
+			# Do the actual changes in a second loop, as we can then
+			# verify that CHOST_CHANGED among things is correct ...
+			if (CHANGED) {
+				ewarnn("    FIXING: " la_files " ...")
+
+				if (CHANGED)
+					printn("[")
+
+				# Clear the temp file (removing rather than '>foo' is better
+				# out of a security point of view?)
+				dosystem("rm -f " la_files ".new")
+
+				while ((getline la_data < (la_files)) > 0) {
+					if (OLDCHOST != "") {
+						tmpstr = gensub(OLDGCCLIB1 "([/[:space:]]+)",
+						                GCCLIB "\\1", "g", la_data)
+						tmpstr = gensub(OLDGCCLIB2 "([/[:space:]]+)",
+						                GCCLIB "\\1", "g", tmpstr)
+
+						if (la_data != tmpstr) {
+							printn("c")
+							la_data = tmpstr
+						}
+
+						if (CHOST_CHANGED > 0) {
+							# We try to be careful about CHOST changes outside
+							# the gcc library path (meaning we cannot match it
+							# via /GCCLIBPREFIX CHOST/) ...
+
+							# Catch:
+							#
+							#  dependency_libs=' -L/usr/CHOST/{bin,lib}'
+							#
+							gsub("-L/usr/" OLDCHOST "/",
+							     "-L/usr/" CHOST "/", la_data)
+							# Catch:
+							#
+							#  dependency_libs=' -L/usr/lib/gcc-lib/CHOST/VER/../../../../CHOST/lib'
+							#
+							la_data = gensub("(" GCCLIB "/[^[:space:]]+)/" OLDCHOST "/",
+							                 "\\1/" CHOST "/", "g", la_data)
+						}
+					}
+
+					if (OLDVER != NEWVER) {
+						# Catch:
+						#
+						#  dependency_libs=' -L/usr/lib/gcc/CHOST/VER'
+						#
+						tmpstr = gensub(GCCLIBPREFIX_OLD CHOST "/" OLDVER "([/[:space:]]+)",
+						                GCCLIB "/" NEWVER "\\1", "g", la_data)
+						tmpstr = gensub(GCCLIBPREFIX_NEW CHOST "/" OLDVER "([/[:space:]]+)",
+						                GCCLIB "/" NEWVER "\\1", "g", tmpstr)
+
+						if (la_data != tmpstr) {
+							# Catch:
+							#
+							#  dependency_libs=' -L/usr/lib/gcc-lib/../../CHOST/lib'
+							#
+							# in cases where we have gcc34
+							tmpstr = gensub(GCCLIBPREFIX_OLD "(../../" CHOST "/lib)",
+							                GCCLIBPREFIX "\\1", "g", tmpstr)
+							tmpstr = gensub(GCCLIBPREFIX_NEW "(../../" CHOST "/lib)",
+							                GCCLIBPREFIX "\\1", "g", tmpstr)
+							printn("v")
+							la_data = tmpstr
+						}
+					}
+
+					print la_data >> (la_files ".new")
+				}
+
+				if (CHANGED)
+					print "]"
+
+				close(la_files)
+				close(la_files ".new")
+
+				assert(dosystem("mv -f " la_files ".new " la_files),
+				       "dosystem(\"mv -f " la_files ".new " la_files "\")")
+			}
+		}
+
+		close(pipe)
+	}
+}
+
+# vim:ts=4
diff --git a/hardened/toolchain/branches/gcc-glibc-nopie/sys-devel/gcc/files/awk/fixlafiles.awk-no_gcc_la b/hardened/toolchain/branches/gcc-glibc-nopie/sys-devel/gcc/files/awk/fixlafiles.awk-no_gcc_la
new file mode 100644
index 0000000..fb4778c
--- /dev/null
+++ b/hardened/toolchain/branches/gcc-glibc-nopie/sys-devel/gcc/files/awk/fixlafiles.awk-no_gcc_la
@@ -0,0 +1,330 @@
+# Copyright 1999-2005 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-devel/gcc/files/awk/fixlafiles.awk-no_gcc_la,v 1.2 2006/05/15 00:17:46 vapier Exp $
+
+#
+# Helper functions
+#
+function printn(string) {
+	system("echo -n \"" string "\"")
+}
+function einfo(string) {
+	system("echo -e \" \\e[32;01m*\\e[0m " string "\"")
+}
+function einfon(string) {
+	system("echo -ne \" \\e[32;01m*\\e[0m " string "\"")
+}
+function ewarn(string) {
+	system("echo -e \" \\e[33;01m*\\e[0m " string "\"")
+}
+function ewarnn(string) {
+	system("echo -ne \" \\e[33;01m*\\e[0m " string "\"")
+}
+function eerror(string) {
+	system("echo -e \" \\e[31;01m*\\e[0m " string "\"")
+}
+
+#
+# assert(condition, errmsg)
+#   assert that a condition is true.  Otherwise exit.
+#
+function assert(condition, string) {
+	if (! condition) {
+		printf("%s:%d: assertion failed: %s\n",
+		       FILENAME, FNR, string) > "/dev/stderr"
+		_assert_exit = 1
+		exit 1
+	}
+}
+
+#
+# system(command, return)
+#   wrapper that normalizes return codes ...
+#
+function dosystem(command, ret) {
+	ret = 0
+	ret = system(command)
+	if (ret == 0)
+		return 1
+	else
+		return 0
+}
+
+BEGIN {
+	#
+	# Get our variables from environment
+	#
+	OLDVER = ENVIRON["OLDVER"]
+	OLDCHOST = ENVIRON["OLDCHOST"]
+
+	if (OLDVER == "") {
+		eerror("Could not get OLDVER!");
+		exit 1
+	}
+
+	# Setup some sane defaults
+	LIBCOUNT = 2
+	HAVE_GCC34 = 0
+	DIRLIST[1] = "/lib"
+	DIRLIST[2] = "/usr/lib"
+
+	#
+	# Walk /etc/ld.so.conf to discover all our library paths
+	#
+	pipe = "cat /etc/ld.so.conf | sort 2>/dev/null"
+	while(((pipe) | getline ldsoconf_data) > 0) {
+		if (ldsoconf_data !~ /^[[:space:]]*#/) {
+			if (ldsoconf_data == "") continue
+
+			# Remove any trailing comments
+			sub(/#.*$/, "", ldsoconf_data)
+			# Remove any trailing spaces
+			sub(/[[:space:]]+$/, "", ldsoconf_data)
+
+			# If there's more than one path per line, split 
+			# it up as if they were sep lines
+			split(ldsoconf_data, nodes, /[:,[:space:]]/)
+
+			# Now add the rest from ld.so.conf
+			for (x in nodes) {
+				# wtf does this line do ?
+				sub(/=.*/, "", nodes[x])
+				# Prune trailing /
+				sub(/\/$/, "", nodes[x])
+
+				if (nodes[x] == "") continue
+
+				#
+				# Drop the directory if its a child directory of
+				# one that was already added ...
+				# For example, if we have:
+				#   /usr/lib /usr/libexec /usr/lib/mozilla /usr/lib/nss
+				# We really just want to save /usr/lib /usr/libexec
+				#
+				CHILD = 0
+				for (y in DIRLIST) {
+					if (nodes[x] ~ "^" DIRLIST[y] "(/|$)") {
+						CHILD = 1
+						break
+					}
+				}
+				if (CHILD) continue
+
+				DIRLIST[++LIBCOUNT] = nodes[x]
+			}
+		}
+	}
+	close(pipe)
+
+	#
+	# Get line from gcc's output containing CHOST
+	#
+	pipe = "gcc -print-file-name=libgcc.a 2>/dev/null"
+	if ((!((pipe) | getline TMP_CHOST)) || (TMP_CHOST == "")) {
+		close(pipe)
+
+		# If we fail to get the CHOST, see if we can get the CHOST
+		# portage thinks we are using ...
+		pipe = "/usr/bin/portageq envvar 'CHOST'"
+		assert(((pipe) | getline CHOST), "(" pipe ") | getline CHOST")
+	} else {
+		# Check pre gcc-3.4.x versions
+		CHOST = gensub("^.+lib/gcc-lib/([^/]+)/[0-9]+.+$", "\\1", 1, TMP_CHOST)
+
+		if (CHOST == TMP_CHOST || CHOST == "") {
+			# Check gcc-3.4.x or later
+			CHOST = gensub("^.+lib/gcc/([^/]+)/[0-9]+.+$", "\\1", 1, TMP_CHOST);
+
+			if (CHOST == TMP_CHOST || CHOST == "")
+				CHOST = ""
+			else
+				HAVE_GCC34 = 1
+		}
+	}
+	close(pipe)
+
+	if (CHOST == "") {
+		eerror("Could not get gcc's CHOST!")
+		exit 1
+	}
+
+	if (OLDCHOST != "")
+		if (OLDCHOST == CHOST)
+			OLDCHOST = ""
+
+	GCCLIBPREFIX_OLD = "/usr/lib/gcc-lib/"
+	GCCLIBPREFIX_NEW = "/usr/lib/gcc/"
+
+	if (HAVE_GCC34)
+		GCCLIBPREFIX = GCCLIBPREFIX_NEW
+	else
+		GCCLIBPREFIX = GCCLIBPREFIX_OLD
+
+	GCCLIB = GCCLIBPREFIX CHOST
+
+	if (OLDCHOST != "") {
+		OLDGCCLIB1 = GCCLIBPREFIX_OLD OLDCHOST
+		OLDGCCLIB2 = GCCLIBPREFIX_NEW OLDCHOST
+	}
+
+	# Get current gcc's version
+	pipe = "gcc -dumpversion"
+	assert(((pipe) | getline NEWVER), "(" pipe ") | getline NEWVER)")
+	close(pipe)
+
+	if (NEWVER == "") {
+		eerror("Could not get gcc's version!")
+		exit 1
+	}
+
+	# Nothing to do ?
+	# NB: Do not check for (OLDVER == NEWVER) anymore, as we might need to
+	#     replace libstdc++.la ....
+	if ((OLDVER == "") && (OLDCHOST == ""))
+		exit 0
+
+	#
+	# Ok, now let's scan for the .la files and actually fix them up
+	#
+	for (x = 1; x <= LIBCOUNT; x++) {
+		# Do nothing if the target dir is gcc's internal library path
+		if (DIRLIST[x] ~ GCCLIBPREFIX_OLD ||
+		    DIRLIST[x] ~ GCCLIBPREFIX_NEW)
+			continue
+
+		einfo("  [" x "/" LIBCOUNT "] Scanning " DIRLIST[x] " ...")
+
+		pipe = "find " DIRLIST[x] "/ -name '*.la' 2>/dev/null"
+		while (((pipe) | getline la_files) > 0) {
+
+			# Do nothing if the .la file is located in gcc's internal lib path
+			if (la_files ~ GCCLIBPREFIX_OLD ||
+			    la_files ~ GCCLIBPREFIX_NEW)
+				continue
+
+			CHANGED = 0
+			CHOST_CHANGED = 0
+
+			# See if we need to fix the .la file
+			while ((getline la_data < (la_files)) > 0) {
+				if (OLDCHOST != "") {
+					if ((gsub(OLDGCCLIB1 "[/[:space:]]+",
+					          GCCLIB, la_data) > 0) ||
+					    (gsub(OLDGCCLIB2 "[/[:space:]]+",
+					          GCCLIB, la_data) > 0)) {
+						CHANGED = 1
+						CHOST_CHANGED = 1
+					}
+				}
+				if (OLDVER != NEWVER) {
+					if ((gsub(GCCLIBPREFIX_OLD CHOST "/" OLDVER "[/[:space:]]*",
+					          GCCLIB "/" NEWVER, la_data) > 0) ||
+					    (gsub(GCCLIBPREFIX_NEW CHOST "/" OLDVER "[/[:space:]]*",
+					          GCCLIB "/" NEWVER, la_data) > 0))
+						CHANGED = 1
+				}
+				# We now check if we have libstdc++.la, as we remove the
+				# libtool linker scripts for gcc ...
+				# We do this last, as we only match the new paths
+				if (gsub(GCCLIB "/" NEWVER "/libstdc\\+\\+\\.la",
+				         "-lstdc++", la_data) > 0)
+					CHANGED = 1
+			}
+			close(la_files)
+
+			# Do the actual changes in a second loop, as we can then
+			# verify that CHOST_CHANGED among things is correct ...
+			if (CHANGED) {
+				ewarnn("    FIXING: " la_files " ...[")
+
+				# Clear the temp file (removing rather than '>foo' is better
+				# out of a security point of view?)
+				dosystem("rm -f " la_files ".new")
+
+				while ((getline la_data < (la_files)) > 0) {
+					if (OLDCHOST != "") {
+						tmpstr = gensub(OLDGCCLIB1 "([/[:space:]]+)",
+						                GCCLIB "\\1", "g", la_data)
+						tmpstr = gensub(OLDGCCLIB2 "([/[:space:]]+)",
+						                GCCLIB "\\1", "g", tmpstr)
+
+						if (la_data != tmpstr) {
+							printn("c")
+							la_data = tmpstr
+						}
+
+						if (CHOST_CHANGED > 0) {
+							# We try to be careful about CHOST changes outside
+							# the gcc library path (meaning we cannot match it
+							# via /GCCLIBPREFIX CHOST/) ...
+
+							# Catch:
+							#
+							#  dependency_libs=' -L/usr/CHOST/{bin,lib}'
+							#
+							gsub("-L/usr/" OLDCHOST "/",
+							     "-L/usr/" CHOST "/", la_data)
+							# Catch:
+							#
+							#  dependency_libs=' -L/usr/lib/gcc-lib/CHOST/VER/../../../../CHOST/lib'
+							#
+							la_data = gensub("(" GCCLIB "/[^[:space:]]+)/" OLDCHOST "/",
+							                 "\\1/" CHOST "/", "g", la_data)
+						}
+					}
+
+					if (OLDVER != NEWVER) {
+						# Catch:
+						#
+						#  dependency_libs=' -L/usr/lib/gcc/CHOST/VER'
+						#
+						tmpstr = gensub(GCCLIBPREFIX_OLD CHOST "/" OLDVER "([/[:space:]]+)",
+						                GCCLIB "/" NEWVER "\\1", "g", la_data)
+						tmpstr = gensub(GCCLIBPREFIX_NEW CHOST "/" OLDVER "([/[:space:]]+)",
+						                GCCLIB "/" NEWVER "\\1", "g", tmpstr)
+
+						if (la_data != tmpstr) {
+							# Catch:
+							#
+							#  dependency_libs=' -L/usr/lib/gcc-lib/../../CHOST/lib'
+							#
+							# in cases where we have gcc34
+							tmpstr = gensub(GCCLIBPREFIX_OLD "(../../" CHOST "/lib)",
+							                GCCLIBPREFIX "\\1", "g", tmpstr)
+							tmpstr = gensub(GCCLIBPREFIX_NEW "(../../" CHOST "/lib)",
+							                GCCLIBPREFIX "\\1", "g", tmpstr)
+							printn("v")
+							la_data = tmpstr
+						}
+					}
+
+					# We now check if we have libstdc++.la, as we remove the
+					# libtool linker scripts for gcc and any referencese in any
+					# libtool linker scripts.
+					# We do this last, as we only match the new paths
+					tmpstr = gensub(GCCLIB "/" NEWVER "/libstdc\\+\\+\\.la",
+					                "-lstdc++", "g", la_data);
+					if (la_data != tmpstr) {
+						printn("l")
+						la_data = tmpstr
+					}
+					
+					print la_data >> (la_files ".new")
+				}
+
+				if (CHANGED)
+					print "]"
+
+				close(la_files)
+				close(la_files ".new")
+
+				assert(dosystem("mv -f " la_files ".new " la_files),
+				       "dosystem(\"mv -f " la_files ".new " la_files "\")")
+			}
+		}
+
+		close(pipe)
+	}
+}
+
+# vim:ts=4
diff --git a/hardened/toolchain/branches/gcc-glibc-nopie/sys-devel/gcc/files/c89 b/hardened/toolchain/branches/gcc-glibc-nopie/sys-devel/gcc/files/c89
new file mode 100755
index 0000000..d0a3c1e
--- /dev/null
+++ b/hardened/toolchain/branches/gcc-glibc-nopie/sys-devel/gcc/files/c89
@@ -0,0 +1,23 @@
+#! /bin/sh
+
+# Call the appropriate C compiler with options to accept ANSI/ISO C
+# The following options are the same (as of gcc-2.95):
+# 	-ansi
+# 	-std=c89
+# 	-std=iso9899:1990
+
+extra_flag=-std=c89
+
+for i; do
+    case "$i" in
+	-ansi|-std=c89|-std=iso9899:1990)
+	    extra_flag=
+	    ;;
+	-std=*)
+	    echo >&2 "`basename $0` called with non ANSI/ISO C option $i"
+	    exit 1
+	    ;;
+    esac
+done
+
+exec gcc $extra_flag ${1+"$@"}
diff --git a/hardened/toolchain/branches/gcc-glibc-nopie/sys-devel/gcc/files/c99 b/hardened/toolchain/branches/gcc-glibc-nopie/sys-devel/gcc/files/c99
new file mode 100755
index 0000000..2edf5cd
--- /dev/null
+++ b/hardened/toolchain/branches/gcc-glibc-nopie/sys-devel/gcc/files/c99
@@ -0,0 +1,24 @@
+#! /bin/sh
+
+# Call the appropriate C compiler with options to accept ANSI/ISO C
+# The following options are the same (as of gcc-3.3):
+# 	-std=c99
+# 	-std=c9x
+# 	-std=iso9899:1999
+# 	-std=iso9899:199x
+
+extra_flag=-std=c99
+
+for i; do
+    case "$i" in
+	-std=c9[9x]|-std=iso9899:199[9x])
+	    extra_flag=
+	    ;;
+	-std=*)
+	    echo >&2 "`basename $0` called with non ANSI/ISO C option $i"
+	    exit 1
+	    ;;
+    esac
+done
+
+exec gcc $extra_flag ${1+"$@"}
diff --git a/hardened/toolchain/branches/gcc-glibc-nopie/sys-devel/gcc/files/digest-gcc-3.4.6-r3 b/hardened/toolchain/branches/gcc-glibc-nopie/sys-devel/gcc/files/digest-gcc-3.4.6-r3
new file mode 100644
index 0000000..e00b428
--- /dev/null
+++ b/hardened/toolchain/branches/gcc-glibc-nopie/sys-devel/gcc/files/digest-gcc-3.4.6-r3
@@ -0,0 +1,18 @@
+MD5 d5da59b788f30b6e31488cdae51ca822 bounds-checking-gcc-3.4.4-1.00.patch.bz2 815608
+RMD160 b5e1d4716a5ab881b5d7742bb6650e0492edce93 bounds-checking-gcc-3.4.4-1.00.patch.bz2 815608
+SHA256 a29adc9260071f5928f2e491803b73117ee176e4b19b56ce421aa3ca461370b2 bounds-checking-gcc-3.4.4-1.00.patch.bz2 815608
+MD5 90aa9cb64d7edcd9a2306abe910cbe3b gcc-3.4.5-uclibc-patches-1.1.tar.bz2 70923
+RMD160 89e42889420fbab22e418261d248a89ee2bbbe9b gcc-3.4.5-uclibc-patches-1.1.tar.bz2 70923
+SHA256 5b92fac2afe835a127976fdb6602fb5628cf28e67dd19e8289768a3bb8631ec2 gcc-3.4.5-uclibc-patches-1.1.tar.bz2 70923
+MD5 fe9514353eaf5a09ab16790b7714481b gcc-3.4.6-patches-1.2.tar.bz2 54757
+RMD160 d4e1240b9e45b7661b7f8bf4f57bb2c9cac17686 gcc-3.4.6-patches-1.2.tar.bz2 54757
+SHA256 43253a8defa6111bd6f107178cc46f425ec81efe0eb26b730c11c422a4d4de26 gcc-3.4.6-patches-1.2.tar.bz2 54757
+MD5 0dff307db3a06c6ddd517d27e2ea47be gcc-3.4.6-piepatches-v9.0.5.tar.bz2 6723
+RMD160 eada7d8d45d9cc1e4547fe16e481c3ca41c8e600 gcc-3.4.6-piepatches-v9.0.5.tar.bz2 6723
+SHA256 9298df21e95e5c97aa812be4c8d9dd14704cc4578b9d59e25146ab8c9095599e gcc-3.4.6-piepatches-v9.0.5.tar.bz2 6723
+MD5 848cdf2c21c3374c8f066ae051260afb gcc-3.4.6-ssp-1.0.tar.bz2 34468
+RMD160 0f668e3ffc08297b5ebe3d5cbb9575426008e096 gcc-3.4.6-ssp-1.0.tar.bz2 34468
+SHA256 27ff25099ca8617fe2a76cf8ea06acaab39cff9eb91ef64c84971ba324a664e9 gcc-3.4.6-ssp-1.0.tar.bz2 34468
+MD5 4a21ac777d4b5617283ce488b808da7b gcc-3.4.6.tar.bz2 28193401
+RMD160 b15003368cedc7964f6ceaee0c39ddc43a46c442 gcc-3.4.6.tar.bz2 28193401
+SHA256 7791a601878b765669022b8b3409fba33cc72f9e39340fec8af6d0e6f72dec39 gcc-3.4.6.tar.bz2 28193401
diff --git a/hardened/toolchain/branches/gcc-glibc-nopie/sys-devel/gcc/files/digest-gcc-4.1.1-r3 b/hardened/toolchain/branches/gcc-glibc-nopie/sys-devel/gcc/files/digest-gcc-4.1.1-r3
new file mode 100644
index 0000000..379a8b4
--- /dev/null
+++ b/hardened/toolchain/branches/gcc-glibc-nopie/sys-devel/gcc/files/digest-gcc-4.1.1-r3
@@ -0,0 +1,12 @@
+MD5 122acf10f2e33f415d467e25f145ac5b gcc-4.1.1-patches-1.9.tar.bz2 51152
+RMD160 4e9c774c23e5fe96be60de897fee7c3a5a51d942 gcc-4.1.1-patches-1.9.tar.bz2 51152
+SHA256 b7d84e319b8cceaa087fa2095f6dbfba34109c7d422ae588d43e2fff41324591 gcc-4.1.1-patches-1.9.tar.bz2 51152
+MD5 80395cca62d2cc5b9e627c6533e5c991 gcc-4.1.1-piepatches-v9.0.6.tar.bz2 5120
+RMD160 7bf6af65708c1633c65beec17bb003d040fe97ad gcc-4.1.1-piepatches-v9.0.6.tar.bz2 5120
+SHA256 57d82883facc411591c405ff68553c20fe7813df8eca5ede67ca52eb663522c1 gcc-4.1.1-piepatches-v9.0.6.tar.bz2 5120
+MD5 37396d61f74c49f68848f3e45e5e7d6c gcc-4.1.1-uclibc-patches-1.1.tar.bz2 20981
+RMD160 ca12459f3ec8ee8a9dc5c260bea4bb20d6a80a65 gcc-4.1.1-uclibc-patches-1.1.tar.bz2 20981
+SHA256 f97cf0f9fe52a529b41a78bb5d0d57899805fae00c3e7b2dff87c8192195b6f3 gcc-4.1.1-uclibc-patches-1.1.tar.bz2 20981
+MD5 ad9f97a4d04982ccf4fd67cb464879f3 gcc-4.1.1.tar.bz2 39172003
+RMD160 0edeac242d900b075a7e36796380492b5b3c8564 gcc-4.1.1.tar.bz2 39172003
+SHA256 985cbb23a486570a8783395a42a8689218f5218a0ccdd6bec590eef341367bb7 gcc-4.1.1.tar.bz2 39172003
diff --git a/hardened/toolchain/branches/gcc-glibc-nopie/sys-devel/gcc/files/fix_libtool_files.sh b/hardened/toolchain/branches/gcc-glibc-nopie/sys-devel/gcc/files/fix_libtool_files.sh
new file mode 100644
index 0000000..c144be2
--- /dev/null
+++ b/hardened/toolchain/branches/gcc-glibc-nopie/sys-devel/gcc/files/fix_libtool_files.sh
@@ -0,0 +1,72 @@
+#!/bin/bash
+# Copyright 1999-2005 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-devel/gcc/files/fix_libtool_files.sh,v 1.12 2005/01/30 18:45:22 vapier Exp $
+
+usage() {
+cat << "USAGE_END"
+Usage: fix_libtool_files.sh <old-gcc-version> [--oldarch <old-CHOST>]
+
+    Where <old-gcc-version> is the version number of the
+    previous gcc version.  For example, if you updated to
+    gcc-3.2.1, and you had gcc-3.2 installed, run:
+
+      # fix_libtool_files.sh 3.2
+
+    If you updated to gcc-3.2.3, and the old CHOST was i586-pc-linux-gnu
+    but you now have CHOST as i686-pc-linux-gnu, run:
+
+      # fix_libtool_files.sh 3.2 --oldarch i586-pc-linux-gnu
+
+    Note that if only the CHOST and not the version changed, you can run
+    it with the current version and the '--oldarch <old-CHOST>' arguments,
+    and it will do the expected:
+
+      # fix_libtool_files.sh `gcc -dumpversion` --oldarch i586-pc-linux-gnu
+
+USAGE_END
+	exit 1
+}
+
+if [[ $2 != "--oldarch" && $# -ne 1 ]] || \
+   [[ $2 == "--oldarch" && $# -ne 3 ]]
+then
+	usage
+fi
+
+ARGV1=$1
+ARGV2=$2
+ARGV3=$3
+
+source /etc/profile
+source /sbin/functions.sh
+
+if [[ ${EUID} -ne 0 ]] ; then
+	eerror "${0##*/}: Must be root."
+	exit 1
+fi
+
+# make sure the files come out sane
+umask 0022
+
+if [[ ${ARGV2} == "--oldarch" ]] && [[ -n ${ARGV3} ]] ; then
+	OLDCHOST=${ARGV3}
+else
+	OLDCHOST=
+fi
+
+AWKDIR="/lib/rcscripts/awk"
+
+if [[ ! -r ${AWKDIR}/fixlafiles.awk ]] ; then
+	eerror "${0##*/}: ${AWKDIR}/fixlafiles.awk does not exist!"
+	exit 1
+fi
+
+OLDVER=${ARGV1}
+
+export OLDVER OLDCHOST
+
+einfo "Scanning libtool files for hardcoded gcc library paths..."
+/bin/gawk -f "${AWKDIR}/fixlafiles.awk"
+
+# vim:ts=4
diff --git a/hardened/toolchain/branches/gcc-glibc-nopie/sys-devel/gcc/files/gcc-spec-env.patch b/hardened/toolchain/branches/gcc-glibc-nopie/sys-devel/gcc/files/gcc-spec-env.patch
new file mode 100644
index 0000000..9d5e666
--- /dev/null
+++ b/hardened/toolchain/branches/gcc-glibc-nopie/sys-devel/gcc/files/gcc-spec-env.patch
@@ -0,0 +1,41 @@
+    Add support for external spec file via the GCC_SPECS env var.  This
+    allows us to easily control pie/ssp defaults with gcc-config profiles.
+
+    Original patch by Rob Holland.  Extended to support multiple
+    entries separated by ':' by Kevin F. Quinn
+
+--- gcc-4/gcc/gcc.c
++++ gcc-4/gcc/gcc.c
+@@ -6482,6 +6482,32 @@
+ 
+   /* Process any user specified specs in the order given on the command
+      line.  */
++#if !(defined (__MSDOS__) || defined (OS2) || defined (VMS) || defined (WIN32))
++  /* Add specs listed in GCC_SPECS.  Note; in the process of separating
++   * each spec listed, the string is overwritten at token boundaries
++   * (':') with '\0', an effect of strtok_r().
++   */
++  GET_ENVIRONMENT (specs_file, "GCC_SPECS");
++  if (specs_file && (strlen(specs_file) > 0))
++    {
++      char *spec, *saveptr;
++      for (spec=strtok_r(specs_file,":",&saveptr);
++           spec!=NULL;
++           spec=strtok_r(NULL,":",&saveptr))
++        {
++          struct user_specs *user = (struct user_specs *)
++            xmalloc (sizeof (struct user_specs));
++
++          user->next = (struct user_specs *) 0;
++          user->filename = spec;
++          if (user_specs_tail)
++            user_specs_tail->next = user;
++          else
++            user_specs_head = user;
++          user_specs_tail = user;
++        }
++    }
++#endif
+   for (uptr = user_specs_head; uptr; uptr = uptr->next)
+     {
+       char *filename = find_a_file (&startfile_prefixes, uptr->filename,
diff --git a/hardened/toolchain/branches/gcc-glibc-nopie/sys-devel/gcc/files/specs/hardened.specs b/hardened/toolchain/branches/gcc-glibc-nopie/sys-devel/gcc/files/specs/hardened.specs
new file mode 100644
index 0000000..dc6143c
--- /dev/null
+++ b/hardened/toolchain/branches/gcc-glibc-nopie/sys-devel/gcc/files/specs/hardened.specs
@@ -0,0 +1,5 @@
+%include <pie.specs>
+%include <ssp.specs>
+%include <sspall.specs>
+%include <zrelro.specs>
+%include <znow.specs>
diff --git a/hardened/toolchain/branches/gcc-glibc-nopie/sys-devel/gcc/files/specs/hardenednopie.specs b/hardened/toolchain/branches/gcc-glibc-nopie/sys-devel/gcc/files/specs/hardenednopie.specs
new file mode 100644
index 0000000..efc017d
--- /dev/null
+++ b/hardened/toolchain/branches/gcc-glibc-nopie/sys-devel/gcc/files/specs/hardenednopie.specs
@@ -0,0 +1,5 @@
+%include <nopie.specs>
+%include <ssp.specs>
+%include <sspall.specs>
+%include <zrelro.specs>
+%include <znow.specs>
diff --git a/hardened/toolchain/branches/gcc-glibc-nopie/sys-devel/gcc/files/specs/hardenednopiessp.specs b/hardened/toolchain/branches/gcc-glibc-nopie/sys-devel/gcc/files/specs/hardenednopiessp.specs
new file mode 100644
index 0000000..d1d59da
--- /dev/null
+++ b/hardened/toolchain/branches/gcc-glibc-nopie/sys-devel/gcc/files/specs/hardenednopiessp.specs
@@ -0,0 +1,5 @@
+%include <nopie.specs>
+%include <nossp.specs>
+%include <nosspall.specs>
+%include <zrelro.specs>
+%include <znow.specs>
diff --git a/hardened/toolchain/branches/gcc-glibc-nopie/sys-devel/gcc/files/specs/hardenednossp.specs b/hardened/toolchain/branches/gcc-glibc-nopie/sys-devel/gcc/files/specs/hardenednossp.specs
new file mode 100644
index 0000000..30a6d8d
--- /dev/null
+++ b/hardened/toolchain/branches/gcc-glibc-nopie/sys-devel/gcc/files/specs/hardenednossp.specs
@@ -0,0 +1,5 @@
+%include <pie.specs>
+%include <nossp.specs>
+%include <nosspall.specs>
+%include <zrelro.specs>
+%include <znow.specs>
diff --git a/hardened/toolchain/branches/gcc-glibc-nopie/sys-devel/gcc/files/specs/nopie.specs b/hardened/toolchain/branches/gcc-glibc-nopie/sys-devel/gcc/files/specs/nopie.specs
new file mode 100644
index 0000000..f8e3e2e
--- /dev/null
+++ b/hardened/toolchain/branches/gcc-glibc-nopie/sys-devel/gcc/files/specs/nopie.specs
@@ -0,0 +1,18 @@
+*asm_pie:
+%{pie:-K PIC}
+
+*cc1_pie:
+%{pie:-fPIE}
+
+*crtfile_pie:
+%{pie:Scrt1.o%s;:crt1.o%s}
+
+*endfile_pie:
+%{pie:crtendS.o%s;:crtend.o%s}
+
+*startfile_pie:
+%{pie:crtbeginS.o%s;:crtbegin.o%s}
+
+*link_pie:
+%{pie:-pie}
+
diff --git a/hardened/toolchain/branches/gcc-glibc-nopie/sys-devel/gcc/files/specs/nossp.specs b/hardened/toolchain/branches/gcc-glibc-nopie/sys-devel/gcc/files/specs/nossp.specs
new file mode 100644
index 0000000..c41dc60
--- /dev/null
+++ b/hardened/toolchain/branches/gcc-glibc-nopie/sys-devel/gcc/files/specs/nossp.specs
@@ -0,0 +1,3 @@
+*cc1_ssp:
+
+
diff --git a/hardened/toolchain/branches/gcc-glibc-nopie/sys-devel/gcc/files/specs/nosspall.specs b/hardened/toolchain/branches/gcc-glibc-nopie/sys-devel/gcc/files/specs/nosspall.specs
new file mode 100644
index 0000000..34748c9
--- /dev/null
+++ b/hardened/toolchain/branches/gcc-glibc-nopie/sys-devel/gcc/files/specs/nosspall.specs
@@ -0,0 +1,3 @@
+*cc1_ssp_all:
+
+
diff --git a/hardened/toolchain/branches/gcc-glibc-nopie/sys-devel/gcc/files/specs/noznow.specs b/hardened/toolchain/branches/gcc-glibc-nopie/sys-devel/gcc/files/specs/noznow.specs
new file mode 100644
index 0000000..0361995
--- /dev/null
+++ b/hardened/toolchain/branches/gcc-glibc-nopie/sys-devel/gcc/files/specs/noznow.specs
@@ -0,0 +1,3 @@
+*link_now:
+%{nonow:}
+
diff --git a/hardened/toolchain/branches/gcc-glibc-nopie/sys-devel/gcc/files/specs/nozrelro.specs b/hardened/toolchain/branches/gcc-glibc-nopie/sys-devel/gcc/files/specs/nozrelro.specs
new file mode 100644
index 0000000..02eadcf
--- /dev/null
+++ b/hardened/toolchain/branches/gcc-glibc-nopie/sys-devel/gcc/files/specs/nozrelro.specs
@@ -0,0 +1,3 @@
+*link_relro:
+%{norelro:}
+
diff --git a/hardened/toolchain/branches/gcc-glibc-nopie/sys-devel/gcc/files/specs/pie.specs b/hardened/toolchain/branches/gcc-glibc-nopie/sys-devel/gcc/files/specs/pie.specs
new file mode 100644
index 0000000..915cd2c
--- /dev/null
+++ b/hardened/toolchain/branches/gcc-glibc-nopie/sys-devel/gcc/files/specs/pie.specs
@@ -0,0 +1,18 @@
+*asm_pie:
+%{pie:-K PIC} %{!pie: %{!fpic:%{!fPIC:%{!fpie:%{!fPIE: %{!fno-pic:%{!fno-PIC:%{!fno-pie:%{!fno-PIE: %{!static: %{!shared:%{!nostdlib:%{!nostartfiles: %{!nopie:-K PIC} }}} } }}}} }}}} }
+
+*cc1_pie:
+%{pie:-fPIE} %{!pie: %{!fpic:%{!fPIC:%{!fpie:%{!fPIE: %{!fno-pic:%{!fno-PIC:%{!fno-pie:%{!fno-PIE: %{!static: %{!shared:%{!nostdlib:%{!nostartfiles: %{!nopie:-fPIE} }}} } }}}} }}}} }
+
+*crtfile_pie:
+%{fno-pie|fno-PIE|nostdlib|nopie:crt1.o%s;:Scrt1.o%s}
+
+*endfile_pie:
+%{fno-pie|fno-PIE|nostdlib|nopie:crtend.o%s;:crtendS.o%s}
+
+*startfile_pie:
+%{fno-pie|fno-PIE|nostdlib|nopie:crtbegin.o%s;:crtbeginS.o%s}
+
+*link_pie:
+%{pie:-pie} %{!pie: %{!A: %{!fno-pie:%{!fno-PIE: %{!static: %{!shared:%{!nostdlib:%{!nostartfiles: %{!nopie:-pie} }}} } }} } }
+
diff --git a/hardened/toolchain/branches/gcc-glibc-nopie/sys-devel/gcc/files/specs/ssp.specs b/hardened/toolchain/branches/gcc-glibc-nopie/sys-devel/gcc/files/specs/ssp.specs
new file mode 100644
index 0000000..89e3429
--- /dev/null
+++ b/hardened/toolchain/branches/gcc-glibc-nopie/sys-devel/gcc/files/specs/ssp.specs
@@ -0,0 +1,3 @@
+*cc1_ssp:
+%{!nostdlib:%{!nodefaultlibs: %{!fno-stack-protector:%{!fstack-protector:%{!fstack-protector-all:-fstack-protector %(cc1_ssp_all) }}} }}
+
diff --git a/hardened/toolchain/branches/gcc-glibc-nopie/sys-devel/gcc/files/specs/sspall.specs b/hardened/toolchain/branches/gcc-glibc-nopie/sys-devel/gcc/files/specs/sspall.specs
new file mode 100644
index 0000000..f6fc418
--- /dev/null
+++ b/hardened/toolchain/branches/gcc-glibc-nopie/sys-devel/gcc/files/specs/sspall.specs
@@ -0,0 +1,3 @@
+*cc1_ssp_all:
+%{!fno-stack-protector-all:-fstack-protector-all}
+
diff --git a/hardened/toolchain/branches/gcc-glibc-nopie/sys-devel/gcc/files/specs/vanilla.specs b/hardened/toolchain/branches/gcc-glibc-nopie/sys-devel/gcc/files/specs/vanilla.specs
new file mode 100644
index 0000000..38129cf
--- /dev/null
+++ b/hardened/toolchain/branches/gcc-glibc-nopie/sys-devel/gcc/files/specs/vanilla.specs
@@ -0,0 +1,5 @@
+%include <nopie.specs>
+%include <nossp.specs>
+%include <nosspall.specs>
+%include <nozrelro.specs>
+%include <noznow.specs>
diff --git a/hardened/toolchain/branches/gcc-glibc-nopie/sys-devel/gcc/files/specs/znow.specs b/hardened/toolchain/branches/gcc-glibc-nopie/sys-devel/gcc/files/specs/znow.specs
new file mode 100644
index 0000000..9262262
--- /dev/null
+++ b/hardened/toolchain/branches/gcc-glibc-nopie/sys-devel/gcc/files/specs/znow.specs
@@ -0,0 +1,3 @@
+*link_now:
+%{!nonow:-z now}
+
diff --git a/hardened/toolchain/branches/gcc-glibc-nopie/sys-devel/gcc/files/specs/zrelro.specs b/hardened/toolchain/branches/gcc-glibc-nopie/sys-devel/gcc/files/specs/zrelro.specs
new file mode 100644
index 0000000..e08f2ac
--- /dev/null
+++ b/hardened/toolchain/branches/gcc-glibc-nopie/sys-devel/gcc/files/specs/zrelro.specs
@@ -0,0 +1,3 @@
+*link_relro:
+%{!norelro:-z relro}
+
diff --git a/hardened/toolchain/branches/gcc-glibc-nopie/sys-devel/gcc/gcc-3.4.6-r3.ebuild b/hardened/toolchain/branches/gcc-glibc-nopie/sys-devel/gcc/gcc-3.4.6-r3.ebuild
new file mode 100644
index 0000000..31b9bc4
--- /dev/null
+++ b/hardened/toolchain/branches/gcc-glibc-nopie/sys-devel/gcc/gcc-3.4.6-r3.ebuild
@@ -0,0 +1,139 @@
+# Copyright 1999-2006 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-devel/gcc/gcc-3.4.6-r2.ebuild,v 1.6 2006/10/02 01:10:12 vapier Exp $
+
+MAN_VER=""
+PATCH_VER="1.2"
+UCLIBC_VER="1.1"
+UCLIBC_GCC_VER="3.4.5"
+PIE_VER="9.0.5"
+PIE_GCC_VER="3.4.6"
+PP_VER="1.0"
+PP_GCC_VER="3.4.6"
+HTB_VER="1.00"
+HTB_GCC_VER="3.4.4"
+
+GCC_LIBSSP_SUPPORT="true"
+
+ETYPE="gcc-compiler"
+
+# arch/libc configurations known to be stable with {PIE,SSP}-by-default
+SSP_STABLE="x86 sparc amd64 ppc ppc64"
+SSP_UCLIBC_STABLE="arm mips ppc x86"
+PIE_GLIBC_STABLE="x86 sparc amd64 ppc ppc64"
+PIE_UCLIBC_STABLE="x86 mips ppc"
+
+# arch/libc configurations known to be broken with {PIE,SSP}-by-default
+SSP_UNSUPPORTED="hppa sh"
+SSP_UCLIBC_UNSUPPORTED="${SSP_UNSUPPORTED}"
+PIE_UCLIBC_UNSUPPORTED="alpha amd64 arm hppa ia64 m68k ppc64 s390 sh sparc"
+PIE_GLIBC_UNSUPPORTED="hppa"
+
+# whether we should split out specs files for multiple {PIE,SSP}-by-default
+# and vanilla configurations.
+SPLIT_SPECS=${SPLIT_SPECS-true}
+
+#GENTOO_PATCH_EXCLUDE=""
+#PIEPATCH_EXCLUDE=""
+
+inherit toolchain eutils
+
+DESCRIPTION="The GNU Compiler Collection.  Includes C/C++, java compilers, pie+ssp extensions, Haj Ten Brugge runtime bounds checking"
+
+KEYWORDS="-* ~alpha ~amd64 ~arm ~ia64 ~mips ~ppc ~ppc64 ~sh ~sparc ~x86 ~x86-fbsd"
+
+# we need a proper glibc version for the Scrt1.o provided to the pie-ssp specs
+# NOTE: we SHOULD be using at least binutils 2.15.90.0.1 everywhere for proper
+# .eh_frame ld optimisation and symbol visibility support, but it hasnt been
+# well tested in gentoo on any arch other than amd64!!
+RDEPEND="|| ( >=sys-devel/gcc-config-1.3.12-r4 app-admin/eselect-compiler )
+	>=sys-libs/zlib-1.1.4
+	virtual/libiconv
+	elibc_glibc? (
+		>=sys-libs/glibc-2.3.3_pre20040420-r1
+		hardened? ( >=sys-libs/glibc-2.3.3_pre20040529 )
+	)
+	!build? (
+		gcj? (
+			gtk? (
+				|| ( ( x11-libs/libXt x11-libs/libX11 x11-libs/libXtst x11-proto/xproto x11-proto/xextproto ) virtual/x11 )
+				>=x11-libs/gtk+-2.2
+			)
+			>=media-libs/libart_lgpl-2.1
+		)
+		>=sys-libs/ncurses-5.2-r2
+		nls? ( sys-devel/gettext )
+	)"
+
+if [[ ${CATEGORY/cross-} != ${CATEGORY} ]]; then
+	RDEPEND="${RDEPEND} ${CATEGORY}/binutils"
+fi
+
+DEPEND="${RDEPEND}
+	>=sys-apps/texinfo-4.2-r4
+	>=sys-devel/bison-1.875
+	>=sys-devel/binutils-2.14.90.0.8-r1
+	amd64? ( >=sys-devel/binutils-2.15.90.0.1.1-r1 )"
+PDEPEND="|| ( sys-devel/gcc-config app-admin/eselect-compiler )"
+
+src_unpack() {
+	gcc_src_unpack
+
+	# misc patches that havent made it into a patch tarball yet
+	[[ ${CHOST} == ${CTARGET} ]] && epatch "${FILESDIR}"/gcc-spec-env.patch
+
+	# nothing in the tree provides libssp.so, so nothing will ever trigger this
+	# logic, but having the patch in the tree makes life so much easier for me
+	# since I dont have to also have an overlay for this.
+	want_libssp && epatch "${FILESDIR}"/3.4.3/libssp.patch
+
+	# Anything useful and objc will require libffi. Seriously. Lets just force
+	# libffi to install with USE="objc", even though it normally only installs
+	# if you attempt to build gcj.
+	if ! use build && use objc && ! use gcj ; then
+		epatch "${FILESDIR}"/3.4.3/libffi-without-libgcj.patch
+		#epatch ${FILESDIR}/3.4.3/libffi-nogcj-lib-path-fix.patch
+	fi
+
+	# Fix cross-compiling
+	epatch "${FILESDIR}"/3.4.4/gcc-3.4.4-cross-compile.patch
+
+	[[ ${CTARGET} == *-softfloat-* ]] && epatch "${FILESDIR}"/3.4.4/gcc-3.4.4-softfloat.patch
+
+	# Arch stuff
+	case $(tc-arch) in
+		mips)
+			# If mips, and we DON'T want multilib, then rig gcc to only use n32 OR n64
+			if ! is_multilib; then
+				use n32 && epatch ${FILESDIR}/3.4.1/gcc-3.4.1-mips-n32only.patch
+				use n64 && epatch ${FILESDIR}/3.4.1/gcc-3.4.1-mips-n64only.patch
+			fi
+
+			# Patch forward-ported from a gcc-3.0.x patch that adds -march=r10000 and
+			# -mtune=r10000 support to gcc (Allows the compiler to generate code to
+			# take advantage of R10k's second ALU, perform shifts, etc..
+			#
+			# Needs re-porting to DFA in gcc-4.0 - Any Volunteers? :)
+			epatch ${FILESDIR}/3.4.2/gcc-3.4.x-mips-add-march-r10k.patch
+
+			# This is a very special patch -- it allows us to build semi-usable kernels
+			# on SGI IP28 (Indigo2 Impact R10000) systems.  The patch is henceforth
+			# regarded as a kludge by upstream, and thus, it will never get accepted upstream,
+			# but for our purposes of building a kernel, it works.
+			# Unless you're building an IP28 kernel, you really don't need care about what
+			# this patch does, because if you are, you are probably already aware of what
+			# it does.
+			# All that said, the abilities of this patch are disabled by default and need
+			# to be enabled by passing -mip28-cache-barrier.  Only used to build kernels,
+			# There is the possibility it may be used for very specific userland apps too.
+			if use ip28 or use ip32r10k; then
+				epatch ${FILESDIR}/3.4.2/gcc-3.4.2-mips-ip28_cache_barriers-v4.patch
+			fi
+			;;
+		amd64)
+			if is_multilib ; then
+				sed -i -e '/GLIBCXX_IS_NATIVE=/s:false:true:' libstdc++-v3/configure || die
+			fi
+			;;
+	esac
+}
diff --git a/hardened/toolchain/branches/gcc-glibc-nopie/sys-devel/gcc/gcc-4.1.1-r3.ebuild b/hardened/toolchain/branches/gcc-glibc-nopie/sys-devel/gcc/gcc-4.1.1-r3.ebuild
new file mode 100644
index 0000000..d7009da
--- /dev/null
+++ b/hardened/toolchain/branches/gcc-glibc-nopie/sys-devel/gcc/gcc-4.1.1-r3.ebuild
@@ -0,0 +1,87 @@
+# Copyright 1999-2006 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-devel/gcc/gcc-4.1.1-r3.ebuild,v 1.2 2006/12/10 21:27:50 kloeri Exp $
+
+PATCH_VER="1.9"
+UCLIBC_VER="1.1"
+PIE_VER="9.0.6"
+PIE_GCC_VER="4.1.1"
+
+ETYPE="gcc-compiler"
+
+# arch/libc configurations known to be stable with {PIE,SSP}-by-default
+SSP_STABLE="amd64 ppc ppc64 sparc x86"
+SSP_UCLIBC_STABLE="ppc sparc x86"
+PIE_GLIBC_STABLE="amd64 ppc ppc64 sparc x86"
+PIE_UCLIBC_STABLE="mips ppc x86"
+
+# arch/libc configurations known to be broken with {PIE,SSP}-by-default
+# gcc-4 SSP is only available on FRAME_GROWS_DOWNWARD arches; so it's not
+# available on pa, c4x, ia64, alpha, iq2000, m68hc11, stormy16
+# (the options are parsed, but they're effectively no-ops).
+# rs6000 has special handling to support SSP; ia64 may get the same:
+# http://developer.momonga-linux.org/viewvc/trunk/pkgs/gcc4/gcc41-ia64-stack-protector.patch?revision=7447&view=markup&pathrev=7447
+SSP_UNSUPPORTED="hppa sh ia64 alpha"
+SSP_UCLIBC_UNSUPPORTED="${SSP_UNSUPPORTED}"
+PIE_UCLIBC_UNSUPPORTED="alpha amd64 arm hppa ia64 m68k ppc64 s390 sh sparc"
+PIE_GLIBC_UNSUPPORTED="hppa"
+
+# These patches are obsoleted by stricter control over how one builds a hardened
+# compiler from a vanilla compiler
+GENTOO_PATCH_EXCLUDE="54_all_300-libstdc++-pic.patch 51_all_gcc-3.4-libiberty-pic.patch"
+
+# whether we should split out specs files for multiple {PIE,SSP}-by-default
+# and vanilla configurations.
+SPLIT_SPECS=${SPLIT_SPECS-true}
+
+inherit toolchain
+
+DESCRIPTION="The GNU Compiler Collection.  Includes C/C++, java compilers, pie+ssp extensions, Haj Ten Brugge runtime bounds checking"
+
+LICENSE="GPL-2 LGPL-2.1"
+KEYWORDS="-* ~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sparc ~sparc-fbsd ~x86 ~x86-fbsd"
+
+RDEPEND=">=sys-libs/zlib-1.1.4
+	|| ( >=sys-devel/gcc-config-1.3.12-r4 app-admin/eselect-compiler )
+	virtual/libiconv
+	fortran? (
+		>=dev-libs/gmp-4.2.1
+		>=dev-libs/mpfr-2.2.0_p10
+	)
+	!build? (
+		gcj? (
+			gtk? (
+				|| ( ( x11-libs/libXt x11-libs/libX11 x11-libs/libXtst x11-proto/xproto x11-proto/xextproto ) virtual/x11 )
+				>=x11-libs/gtk+-2.2
+				x11-libs/pango
+			)
+			>=media-libs/libart_lgpl-2.1
+		)
+		>=sys-libs/ncurses-5.2-r2
+		nls? ( sys-devel/gettext )
+		hardened? ( >=sys-libs/glibc-2.4 )
+	)"
+DEPEND="${RDEPEND}
+	test? ( sys-devel/autogen )
+	>=sys-apps/texinfo-4.2-r4
+	>=sys-devel/bison-1.875
+	>=${CATEGORY}/binutils-2.15.94"
+PDEPEND="|| ( sys-devel/gcc-config app-admin/eselect-compiler )"
+if [[ ${CATEGORY} != cross-* ]] ; then
+	PDEPEND="${PDEPEND} elibc_glibc? ( >=sys-libs/glibc-2.3.6 )"
+fi
+
+src_unpack() {
+	gcc_src_unpack
+
+	use vanilla && return 0
+
+	[[ ${CHOST} == ${CTARGET} ]] && epatch "${FILESDIR}"/gcc-spec-env.patch
+
+	# Fix cross-compiling
+	epatch "${FILESDIR}"/4.1.0/gcc-4.1.0-cross-compile.patch
+
+	[[ ${CTARGET} == *-softfloat-* ]] && epatch "${FILESDIR}"/4.0.2/gcc-4.0.2-softfloat.patch
+
+	epatch "${FILESDIR}"/4.1.0/gcc-4.1.0-fast-math-i386-Os-workaround.patch
+}
diff --git a/hardened/toolchain/branches/gcc-glibc-nopie/sys-libs/glibc/Manifest b/hardened/toolchain/branches/gcc-glibc-nopie/sys-libs/glibc/Manifest
new file mode 100644
index 0000000..a83e398
--- /dev/null
+++ b/hardened/toolchain/branches/gcc-glibc-nopie/sys-libs/glibc/Manifest
@@ -0,0 +1,53 @@
+AUX 2.4/glibc-2.4-gentoo-stack_chk_fail.c 9058 RMD160 c98d7007857aeeea00e708e7989800dad9b07ae3 SHA1 ff92b7b6cb4a364dbe81c5110da79d1ad56a72ba SHA256 067fba2a36d2630d50198c44395ef208cdf080508f1b716bd3d079f7b964e2df
+MD5 24dfc0b6f2725063612ea5e4e346b6f3 files/2.4/glibc-2.4-gentoo-stack_chk_fail.c 9058
+RMD160 c98d7007857aeeea00e708e7989800dad9b07ae3 files/2.4/glibc-2.4-gentoo-stack_chk_fail.c 9058
+SHA256 067fba2a36d2630d50198c44395ef208cdf080508f1b716bd3d079f7b964e2df files/2.4/glibc-2.4-gentoo-stack_chk_fail.c 9058
+AUX 2.4/glibc-2.4-hardened-pie.patch 3875 RMD160 82671cc3a508a7aec307b0515a2589fa1e29a291 SHA1 39f07b444bf6eec4a99737e8377a9d3f3f215993 SHA256 1b79594506ba69a7f39dac71c96cd4a0b738caa84ac43768caa1b2aea2805c34
+MD5 ac0a186272000c10eb342bdb64043d44 files/2.4/glibc-2.4-hardened-pie.patch 3875
+RMD160 82671cc3a508a7aec307b0515a2589fa1e29a291 files/2.4/glibc-2.4-hardened-pie.patch 3875
+SHA256 1b79594506ba69a7f39dac71c96cd4a0b738caa84ac43768caa1b2aea2805c34 files/2.4/glibc-2.4-hardened-pie.patch 3875
+AUX 2.4/glibc-2.4-linuxssp.patch 5624 RMD160 9769dd67a904488224760d7d009c05d10bdc5a81 SHA1 cdca3580ee24006c42c4ce9c31f9a79005fe625d SHA256 6a5c4cd1b7a9a10a8eac928af8e8f425a07b0ff01a12edbe6c21bcaa20a2762d
+MD5 26f0d80267aeef64b552baba9f8b869a files/2.4/glibc-2.4-linuxssp.patch 5624
+RMD160 9769dd67a904488224760d7d009c05d10bdc5a81 files/2.4/glibc-2.4-linuxssp.patch 5624
+SHA256 6a5c4cd1b7a9a10a8eac928af8e8f425a07b0ff01a12edbe6c21bcaa20a2762d files/2.4/glibc-2.4-linuxssp.patch 5624
+AUX 2.4/glibc-2.4-testfailobvious.patch 919 RMD160 371d8c6ab9a7358a23ec721d46528c93aa1b7cd8 SHA1 a7e9794c4ba8ab0c452bfc495a6ae7950984e69e SHA256 5542c46a2649a2a3ffb6e0f884c3ad7309863f7d62055e1ec4b792f923f15654
+MD5 222aebe5c1135dfa01c785dcaae36b05 files/2.4/glibc-2.4-testfailobvious.patch 919
+RMD160 371d8c6ab9a7358a23ec721d46528c93aa1b7cd8 files/2.4/glibc-2.4-testfailobvious.patch 919
+SHA256 5542c46a2649a2a3ffb6e0f884c3ad7309863f7d62055e1ec4b792f923f15654 files/2.4/glibc-2.4-testfailobvious.patch 919
+AUX nscd 1468 RMD160 4358dc846a186c9db730693f9485b4d4358f3967 SHA1 f340187d998effff8b84250394a608c7305539bf SHA256 12b5d0732e646b3a456646b943930cc5c21cc82635e42ccefe8f197e61d570fe
+MD5 1314d7f9022322cd0d1198dcddf1214d files/nscd 1468
+RMD160 4358dc846a186c9db730693f9485b4d4358f3967 files/nscd 1468
+SHA256 12b5d0732e646b3a456646b943930cc5c21cc82635e42ccefe8f197e61d570fe files/nscd 1468
+AUX nscd.conf 1158 RMD160 50651e89a0cb206b1d37dae8840527694fe561b5 SHA1 5f5166aa6e0bffa57c52c39d3ec51ad3b0efa607 SHA256 378b7953adf5aa0e03bff49b7c654cae67b3efee7c92361b385fe7d3e9fb57c7
+MD5 2013443f5192d4b999953ba4248d288c files/nscd.conf 1158
+RMD160 50651e89a0cb206b1d37dae8840527694fe561b5 files/nscd.conf 1158
+SHA256 378b7953adf5aa0e03bff49b7c654cae67b3efee7c92361b385fe7d3e9fb57c7 files/nscd.conf 1158
+AUX nsswitch.conf 503 RMD160 f375f92f6b41029c93382c39cef896261b140cfc SHA1 42f7f5cc3de75c69bf60d806ac8490106ea63326 SHA256 6c38b8642d5da884327ad678d0351d57be3621562253bd9711394bad87e45e2d
+MD5 8d58079469aedb014a800101ef60558f files/nsswitch.conf 503
+RMD160 f375f92f6b41029c93382c39cef896261b140cfc files/nsswitch.conf 503
+SHA256 6c38b8642d5da884327ad678d0351d57be3621562253bd9711394bad87e45e2d files/nsswitch.conf 503
+DIST glibc-2.4-patches-1.19.tar.bz2 132880 RMD160 6df74db9b9e85220fba82658036ced5cdc16ae28 SHA1 b42dfd587fdf4df58c5f95853fc3dc4f8f51bee7 SHA256 9ec4cd3df3b8e7f294b3c93138d2f0fd7e8213b4981cfcc9cb58c25f934a23fa
+DIST glibc-2.4.tar.bz2 15202445 RMD160 ee2712a0e6fab8e086958c1f23221f8d07af3de1 SHA1 35c636e4b474cda0f06e361d5e9caec092fd73d3 SHA256 27aaaaa78b4ab5da76bb29385dc9be087ba7b855a9102eaaa78ce3ec5e2e7fcd
+DIST glibc-2.5-patches-1.3.tar.bz2 173857 RMD160 3e4dc97f1ec57177084937ce85895efd225e859d SHA1 046b7077544bc2a4155c7ecacfa7b93418ce45be SHA256 ab6deb5ed782551651931381334486feb829f19ae395374c1961f1e9be10130c
+DIST glibc-2.5.tar.bz2 15321839 RMD160 25a0a460c0db1e5b7c570e5087461696f2096fd2 SHA1 ec9a007c4875062099a4701ac9137fcdb5a71447 SHA256 9b2e12bb1eafb55ab2e5a868532b8e6ec39216c66c25b8998d7474bc4d4eb529
+DIST glibc-libidn-2.4.tar.bz2 102305 RMD160 76b2e15e7613c4ac8db3bf90e90929c0e369ab04 SHA1 09981bb5f15812caa5824b3946b30cf030afc255 SHA256 2f29ec2b2b2f75f787a1eed8fdea20aff212dc3bad97651ca376914c49181977
+DIST glibc-libidn-2.5.tar.bz2 102330 RMD160 e10e85e0ee7cdab2e5518a93978cb688ccabee88 SHA1 ee7e019e01aa338e28db1eeb34abb2cb09d2f30a SHA256 de77e49e0beee6061d4c6e480f322566ba25d4e5e018c456a18ea4a8da5c0ede
+DIST glibc-linuxthreads-2.5.tar.bz2 242445 RMD160 788484d035d53ac39aac18f6e3409a912eea1cfa SHA1 eb7765e5c0a14c7475f1c8b92cbe1f625a8fd76f SHA256 ee27aeba6124a8b351c720eb898917f0f8874d9a384cc2f17aa111a3d679bd2c
+DIST glibc-linuxthreads-20060605.tar.bz2 247200 RMD160 aaa0a150eec4d63787f86ae04ded4d92a10c6f29 SHA1 1e0cf861de45f22d01d7d305482bacb0a869262f SHA256 1d15e236926fff6daa81e6af34e7903206b67f849f828ca976ab077b4677fb52
+DIST glibc-ports-2.4.tar.bz2 381472 RMD160 72987098f9fbd5a1ad617bf2136081c0db80a429 SHA1 8b4d93bfbcd5b6a36e09ff08fe0c2a08adc1b886 SHA256 2fbbcaad8a9f8560485c398a9066959fe2713c8bc7e653ec476fb56fed21d19a
+DIST glibc-ports-2.5.tar.bz2 409372 RMD160 e7e29df135a5f0f72760d10e5ad46de038e40725 SHA1 7da6257e641759ed29c4d316700fce6f604bc812 SHA256 80c38a005325e7539012bd665fb8e06af9ee9bfc74efb236ebff121265bfd463
+DIST glibc-powerpc-cpu-addon-v0.01.tgz 22422 RMD160 3483c94ec55819b36aa66fc60462317f8d15e4df SHA1 fd30cde7c7cb42baa2c8fa1ac88eeeeb509cac29 SHA256 0ffa9a432fffb9bfed99c529b631a27534ba848c7ec1d707732338b73a4a8ce9
+EBUILD glibc-2.4-r4.ebuild 40431 RMD160 3f058531de3f6c7eb79c98b206e2348fc71c6b69 SHA1 ac40152f8accee20527f36e833edf55f75fc89d8 SHA256 079e314f625276c314ab8f3ff268f8fac67fae8cfca7923e69b251d076796389
+MD5 6206b5f4be3503779a1b63e4f7279ca2 glibc-2.4-r4.ebuild 40431
+RMD160 3f058531de3f6c7eb79c98b206e2348fc71c6b69 glibc-2.4-r4.ebuild 40431
+SHA256 079e314f625276c314ab8f3ff268f8fac67fae8cfca7923e69b251d076796389 glibc-2.4-r4.ebuild 40431
+EBUILD glibc-2.5.ebuild 38595 RMD160 d015a3acff785e4bc5ff65bcd38d488b71efb8cf SHA1 fc36621c35dfd2147be1f70c85f0cc5ebe9f4542 SHA256 cd3061e2795e4d82fbb824466bd1308a1086aaaf2e5f559a698a605c55ec324b
+MD5 1c4b9358e448f106af4bce2a625d30a5 glibc-2.5.ebuild 38595
+RMD160 d015a3acff785e4bc5ff65bcd38d488b71efb8cf glibc-2.5.ebuild 38595
+SHA256 cd3061e2795e4d82fbb824466bd1308a1086aaaf2e5f559a698a605c55ec324b glibc-2.5.ebuild 38595
+MD5 e6c60ddb8b06199242d294f97f01c574 files/digest-glibc-2.4-r4 1575
+RMD160 49ff56b0209067c5313646df281c408956cdaa92 files/digest-glibc-2.4-r4 1575
+SHA256 a49f96d87bda9dfbe73ac717c2a1dea7b4715c9c2e6031f404e3d7ee1209efea files/digest-glibc-2.4-r4 1575
+MD5 0ef85c335e10127d3e21077ab8034f12 files/digest-glibc-2.5 1280
+RMD160 34e5f2b01652b2ae928c40fefe948ff971bb7851 files/digest-glibc-2.5 1280
+SHA256 f65c057f070beb912fdc31c87bdec28342093306c3387f73aa831178e3a8d875 files/digest-glibc-2.5 1280
diff --git a/hardened/toolchain/branches/gcc-glibc-nopie/sys-libs/glibc/files/2.4/glibc-2.4-gentoo-stack_chk_fail.c b/hardened/toolchain/branches/gcc-glibc-nopie/sys-libs/glibc/files/2.4/glibc-2.4-gentoo-stack_chk_fail.c
new file mode 100644
index 0000000..e304440
--- /dev/null
+++ b/hardened/toolchain/branches/gcc-glibc-nopie/sys-libs/glibc/files/2.4/glibc-2.4-gentoo-stack_chk_fail.c
@@ -0,0 +1,311 @@
+/* Copyright (C) 2005 Free Software Foundation, Inc.
+   This file is part of the GNU C Library.
+
+   The GNU C Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   The GNU C Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with the GNU C Library; if not, write to the Free
+   Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+   02111-1307 USA.  */
+
+/* Copyright (C) 2006 Gentoo Foundation Inc.
+ * License terms as above.
+ *
+ * Hardened Gentoo SSP handler
+ *
+ * An SSP failure handler that does not use functions from the rest of
+ * glibc; it uses the INTERNAL_SYSCALL methods directly.  This ensures
+ * no possibility of recursion into the handler.
+ *
+ * Direct all bug reports to http://bugs.gentoo.org/
+ *
+ * Re-written from the glibc-2.3 Hardened Gentoo SSP handler
+ * by Kevin F. Quinn - <kevquinn[@]gentoo.org>
+ *
+ * The following people contributed to the glibc-2.3 Hardened
+ * Gentoo SSP handler, from which this implementation draws much:
+ *
+ * Ned Ludd - <solar[@]gentoo.org>
+ * Alexander Gabert - <pappy[@]gentoo.org>
+ * The PaX Team - <pageexec[@]freemail.hu>
+ * Peter S. Mazinger - <ps.m[@]gmx.net>
+ * Yoann Vandoorselaere - <yoann[@]prelude-ids.org>
+ * Robert Connolly - <robert[@]linuxfromscratch.org>
+ * Cory Visi <cory[@]visi.name>
+ * Mike Frysinger <vapier[@]gentoo.org>
+ */
+
+#include <errno.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <signal.h>
+
+#include <sys/types.h>
+
+#include <sysdep-cancel.h>
+#include <sys/syscall.h>
+#include <bp-checks.h>
+
+#include <kernel-features.h>
+
+#include <alloca.h>
+/* from sysdeps */
+#include <socketcall.h>
+/* for the stuff in bits/socket.h */
+#include <sys/socket.h>
+#include <sys/un.h>
+
+
+/* Sanity check on SYSCALL macro names - force compilation
+ * failure if the names used here do not exist
+ */
+#if !defined __NR_socketcall && !defined __NR_socket
+# error Cannot do syscall socket or socketcall
+#endif
+#if !defined __NR_socketcall && !defined __NR_connect
+# error Cannot do syscall connect or socketcall
+#endif
+#ifndef __NR_write
+# error Cannot do syscall write
+#endif
+#ifndef __NR_close
+# error Cannot do syscall close
+#endif
+#ifndef __NR_getpid
+# error Cannot do syscall getpid
+#endif
+#ifndef __NR_kill
+# error Cannot do syscall kill
+#endif
+#ifndef __NR_exit
+# error Cannot do syscall exit
+#endif
+#ifdef SSP_SMASH_DUMPS_CORE
+# if !defined _KERNEL_NSIG && !defined _NSIG
+#  error No _NSIG or _KERNEL_NSIG for rt_sigaction
+# endif
+# if !defined __NR_sigation && !defined __NR_rt_sigaction
+#  error Cannot do syscall sigaction or rt_sigaction
+# endif
+#endif
+
+
+
+/* Define DO_SOCKET/DO_CONNECT macros to deal with socketcall vs socket/connect */
+#ifdef __NR_socketcall
+
+# define DO_SOCKET(result,domain,type,protocol) \
+	{socketargs[0] = domain; \
+	socketargs[1] = type; \
+	socketargs[2] = protocol; \
+	socketargs[3] = 0; \
+	result = INLINE_SYSCALL(socketcall,2,SOCKOP_socket,socketargs);}
+
+# define DO_CONNECT(result,sockfd,serv_addr,addrlen) \
+	{socketargs[0] = sockfd; \
+	socketargs[1] = (unsigned long int)serv_addr; \
+	socketargs[2] = addrlen; \
+	socketargs[3] = 0; \
+	result = INLINE_SYSCALL(socketcall,2,SOCKOP_connect,socketargs);}
+
+#else
+
+# define DO_SOCKET(result,domain,type,protocol) \
+	{result = INLINE_SYSCALL(socket,3,domain,type,protocol);}
+
+# define DO_CONNECT(result,sockfd,serv_addr,addrlen) \
+	{result = INLINE_SYSCALL(connect,3,sockfd,serv_addr,addrlen);}
+
+#endif
+/* __NR_socketcall */
+
+
+#ifndef _PATH_LOG
+# define _PATH_LOG "/dev/log"
+#endif
+
+static const char path_log[]=_PATH_LOG;
+
+/* For building glibc with SSP switched on, define __progname to a
+ * constant if building for the run-time loader, to avoid pulling
+ * in more of libc.so into ld.so
+ */
+#ifdef IS_IN_rtld
+static char *__progname = "<rtld>";
+#else
+extern char *__progname;
+#endif
+
+
+/* Common handler code, used by stack_chk_fail and __stack_smash_handler
+ * Inlined to ensure no self-references to the handler within itself.
+ * Data static to avoid putting more than necessary on the stack,
+ * to aid core debugging.
+ */
+static inline void
+__attribute__ ((__noreturn__ , __always_inline__))
+__hardened_gentoo_stack_chk_fail (char func[], int damaged)
+{
+#define MESSAGE_BUFSIZ 256
+	static pid_t pid;
+	static int plen, i;
+	static char message[MESSAGE_BUFSIZ];
+	static const char msg_ssa[]=": stack smashing attack";
+	static const char msg_inf[]=" in function ";
+	static const char msg_ssd[]="*** stack smashing detected ***: ";
+	static const char msg_terminated[]=" - terminated\n";
+	static const char msg_report[]="Report to http://bugs.gentoo.org/\n";
+	static const char msg_unknown[]="<unknown>";
+#ifdef SSP_SMASH_DUMPS_CORE
+	static struct sigaction default_abort_act;
+#endif
+	static int log_socket, connect_result;
+	static struct sockaddr_un sock;
+#ifdef __NR_socketcall
+	static unsigned long int socketargs[4];
+#endif
+
+	/* Build socket address
+	 */
+	sock.sun_family = AF_UNIX;
+	i=0;
+	while ((path_log[i] != '\0') && (i<(sizeof(sock.sun_path)-1)))
+	  {
+		sock.sun_path[i]=path_log[i];
+		i++;
+	  }
+	sock.sun_path[i]='\0';
+
+	/* Try SOCK_DGRAM connection to syslog */
+	connect_result=-1;
+	DO_SOCKET(log_socket,AF_UNIX,SOCK_DGRAM,0);
+	if (log_socket != -1)
+		DO_CONNECT(connect_result,log_socket,(&sock),(sizeof(sock)));
+	if (connect_result == -1)
+	  {
+		if (log_socket != -1)
+			INLINE_SYSCALL(close,1,log_socket);
+		/* Try SOCK_STREAM connection to syslog */
+		DO_SOCKET(log_socket,AF_UNIX,SOCK_STREAM,0);
+		if (log_socket != -1)
+			DO_CONNECT(connect_result,log_socket,(&sock),(sizeof(sock)));
+	  }
+
+	/* Build message.  Messages are generated both in the old style and new style,
+	 * so that log watchers that are configured for the old-style message continue
+	 * to work.
+	 */
+#define strconcat(str) \
+		{i=0; while ((str[i] != '\0') && ((i+plen)<(MESSAGE_BUFSIZ-1))) \
+		{\
+			message[plen+i]=str[i];\
+			i++;\
+		}\
+		plen+=i;}
+
+	/* R.Henderson post-gcc-4 style message */
+	plen=0;
+	strconcat(msg_ssd);
+	if (__progname != (char *)0)
+		strconcat(__progname)
+	else
+		strconcat(msg_unknown);
+	strconcat(msg_terminated);
+
+	/* Write out error message to STDERR, to syslog if open */
+	INLINE_SYSCALL(write,3,STDERR_FILENO,message,plen);
+	if (connect_result != -1)
+		INLINE_SYSCALL(write,3,log_socket,message,plen);
+
+	/* Dr. Etoh pre-gcc-4 style message */
+	plen=0;
+	if (__progname != (char *)0)
+		strconcat(__progname)
+	else
+		strconcat(msg_unknown);
+	strconcat(msg_ssa);
+	strconcat(msg_inf);
+	if (func!=NULL)
+		strconcat(func)
+	else
+		strconcat(msg_unknown);
+	strconcat(msg_terminated);
+	/* Write out error message to STDERR, to syslog if open */
+	INLINE_SYSCALL(write,3,STDERR_FILENO,message,plen);
+	if (connect_result != -1)
+		INLINE_SYSCALL(write,3,log_socket,message,plen);
+
+	/* Direct reports to bugs.gentoo.org */
+	plen=0;
+	strconcat(msg_report);
+	message[plen++]='\0';
+
+	/* Write out error message to STDERR, to syslog if open */
+	INLINE_SYSCALL(write,3,STDERR_FILENO,message,plen);
+	if (connect_result != -1)
+		INLINE_SYSCALL(write,3,log_socket,message,plen);
+
+	if (log_socket != -1)
+		INLINE_SYSCALL(close,1,log_socket);
+
+	/* Suicide */
+	pid=INLINE_SYSCALL(getpid,0);
+#ifdef SSP_SMASH_DUMPS_CORE
+	/* Remove any user-supplied handler for SIGABRT, before using it */
+	default_abort_act.sa_handler = SIG_DFL;
+	default_abort_act.sa_sigaction = NULL;
+	__sigfillset(&default_abort_act.sa_mask);
+	default_abort_act.sa_flags = 0;
+	/* sigaction doesn't exist on amd64; however rt_sigaction seems to
+	 * exist everywhere.  rt_sigaction has an extra parameter - the
+	 * size of sigset_t.
+	 */
+# ifdef __NR_sigation
+	if (INLINE_SYSCALL(sigaction,3,SIGABRT,&default_abort_act,NULL) == 0)
+# else
+	/* Although rt_sigaction expects sizeof(sigset_t) - it expects the size
+	 * of the _kernel_ sigset_t which is not the same as the user sigset_t.
+	 * Most arches have this as _NSIG bits - mips has _KERNEL_NSIG bits for
+	 * some reason.
+	 */
+#  ifdef _KERNEL_NSIG
+	if (INLINE_SYSCALL(rt_sigaction,4,SIGABRT,&default_abort_act,NULL,_KERNEL_NSIG/8) == 0)
+#  else
+	if (INLINE_SYSCALL(rt_sigaction,4,SIGABRT,&default_abort_act,NULL,_NSIG/8) == 0)
+#  endif
+# endif
+		INLINE_SYSCALL(kill,2,pid,SIGABRT);
+#endif
+	/* Note; actions cannot be added to SIGKILL */
+	INLINE_SYSCALL(kill,2,pid,SIGKILL);
+
+	/* In case the kill didn't work, exit anyway
+	 * The loop prevents gcc thinking this routine returns
+	 */
+	while (1) INLINE_SYSCALL(exit,0);
+}
+
+void
+__attribute__ ((__noreturn__))
+	__stack_chk_fail (void)
+{
+	__hardened_gentoo_stack_chk_fail(NULL,0);
+}
+
+#ifdef ENABLE_OLD_SSP_COMPAT
+void
+__attribute__ ((__noreturn__))
+__stack_smash_handler(char func[], int damaged)
+{
+	__hardened_gentoo_stack_chk_fail(func,damaged);
+}
+#endif
+
diff --git a/hardened/toolchain/branches/gcc-glibc-nopie/sys-libs/glibc/files/2.4/glibc-2.4-hardened-pie.patch b/hardened/toolchain/branches/gcc-glibc-nopie/sys-libs/glibc/files/2.4/glibc-2.4-hardened-pie.patch
new file mode 100644
index 0000000..a25ab55
--- /dev/null
+++ b/hardened/toolchain/branches/gcc-glibc-nopie/sys-libs/glibc/files/2.4/glibc-2.4-hardened-pie.patch
@@ -0,0 +1,80 @@
+	If compiler is PIE-default (which is indicated by the existing
+	pic_default test, since setting -fPIE sets __PIC__), use the shared
+	versions of crtbegin, crtend and crt1 objects.
+	Kevin F. Quinn <kevquinn@gentoo.org> 15 Dec 2006
+
+--- Makeconfig.orig	2006-12-19 21:40:06.000000000 +0100
++++ Makeconfig	2006-12-19 21:40:20.000000000 +0100
+@@ -415,6 +415,19 @@
+ 
+ # Command for linking programs with the C library.
+ ifndef +link
++ifeq (yes,$(build-pic-default))
++# PIE version
+++link = $(CC) -nostdlib -nostartfiles -pie -o $@ \
++	      $(sysdep-LDFLAGS) $(config-LDFLAGS) $(LDFLAGS) $(LDFLAGS-$(@F)) \
++	      $(combreloc-LDFLAGS) $(relro-LDFLAGS) \
++	      $(addprefix $(csu-objpfx),$(+starts)) \
++	      $(+preinit) $(+prectors) \
++	      $(filter-out $(addprefix $(csu-objpfx),start.o \
++						     $(+starts))\
++			   $(+preinit) $(link-extra-libs) \
++			   $(common-objpfx)libc% $(+postinit),$^) \
++	      $(link-extra-libs) $(link-libc) $(+postctors) $(+postinit)
++else
+ +link = $(CC) -nostdlib -nostartfiles -o $@ \
+ 	      $(sysdep-LDFLAGS) $(config-LDFLAGS) $(LDFLAGS) $(LDFLAGS-$(@F)) \
+ 	      $(combreloc-LDFLAGS) $(relro-LDFLAGS) \
+@@ -426,8 +439,20 @@
+ 			   $(common-objpfx)libc% $(+postinit),$^) \
+ 	      $(link-extra-libs) $(link-libc) $(+postctor) $(+postinit)
+ endif
++endif
+ # Command for statically linking programs with the C library.
+ ifndef +link-static
++ifeq (yes,$(build-pic-default))
+++link-static = $(CC) -nostdlib -nostartfiles -static -o $@ \
++	      $(sysdep-LDFLAGS) $(LDFLAGS) $(LDFLAGS-$(@F)) $(app-LDFLAGS) \
++	      $(addprefix $(csu-objpfx),$(+static-starts)) \
++	      $(+preinit) $(+prectors) \
++	      $(filter-out $(addprefix $(csu-objpfx),start.o \
++						     $(+starts))\
++			   $(+preinit) $(link-extra-libs-static) \
++			   $(common-objpfx)libc% $(+postinit),$^) \
++	      $(link-extra-libs-static) $(link-libc-static) $(+postctors) $(+postinit)
++else
+ +link-static = $(CC) -nostdlib -nostartfiles -static -o $@ \
+ 	      $(sysdep-LDFLAGS) $(LDFLAGS) $(LDFLAGS-$(@F))  \
+ 	      $(addprefix $(csu-objpfx),$(static-start-installed-name)) \
+@@ -438,6 +463,7 @@
+ 			   $(common-objpfx)libc% $(+postinit),$^) \
+ 	      $(link-extra-libs-static) $(link-libc-static) $(+postctor) $(+postinit)
+ endif
++endif
+ # Command for statically linking bounded-pointer programs with the C library.
+ ifndef +link-bounded
+ +link-bounded = $(CC) -nostdlib -nostartfiles -static -fbounded-pointers -o $@ \
+@@ -530,6 +556,12 @@
+ +postinit = $(addprefix $(csu-objpfx),crtn.o)
+ +prector = `$(CC) --print-file-name=crtbegin.o`
+ +postctor = `$(CC) --print-file-name=crtend.o`
++# PIE versions
+++prectors = `$(CC) --print-file-name=crtbeginS.o`
+++postctors = `$(CC) --print-file-name=crtendS.o`
+++starts = S$(start-installed-name)
+++static-starts = S$(static-start-installed-name)
++#
+ +interp = $(addprefix $(elf-objpfx),interp.os)
+ endif
+ csu-objpfx = $(common-objpfx)csu/
+--- configure.in.orig	2006-12-19 22:53:25.000000000 +0100
++++ configure.in	2006-12-19 22:53:41.000000000 +0100
+@@ -2145,7 +2145,7 @@
+ # error PIC is default.
+ #endif
+ EOF
+-if eval "${CC-cc} -S conftest.c 2>&AS_MESSAGE_LOG_FD 1>&AS_MESSAGE_LOG_FD"; then
++if eval "${CC-cc} -fno-PIE -S conftest.c 2>&AS_MESSAGE_LOG_FD 1>&AS_MESSAGE_LOG_FD"; then
+   pic_default=no
+ fi
+ rm -f conftest.*])
diff --git a/hardened/toolchain/branches/gcc-glibc-nopie/sys-libs/glibc/files/2.4/glibc-2.4-linuxssp.patch b/hardened/toolchain/branches/gcc-glibc-nopie/sys-libs/glibc/files/2.4/glibc-2.4-linuxssp.patch
new file mode 100644
index 0000000..9be5201
--- /dev/null
+++ b/hardened/toolchain/branches/gcc-glibc-nopie/sys-libs/glibc/files/2.4/glibc-2.4-linuxssp.patch
@@ -0,0 +1,129 @@
+	Modifications to glibc-2.4 to allow it to build with stack-protection
+	enabled throughout.
+
+	debug/Makefile: build stack_chk_fail_local -fno-stack-protector
+	  Leave stack_chk_fail alone, so checking __SSP__ will show whether
+	  compiler is rigged to build SSP, and hence that we want the modified
+	  handler (which will never trigger SSP because there are no function
+	  calls).
+
+	csu/Makefile, linuxthreads/Makefile, nptl/Makefile: inihibit SSP on
+	  crti/crtn (i.e. compilation of initfini)
+
+	elf/rtld-Rules: Add compilation rules for .oS targets (so that
+	  stack_chk_fail_local will build for rtld).
+
+	elf/Makefile: Add libc_nonshared.a to rtld build set so that
+	  stack_chk_fail_local can be found (and other modifications
+	  so that static objects are considered).
+
+	Makerules: add stack_chk_fail_local.oS to libc_pic.os (needed for
+	  SSP builds on x86 so that it can resolve __stack_chk_fail_local).
+	  Note this is a whole-archive link so adding libc_nonshared.a
+	  causes too much stuff to be included.
+
+	Kevin F. Quinn 2006-09-30
+
+--- debug/Makefile.orig	2006-09-30 17:06:31.000000000 +0200
++++ debug/Makefile	2006-09-30 17:12:45.000000000 +0200
+@@ -70,6 +71,7 @@
+ CFLAGS-pread64_chk.c = -fexceptions -fasynchronous-unwind-tables
+ CFLAGS-recv_chk.c = -fexceptions -fasynchronous-unwind-tables
+ CFLAGS-recvfrom_chk.c = -fexceptions -fasynchronous-unwind-tables
++CFLAGS-stack_chk_fail_local.c = -fno-stack-protector
+ 
+ tst-chk1-ENV = LOCPATH=$(common-objpfx)localedata
+ tst-chk2-ENV = LOCPATH=$(common-objpfx)localedata
+--- csu/Makefile.orig	2006-09-30 13:22:19.000000000 +0200
++++ csu/Makefile	2006-09-30 13:22:38.000000000 +0200
+@@ -93,7 +93,7 @@
+ $(crtstuff:%=$(objpfx)%.o): %.o: %.S $(objpfx)defs.h
+ 	$(compile.S) -g0 $(ASFLAGS-.os) -o $@
+ 
+-CFLAGS-initfini.s = -g0 -fPIC -fno-inline-functions $(fno-unit-at-a-time)
++CFLAGS-initfini.s = -g0 -fPIC -fno-inline-functions -fno-stack-protector $(fno-unit-at-a-time)
+ 
+ vpath initfini.c $(sysdirs)
+ 
+--- linuxthreads/Makefile.orig	2006-09-30 14:39:33.000000000 +0200
++++ linuxthreads/Makefile	2006-09-30 14:39:42.000000000 +0200
+@@ -102,7 +102,7 @@
+ extra-objs += $(crti-objs) $(crtn-objs)
+ omit-deps += crti crtn
+ 
+-CFLAGS-pt-initfini.s = -g0 -fPIC -fno-inline-functions $(fno-unit-at-a-time)
++CFLAGS-pt-initfini.s = -g0 -fPIC -fno-stack-protector -fno-inline-functions $(fno-unit-at-a-time)
+ endif
+ 
+ librt-tests = ex10 ex11 tst-clock1
+--- nptl/Makefile.orig	2006-09-30 14:36:46.000000000 +0200
++++ nptl/Makefile	2006-09-30 14:37:06.000000000 +0200
+@@ -335,7 +335,7 @@
+ extra-objs += $(crti-objs) $(crtn-objs)
+ omit-deps += crti crtn
+ 
+-CFLAGS-pt-initfini.s = -g0 -fPIC -fno-inline-functions $(fno-unit-at-a-time)
++CFLAGS-pt-initfini.s = -g0 -fPIC -fno-stack-protector -fno-inline-functions $(fno-unit-at-a-time)
+ endif
+ 
+ CFLAGS-flockfile.c = -D_IO_MTSAFE_IO
+--- elf/Makefile.orig	2006-10-01 01:37:29.000000000 +0200
++++ elf/Makefile	2006-10-01 01:44:19.000000000 +0200
+@@ -263,7 +263,7 @@
+ # are compiled with special flags, and puts these modules into rtld-libc.a
+ # for us.  Then we do the real link using rtld-libc.a instead of libc_pic.a.
+ 
+-$(objpfx)librtld.map: $(objpfx)dl-allobjs.os $(common-objpfx)libc_pic.a
++$(objpfx)librtld.map: $(objpfx)dl-allobjs.os $(common-objpfx)libc_pic.a $(common-objpfx)libc_nonshared.a
+ 	@-rm -f $@T
+ 	$(reloc-link) -o $@.o '-Wl,-(' $^ -lgcc '-Wl,-)' -Wl,-Map,$@T
+ 	rm -f $@.o
+@@ -271,7 +271,7 @@
+ 
+ $(objpfx)librtld.mk: $(objpfx)librtld.map Makefile
+ 	LC_ALL=C \
+-	sed -n 's@^$(common-objpfx)\([^(]*\)(\([^)]*\.os\)) *.*$$@\1 \2@p' \
++	sed -n 's@^$(common-objpfx)\([^(]*\)(\([^)]*\.o[Ss]\)) *.*$$@\1 \2@p' \
+ 	    $< | \
+ 	while read lib file; do \
+ 	  case $$lib in \
+@@ -281,6 +281,12 @@
+ 	    LC_ALL=C \
+ 	    sed 's@^$(common-objpfx)\([^/]*\)/stamp\.os$$@rtld-\1'" +=$$file@"\
+ 	    ;; \
++	  libc_nonshared.a) \
++	    LC_ALL=C fgrep -l /$$file \
++		  $(common-objpfx)stamp.oS $(common-objpfx)*/stamp.oS | \
++	    LC_ALL=C \
++	    sed 's@^$(common-objpfx)\([^/]*\)/stamp\.oS$$@rtld-\1'" +=$$file@"\
++	    ;; \
+ 	  */*.a) \
+ 	    echo rtld-$${lib%%/*} += $$file ;; \
+ 	  *) echo "Wasn't expecting $$lib($$file)" >&2; exit 1 ;; \
+--- elf/rtld-Rules.orig	2006-10-01 01:41:07.000000000 +0200
++++ elf/rtld-Rules	2006-10-01 01:41:40.000000000 +0200
+@@ -96,11 +96,13 @@
+ $(objpfx)rtld-%.os: %.S $(before-compile); $(compile-command.S)
+ $(objpfx)rtld-%.os: %.s $(before-compile); $(compile-command.s)
+ $(objpfx)rtld-%.os: %.c $(before-compile); $(compile-command.c)
++$(objpfx)rtld-%.oS: %.c $(before-compile); $(compile-command.c)
+ 
+ # The rules for generated source files.
+ $(objpfx)rtld-%.os: $(objpfx)%.S $(before-compile); $(compile-command.S)
+ $(objpfx)rtld-%.os: $(objpfx)%.s $(before-compile); $(compile-command.s)
+ $(objpfx)rtld-%.os: $(objpfx)%.c $(before-compile); $(compile-command.c)
++$(objpfx)rtld-%.oS: $(objpfx)%.c $(before-compile); $(compile-command.c)
+ 
+ # The command line setting of rtld-modules (see above) tells us
+ # what we need to build, and that tells us what dependency files we need.
+--- Makerules.orig	2006-10-01 11:26:40.000000000 +0200
++++ Makerules	2006-10-01 11:27:30.000000000 +0200
+@@ -602,7 +602,7 @@
+ # from being allocated in libc.so, which introduces evil dependencies
+ # between libc.so and ld.so, which can make it impossible to upgrade.
+ ifeq ($(elf),yes)
+-$(common-objpfx)libc_pic.os: $(common-objpfx)libc_pic.a
++$(common-objpfx)libc_pic.os: $(common-objpfx)libc_pic.a $(common-objpfx)debug/stack_chk_fail_local.oS
+ 	$(LINK.o) -nostdlib -nostartfiles -r -o $@ \
+ 	$(LDFLAGS-c_pic.os) -Wl,-d -Wl,--whole-archive $^
+ # Use our own special initializer and finalizer files for libc.so.
diff --git a/hardened/toolchain/branches/gcc-glibc-nopie/sys-libs/glibc/files/2.4/glibc-2.4-testfailobvious.patch b/hardened/toolchain/branches/gcc-glibc-nopie/sys-libs/glibc/files/2.4/glibc-2.4-testfailobvious.patch
new file mode 100644
index 0000000..eeaa639
--- /dev/null
+++ b/hardened/toolchain/branches/gcc-glibc-nopie/sys-libs/glibc/files/2.4/glibc-2.4-testfailobvious.patch
@@ -0,0 +1,23 @@
+	Add an easily-greppable string to the output of test runs.
+	If a test fails, the output will contain a line:
+	FAILED <test output filename>
+	which indicates the test that failed.  Find with 'grep ^FAILED'
+	Kevin F. Quinn <kevquinn@gentoo.org> 15 Dec 2006
+
+--- Rules.orig	2006-02-28 08:05:48.000000000 +0100
++++ Rules	2006-08-05 14:18:39.000000000 +0200
+@@ -142,11 +142,11 @@
+ make-test-out = GCONV_PATH=$(common-objpfx)iconvdata LC_ALL=C \
+ 		$($*-ENV) $(built-program-cmd) $($*-ARGS)
+ $(objpfx)%-bp.out: %.input $(objpfx)%-bp
+-	$(make-test-out) > $@ < $(word 1,$^)
++	$(make-test-out) > $@ < $(word 1,$^) || echo FAILED $@
+ $(objpfx)%.out: %.input $(objpfx)%
+-	$(make-test-out) > $@ < $(word 1,$^)
++	$(make-test-out) > $@ < $(word 1,$^) || echo FAILED $@
+ $(objpfx)%.out: /dev/null $(objpfx)%	# Make it 2nd arg for canned sequence.
+-	$(make-test-out) > $@
++	$(make-test-out) > $@ || echo FAILED $@
+ 
+ endif	# tests
+ 
diff --git a/hardened/toolchain/branches/gcc-glibc-nopie/sys-libs/glibc/files/digest-glibc-2.4-r4 b/hardened/toolchain/branches/gcc-glibc-nopie/sys-libs/glibc/files/digest-glibc-2.4-r4
new file mode 100644
index 0000000..924d433
--- /dev/null
+++ b/hardened/toolchain/branches/gcc-glibc-nopie/sys-libs/glibc/files/digest-glibc-2.4-r4
@@ -0,0 +1,18 @@
+MD5 a219615c811cb21a1a489d0d2bc94b3a glibc-2.4-patches-1.19.tar.bz2 132880
+RMD160 6df74db9b9e85220fba82658036ced5cdc16ae28 glibc-2.4-patches-1.19.tar.bz2 132880
+SHA256 9ec4cd3df3b8e7f294b3c93138d2f0fd7e8213b4981cfcc9cb58c25f934a23fa glibc-2.4-patches-1.19.tar.bz2 132880
+MD5 7e9a88dcd41fbc53801dbe5bdacaf245 glibc-2.4.tar.bz2 15202445
+RMD160 ee2712a0e6fab8e086958c1f23221f8d07af3de1 glibc-2.4.tar.bz2 15202445
+SHA256 27aaaaa78b4ab5da76bb29385dc9be087ba7b855a9102eaaa78ce3ec5e2e7fcd glibc-2.4.tar.bz2 15202445
+MD5 e2d892b40d654c523ab26a26b7dd86a1 glibc-libidn-2.4.tar.bz2 102305
+RMD160 76b2e15e7613c4ac8db3bf90e90929c0e369ab04 glibc-libidn-2.4.tar.bz2 102305
+SHA256 2f29ec2b2b2f75f787a1eed8fdea20aff212dc3bad97651ca376914c49181977 glibc-libidn-2.4.tar.bz2 102305
+MD5 57a7bc37febb08f2f8d0c844e7e376e4 glibc-linuxthreads-20060605.tar.bz2 247200
+RMD160 aaa0a150eec4d63787f86ae04ded4d92a10c6f29 glibc-linuxthreads-20060605.tar.bz2 247200
+SHA256 1d15e236926fff6daa81e6af34e7903206b67f849f828ca976ab077b4677fb52 glibc-linuxthreads-20060605.tar.bz2 247200
+MD5 7bb1b35654e94994925e66676acabd4e glibc-ports-2.4.tar.bz2 381472
+RMD160 72987098f9fbd5a1ad617bf2136081c0db80a429 glibc-ports-2.4.tar.bz2 381472
+SHA256 2fbbcaad8a9f8560485c398a9066959fe2713c8bc7e653ec476fb56fed21d19a glibc-ports-2.4.tar.bz2 381472
+MD5 f576b5601b86a89165c17fdddb92d1cc glibc-powerpc-cpu-addon-v0.01.tgz 22422
+RMD160 3483c94ec55819b36aa66fc60462317f8d15e4df glibc-powerpc-cpu-addon-v0.01.tgz 22422
+SHA256 0ffa9a432fffb9bfed99c529b631a27534ba848c7ec1d707732338b73a4a8ce9 glibc-powerpc-cpu-addon-v0.01.tgz 22422
diff --git a/hardened/toolchain/branches/gcc-glibc-nopie/sys-libs/glibc/files/digest-glibc-2.5 b/hardened/toolchain/branches/gcc-glibc-nopie/sys-libs/glibc/files/digest-glibc-2.5
new file mode 100644
index 0000000..3ec7ab9
--- /dev/null
+++ b/hardened/toolchain/branches/gcc-glibc-nopie/sys-libs/glibc/files/digest-glibc-2.5
@@ -0,0 +1,15 @@
+MD5 76c2c086f3c6a98ee3e6fe4cf03bf25a glibc-2.5-patches-1.3.tar.bz2 173857
+RMD160 3e4dc97f1ec57177084937ce85895efd225e859d glibc-2.5-patches-1.3.tar.bz2 173857
+SHA256 ab6deb5ed782551651931381334486feb829f19ae395374c1961f1e9be10130c glibc-2.5-patches-1.3.tar.bz2 173857
+MD5 1fb29764a6a650a4d5b409dda227ac9f glibc-2.5.tar.bz2 15321839
+RMD160 25a0a460c0db1e5b7c570e5087461696f2096fd2 glibc-2.5.tar.bz2 15321839
+SHA256 9b2e12bb1eafb55ab2e5a868532b8e6ec39216c66c25b8998d7474bc4d4eb529 glibc-2.5.tar.bz2 15321839
+MD5 8787868ba8962d9b125997ec2f25ac01 glibc-libidn-2.5.tar.bz2 102330
+RMD160 e10e85e0ee7cdab2e5518a93978cb688ccabee88 glibc-libidn-2.5.tar.bz2 102330
+SHA256 de77e49e0beee6061d4c6e480f322566ba25d4e5e018c456a18ea4a8da5c0ede glibc-libidn-2.5.tar.bz2 102330
+MD5 870d76d46dcaba37c13d01dca47d1774 glibc-linuxthreads-2.5.tar.bz2 242445
+RMD160 788484d035d53ac39aac18f6e3409a912eea1cfa glibc-linuxthreads-2.5.tar.bz2 242445
+SHA256 ee27aeba6124a8b351c720eb898917f0f8874d9a384cc2f17aa111a3d679bd2c glibc-linuxthreads-2.5.tar.bz2 242445
+MD5 183f6d46e8fa5e4b2aff240ab1586c2e glibc-ports-2.5.tar.bz2 409372
+RMD160 e7e29df135a5f0f72760d10e5ad46de038e40725 glibc-ports-2.5.tar.bz2 409372
+SHA256 80c38a005325e7539012bd665fb8e06af9ee9bfc74efb236ebff121265bfd463 glibc-ports-2.5.tar.bz2 409372
diff --git a/hardened/toolchain/branches/gcc-glibc-nopie/sys-libs/glibc/files/nscd b/hardened/toolchain/branches/gcc-glibc-nopie/sys-libs/glibc/files/nscd
new file mode 100755
index 0000000..a683e8f
--- /dev/null
+++ b/hardened/toolchain/branches/gcc-glibc-nopie/sys-libs/glibc/files/nscd
@@ -0,0 +1,61 @@
+#!/sbin/runscript
+# Copyright 1999-2005 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-libs/glibc/files/nscd,v 1.6 2006/06/18 06:49:50 vapier Exp $
+
+depend() {
+	use dns ldap net slapd
+}
+
+checkconfig() {
+	if [[ ! -d /var/run/nscd ]] ; then
+		mkdir -p /var/run/nscd
+		chmod 755 /var/run/nscd
+	fi
+	if [[ -z ${NSCD_PERMS_OK} && $(stat -c %a /var/run/nscd) != "755" ]] ; then
+		echo ""
+		ewarn "nscd run dir is not world readable, you should reset the perms:"
+		ewarn "chmod 755 /var/run/nscd"
+		ewarn "chmod a+rw /var/run/nscd/socket"
+		echo ""
+		ewarn "To disable this warning, set 'NSCD_PERMS_OK' in /etc/conf.d/nscd"
+		echo ""
+	fi
+}
+
+start() {
+	checkconfig
+
+	ebegin "Starting Name Service Cache Daemon"
+	local secure=`while read curline ; do
+		table=${curline%:*}
+		entries=${curline##$table:}
+		table=${table%%[^a-z]*}
+		case $table in
+			passwd*|group*|hosts)
+			for entry in $entries ; do
+			case $entry in
+				nisplus*)
+					/usr/sbin/nscd_nischeck $table || \
+					/echo "-S $table,yes"
+				;;
+			esac
+			done
+		;;
+		esac
+		done < /etc/nsswitch.conf`
+	local pidfile="$(strings /usr/sbin/nscd | grep nscd.pid)"
+	mkdir -p "$(dirname ${pidfile})"
+	start-stop-daemon --start --quiet \
+		--exec /usr/sbin/nscd --pid ${pidfile} \
+		-- $secure
+	eend $?
+}
+
+stop() {
+	ebegin "Shutting down Name Service Cache Daemon"
+	start-stop-daemon --stop --quiet --exec /usr/sbin/nscd
+	eend $?
+}
+
+# vim:ts=4
diff --git a/hardened/toolchain/branches/gcc-glibc-nopie/sys-libs/glibc/files/nscd.conf b/hardened/toolchain/branches/gcc-glibc-nopie/sys-libs/glibc/files/nscd.conf
new file mode 100644
index 0000000..226dda3
--- /dev/null
+++ b/hardened/toolchain/branches/gcc-glibc-nopie/sys-libs/glibc/files/nscd.conf
@@ -0,0 +1,45 @@
+#
+# /etc/nscd.conf
+#
+# An example Name Service Cache config file.  This file is needed by nscd.
+#
+# Legal entries are:
+#
+#	logfile			<file>
+#	debug-level		<level>
+#	threads			<#threads to use>
+#	server-user             <user to run server as instead of root>
+#		server-user is ignored if nscd is started with -S parameters
+#
+#       enable-cache		<service> <yes|no>
+#	positive-time-to-live	<service> <time in seconds>
+#	negative-time-to-live   <service> <time in seconds>
+#       suggested-size		<service> <prime number>
+#	check-files		<service> <yes|no>
+#
+# Currently supported cache names (services): passwd, group, hosts
+#
+
+
+#	logfile			/var/log/nscd.log
+#	threads			6
+#	server-user		nobody
+	debug-level		0
+
+	enable-cache		passwd		yes
+	positive-time-to-live	passwd		600
+	negative-time-to-live	passwd		20
+	suggested-size		passwd		211
+	check-files		passwd		yes
+
+	enable-cache		group		yes
+	positive-time-to-live	group		3600
+	negative-time-to-live	group		60
+	suggested-size		group		211
+	check-files		group		yes
+
+	enable-cache		hosts		yes
+	positive-time-to-live	hosts		3600
+	negative-time-to-live	hosts		20
+	suggested-size		hosts		211
+	check-files		hosts		yes
diff --git a/hardened/toolchain/branches/gcc-glibc-nopie/sys-libs/glibc/files/nsswitch.conf b/hardened/toolchain/branches/gcc-glibc-nopie/sys-libs/glibc/files/nsswitch.conf
new file mode 100644
index 0000000..eb16961
--- /dev/null
+++ b/hardened/toolchain/branches/gcc-glibc-nopie/sys-libs/glibc/files/nsswitch.conf
@@ -0,0 +1,24 @@
+# /etc/nsswitch.conf:
+# $Header: /var/cvsroot/gentoo-x86/sys-libs/glibc/files/nsswitch.conf,v 1.1 2005/05/17 00:52:41 vapier Exp $
+
+passwd:      compat
+shadow:      compat
+group:       compat
+
+# passwd:    db files nis
+# shadow:    db files nis
+# group:     db files nis
+
+hosts:       files dns
+networks:    files dns
+
+services:    db files
+protocols:   db files
+rpc:         db files
+ethers:      db files
+netmasks:    files
+netgroup:    files
+bootparams:  files
+
+automount:   files
+aliases:     files
diff --git a/hardened/toolchain/branches/gcc-glibc-nopie/sys-libs/glibc/glibc-2.4-r4.ebuild b/hardened/toolchain/branches/gcc-glibc-nopie/sys-libs/glibc/glibc-2.4-r4.ebuild
new file mode 100644
index 0000000..24dcc3e
--- /dev/null
+++ b/hardened/toolchain/branches/gcc-glibc-nopie/sys-libs/glibc/glibc-2.4-r4.ebuild
@@ -0,0 +1,1299 @@
+# Copyright 1999-2006 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-libs/glibc/glibc-2.4-r4.ebuild,v 1.15 2006/12/03 06:45:05 vapier Exp $
+
+# Here's how the cross-compile logic breaks down ...
+#  CTARGET - machine that will target the binaries
+#  CHOST   - machine that will host the binaries
+#  CBUILD  - machine that will build the binaries
+# If CTARGET != CHOST, it means you want a libc for cross-compiling.
+# If CHOST != CBUILD, it means you want to cross-compile the libc.
+#  CBUILD = CHOST = CTARGET    - native build/install
+#  CBUILD != (CHOST = CTARGET) - cross-compile a native build
+#  (CBUILD = CHOST) != CTARGET - libc for cross-compiler
+#  CBUILD != CHOST != CTARGET  - cross-compile a libc for a cross-compiler
+# For install paths:
+#  CHOST = CTARGET  - install into /
+#  CHOST != CTARGET - install into /usr/CTARGET/
+
+KEYWORDS="-* amd64 ~ia64 ~mips ppc ppc64 s390 sh ~sparc x86"
+
+BRANCH_UPDATE=""
+
+# Generated man pages
+GLIBC_MANPAGE_VERSION="none"
+
+# Generated stuff in manual subdir
+GLIBC_INFOPAGE_VERSION="none"
+
+# Gentoo patchset
+PATCH_VER="1.19"
+
+# PPC cpu addon
+# http://penguinppc.org/dev/glibc/glibc-powerpc-cpu-addon.html
+PPC_CPU_ADDON_VER="0.01"
+PPC_CPU_ADDON_TARBALL="glibc-powerpc-cpu-addon-v${PPC_CPU_ADDON_VER}.tgz"
+PPC_CPU_ADDON_URI="http://penguinppc.org/dev/glibc/${PPC_CPU_ADDON_TARBALL}"
+
+# LinuxThreads addon
+LT_VER="20060605"
+LT_TARBALL="glibc-linuxthreads-${LT_VER}.tar.bz2"
+LT_URI="ftp://sources.redhat.com/pub/glibc/snapshots/${LT_TARBALL} mirror://gentoo/${LT_TARBALL}"
+
+GENTOO_TOOLCHAIN_BASE_URI="mirror://gentoo"
+GENTOO_TOOLCHAIN_DEV_URI="http://dev.gentoo.org/~azarah/glibc/XXX http://dev.gentoo.org/~vapier/dist/XXX"
+
+### PUNT OUT TO ECLASS?? ###
+inherit eutils versionator libtool toolchain-funcs flag-o-matic gnuconfig multilib
+
+DESCRIPTION="GNU libc6 (also called glibc2) C library"
+HOMEPAGE="http://www.gnu.org/software/libc/libc.html"
+LICENSE="LGPL-2"
+
+# note that nptl/nptlonly/glibc-compat20 are for upgrade checks only.
+# we dont generally support these things in this version.
+IUSE="nls build nptl nptlonly hardened multilib selinux glibc-omitfp profile glibc-compat20 debug"
+
+export CBUILD=${CBUILD:-${CHOST}}
+export CTARGET=${CTARGET:-${CHOST}}
+if [[ ${CTARGET} == ${CHOST} ]] ; then
+	if [[ ${CATEGORY/cross-} != ${CATEGORY} ]] ; then
+		export CTARGET=${CATEGORY/cross-}
+	fi
+fi
+if [[ ${CTARGET} == ${CHOST} ]] ; then
+	PROVIDE="virtual/libc"
+fi
+
+is_crosscompile() {
+	[[ ${CHOST} != ${CTARGET} ]]
+}
+just_headers() {
+	is_crosscompile && use crosscompile_opts_headers-only
+}
+
+GLIBC_RELEASE_VER=$(get_version_component_range 1-3)
+
+# Don't set this to :-, - allows BRANCH_UPDATE=""
+BRANCH_UPDATE=${BRANCH_UPDATE-$(get_version_component_range 4)}
+
+# (Recent snapshots fails with 2.6.5 and earlier with NPTL)
+NPTL_KERNEL_VERSION=${NPTL_KERNEL_VERSION:-"2.6.9"}
+LT_KERNEL_VERSION=${LT_KERNEL_VERSION:-"2.4.1"}
+
+### SRC_URI ###
+
+# This function handles the basics of setting the SRC_URI for a glibc ebuild.
+# To use, set SRC_URI with:
+#
+#	SRC_URI="$(get_glibc_src_uri)"
+#
+# Other than the variables normally set by portage, this function's behavior
+# can be altered by setting the following:
+#
+#	GENTOO_TOOLCHAIN_BASE_URI
+#			This sets the base URI for all gentoo-specific patch files. Note
+#			that this variable is only important for a brief period of time,
+#			before your source files get picked up by mirrors. However, it is
+#			still highly suggested that you keep files in this location
+#			available.
+#
+#	BRANCH_UPDATE
+#			If set, this variable signals that we should be using the main
+#			release tarball (determined by ebuild version) and applying a
+#			CVS branch update patch against it. The location of this branch
+#			update patch is assumed to be in ${GENTOO_TOOLCHAIN_BASE_URI}.
+#			Just like with SNAPSHOT, this variable is ignored if the ebuild
+#			has a _pre suffix.
+#
+#	PATCH_VER
+#	PATCH_GLIBC_VER
+#			This should be set to the version of the gentoo patch tarball.
+#			The resulting filename of this tarball will be:
+#			glibc-${PATCH_GLIBC_VER:-${GLIBC_RELEASE_VER}}-patches-${PATCH_VER}.tar.bz2
+#
+#	GLIBC_MANPAGE_VERSION
+#	GLIBC_INFOPAGE_VERSION
+#			The version of glibc for which we will download pages. This will
+#			default to ${GLIBC_RELEASE_VER}, but we may not want to pre-generate man pages
+#			for prerelease test ebuilds for example. This allows you to
+#			continue using pre-generated manpages from the last stable release.
+#			If set to "none", this will prevent the downloading of manpages,
+#			which is useful for individual library targets.
+#
+get_glibc_src_uri() {
+	GENTOO_TOOLCHAIN_BASE_URI=${GENTOO_TOOLCHAIN_BASE_URI:-"mirror://gentoo"}
+
+#	GLIBC_SRC_URI="http://ftp.gnu.org/gnu/glibc/glibc-${GLIBC_RELEASE_VER}.tar.bz2
+#	               http://ftp.gnu.org/gnu/glibc/glibc-linuxthreads-${GLIBC_RELEASE_VER}.tar.bz2
+#	               http://ftp.gnu.org/gnu/glibc/glibc-libidn-${GLIBC_RELEASE_VER}.tar.bz2
+	GLIBC_SRC_URI="mirror://gnu/glibc/glibc-${GLIBC_RELEASE_VER}.tar.bz2
+	               mirror://gnu/glibc/glibc-ports-${GLIBC_RELEASE_VER}.tar.bz2
+	               mirror://gnu/glibc/glibc-libidn-${GLIBC_RELEASE_VER}.tar.bz2"
+
+	if [[ -n ${BRANCH_UPDATE} ]] ; then
+		GLIBC_SRC_URI="${GLIBC_SRC_URI}
+			${GENTOO_TOOLCHAIN_BASE_URI}/glibc-${GLIBC_RELEASE_VER}-branch-update-${BRANCH_UPDATE}.patch.bz2
+			${GENTOO_TOOLCHAIN_DEV_URI//XXX/glibc-${GLIBC_RELEASE_VER}-branch-update-${BRANCH_UPDATE}.patch.bz2}"
+	fi
+
+	if [[ -n ${PATCH_VER} ]] ; then
+		GLIBC_SRC_URI="${GLIBC_SRC_URI}
+			${GENTOO_TOOLCHAIN_BASE_URI}/glibc-${PATCH_GLIBC_VER:-${GLIBC_RELEASE_VER}}-patches-${PATCH_VER}.tar.bz2
+			${GENTOO_TOOLCHAIN_DEV_URI//XXX/glibc-${PATCH_GLIBC_VER:-${GLIBC_RELEASE_VER}}-patches-${PATCH_VER}.tar.bz2}"
+	fi
+
+	if [[ ${GLIBC_MANPAGE_VERSION} != "none" ]] ; then
+		GLIBC_SRC_URI="${GLIBC_SRC_URI}
+			${GENTOO_TOOLCHAIN_BASE_URI}/glibc-manpages-${GLIBC_MANPAGE_VERSION:-${GLIBC_RELEASE_VER}}.tar.bz2
+			${GENTOO_TOOLCHAIN_DEV_URI//XXX/glibc-manpages-${GLIBC_MANPAGE_VERSION:-${GLIBC_RELEASE_VER}}.tar.bz2}"
+	fi
+
+	if [[ ${GLIBC_INFOPAGE_VERSION} != "none" ]] ; then
+		GLIBC_SRC_URI="${GLIBC_SRC_URI}
+			${GENTOO_TOOLCHAIN_BASE_URI}/glibc-infopages-${GLIBC_INFOPAGE_VERSION:-${GLIBC_RELEASE_VER}}.tar.bz2
+			${GENTOO_TOOLCHAIN_DEV_URI//XXX/glibc-infopages-${GLIBC_INFOPAGE_VERSION:-${GLIBC_RELEASE_VER}}.tar.bz2}"
+	fi
+
+	[[ -n ${LT_VER} ]] && GLIBC_SRC_URI="${GLIBC_SRC_URI} ${LT_URI}"
+
+	GLIBC_SRC_URI="${GLIBC_SRC_URI} ${PPC_CPU_ADDON_URI}"
+
+	echo "${GLIBC_SRC_URI}"
+}
+
+SRC_URI=$(get_glibc_src_uri)
+S=${WORKDIR}/glibc-${GLIBC_RELEASE_VER}
+
+### EXPORTED FUNCTIONS ###
+unpack_addon() {
+	local addon=$1 ver=${2:-${GLIBC_RELEASE_VER}}
+	unpack glibc-${addon}-${ver}.tar.bz2
+	mv glibc-${addon}-${ver} ${addon} || die
+}
+toolchain-glibc_src_unpack() {
+	# Check NPTL support _before_ we unpack things to save some time
+	want_nptl && check_nptl_support
+
+	unpack glibc-${GLIBC_RELEASE_VER}.tar.bz2
+
+	cd "${S}"
+	if [[ -n ${LT_VER} ]] ; then
+		unpack ${LT_TARBALL}
+		mv glibc-linuxthreads-${LT_VER}/* . || die
+	fi
+	unpack_addon libidn
+	unpack_addon ports
+
+	if [[ -n ${PPC_CPU_ADDON_TARBALL} ]] ; then
+		cd "${S}"
+		unpack ${PPC_CPU_ADDON_TARBALL}
+	fi
+
+	if [[ -n ${PATCH_VER} ]] ; then
+		cd "${WORKDIR}"
+		unpack glibc-${PATCH_GLIBC_VER:-${GLIBC_RELEASE_VER}}-patches-${PATCH_VER}.tar.bz2
+		# pull out all the addons
+		local d
+		for d in extra/*/configure ; do
+			mv "${d%/configure}" "${S}" || die "moving ${d}"
+		done
+	fi
+
+	# XXX: We should do the branchupdate, before extracting the manpages and
+	# infopages else it does not help much (mtimes change if there is a change
+	# to them with branchupdate)
+	if [[ -n ${BRANCH_UPDATE} ]] ; then
+		cd "${S}"
+		epatch "${DISTDIR}"/glibc-${GLIBC_RELEASE_VER}-branch-update-${BRANCH_UPDATE}.patch.bz2
+
+		# Snapshot date patch
+		einfo "Patching version to display snapshot date ..."
+		sed -i -e "s:\(#define RELEASE\).*:\1 \"${BRANCH_UPDATE}\":" version.h
+	fi
+
+	if [[ ${GLIBC_MANPAGE_VERSION} != "none" ]] ; then
+		cd "${WORKDIR}"
+		unpack glibc-manpages-${GLIBC_MANPAGE_VERSION:-${GLIBC_RELEASE_VER}}.tar.bz2
+	fi
+
+	if [[ ${GLIBC_INFOPAGE_VERSION} != "none" ]] ; then
+		cd "${S}"
+		unpack glibc-infopages-${GLIBC_INFOPAGE_VERSION:-${GLIBC_RELEASE_VER}}.tar.bz2
+	fi
+
+	if [[ -n ${PATCH_VER} ]] ; then
+		cd "${S}"
+		EPATCH_MULTI_MSG="Applying Gentoo Glibc Patchset ${PATCH_GLIBC_VER:-${GLIBC_RELEASE_VER}}-${PATCH_VER} ..." \
+		EPATCH_EXCLUDE=${GLIBC_PATCH_EXCLUDE} \
+		EPATCH_SUFFIX="patch" \
+		ARCH=$(tc-arch) \
+		epatch "${WORKDIR}"/patches
+
+		# tag, glibc is it
+		[[ -e csu/Banner ]] && die "need new banner location"
+		echo "Gentoo patchset ${PATCH_VER}" > csu/Banner
+	fi
+
+	einfo "Patching to make test failures clear, and to run all of them."
+	epatch ${FILESDIR}/2.4/glibc-2.4-testfailobvious.patch
+
+	einfo "Patching to get working PIE binaries on PIE (hardened) platforms"
+	epatch ${FILESDIR}/2.4/glibc-2.4-hardened-pie.patch
+
+	if use hardened; then
+		einfo "Installing Hardened Gentoo SSP handler"
+		cp -f ${FILESDIR}/2.4/glibc-2.4-gentoo-stack_chk_fail.c \
+			${S}/debug/stack_chk_fail.c
+
+		if use debug; then
+			# When using Hardened Gentoo stack handler, have smashes dump core for
+			# analysis - debug only, as core could be an information leak
+			# (paranoia).
+			sed -i -e '/^CFLAGS-backtrace.c/ iCFLAGS-stack_chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \
+				${S}/debug/Makefile ||
+				die "Failed to modify debug/Makefile for debug stack handler"
+		fi
+	fi
+
+	gnuconfig_update
+}
+
+toolchain-glibc_src_compile() {
+	echo
+	local v
+	for v in ABI CBUILD CHOST CTARGET CBUILD_OPT CTARGET_OPT CC CFLAGS ; do
+		einfo " $(printf '%15s' ${v}:)   ${!v}"
+	done
+	echo
+
+	if want_linuxthreads ; then
+		glibc_do_configure linuxthreads
+		einfo "Building GLIBC with linuxthreads..."
+		make PARALLELMFLAGS="${MAKEOPTS}" || die "make for ${ABI} failed"
+	fi
+	if want_nptl ; then
+		# ... and then do the optional nptl build
+		unset LD_ASSUME_KERNEL
+		glibc_do_configure nptl
+		einfo "Building GLIBC with NPTL..."
+		make PARALLELMFLAGS="${MAKEOPTS}" || die "make for ${ABI} failed"
+	fi
+}
+
+toolchain-glibc_headers_compile() {
+	local GBUILDDIR=${WORKDIR}/build-${ABI}-${CTARGET}-headers
+	mkdir -p "${GBUILDDIR}"
+	cd "${GBUILDDIR}"
+
+	# Pick out the correct location for build headers
+	local myconf="--disable-sanity-checks --enable-hacker-mode"
+	myconf="${myconf}
+		--enable-add-ons=nptl,ports
+		--without-cvs
+		--enable-bind-now
+		--build=${CBUILD_OPT:-${CBUILD}}
+		--host=${CTARGET_OPT:-${CTARGET}}
+		--with-headers=$(alt_build_headers)
+		--prefix=/usr
+		${EXTRA_ECONF}"
+
+	einfo "Configuring GLIBC headers with: ${myconf// /\n\t\t}"
+	CC=gcc \
+	CFLAGS="-O1 -pipe" \
+	"${S}"/configure ${myconf} || die "failed to configure glibc"
+}
+
+toolchain-glibc_src_test() {
+	cd "${WORKDIR}"/build-${ABI}-${CTARGET}-$1 || die "cd build-${ABI}-${CTARGET}-$1"
+	unset LD_ASSUME_KERNEL
+	# Don't force bind-now on test programs (some test that lazy binding works)
+	gcc-specs-now && append-ldflags "-nonow"
+	make check || ewarn "make check failed for ${ABI}-${CTARGET}-$1"
+}
+
+toolchain-glibc_pkg_preinst() {
+	# PPC64+others may want to eventually be added to this logic if they
+	# decide to be multilib compatible and FHS compliant. note that this
+	# chunk of FHS compliance only applies to 64bit archs where 32bit
+	# compatibility is a major concern (not IA64, for example).
+
+	# amd64's 2005.0 is the first amd64 profile to not need this code.
+	# 2005.0 is setup properly, and this is executed as part of the
+	# 2004.3 -> 2005.0 upgrade script.
+	# It can be removed after 2004.3 has been purged from portage.
+	{ use amd64 || use ppc64; } && [ "$(get_libdir)" == "lib64" ] && ! has_multilib_profile && fix_lib64_symlinks
+
+	# it appears that /lib/tls is sometimes not removed. See bug
+	# 69258 for more info.
+	if [[ -d ${ROOT}/$(alt_libdir)/tls ]] && ! { want_nptl && want_linuxthreads; }; then
+		addwrite "${ROOT}"/$(alt_libdir)/
+		ewarn "nptlonly or -nptl in USE, removing /${ROOT}$(alt_libdir)/tls..."
+		rm -r "${ROOT}"/$(alt_libdir)/tls || die
+	fi
+
+	# Shouldnt need to keep this updated
+	[[ -e ${ROOT}/etc/locale.gen ]] && rm -f "${D}"/etc/locale.gen
+}
+
+toolchain-glibc_src_install() {
+	# These should not be set, else the
+	# zoneinfo do not always get installed ...
+	unset LANGUAGE LANG LC_ALL
+
+	local GBUILDDIR
+	if want_linuxthreads ; then
+		GBUILDDIR=${WORKDIR}/build-${ABI}-${CTARGET}-linuxthreads
+	else
+		GBUILDDIR=${WORKDIR}/build-${ABI}-${CTARGET}-nptl
+	fi
+
+	local install_root=${D}
+	if is_crosscompile ; then
+		install_root="${install_root}/usr/${CTARGET}"
+	fi
+	if want_linuxthreads ; then
+		cd "${WORKDIR}"/build-${ABI}-${CTARGET}-linuxthreads
+		einfo "Installing GLIBC ${ABI} with linuxthreads ..."
+		make PARALLELMFLAGS="${MAKEOPTS} -j1" \
+			install_root="${install_root}" \
+			install || die
+	else # nptlonly
+		cd "${WORKDIR}"/build-${ABI}-${CTARGET}-nptl
+		einfo "Installing GLIBC ${ABI} with NPTL ..."
+		make PARALLELMFLAGS="${MAKEOPTS} -j1" \
+			install_root="${install_root}" \
+			install || die
+	fi
+
+	if is_crosscompile ; then
+		# punt all the junk not needed by a cross-compiler
+		cd "${D}"/usr/${CTARGET} || die
+		rm -rf ./{,usr/}{bin,etc,sbin,share} ./{,usr/}*/{gconv,misc}
+	fi
+
+	if want_linuxthreads && want_nptl ; then
+		einfo "Installing NPTL to $(alt_libdir)/tls/..."
+		cd "${WORKDIR}"/build-${ABI}-${CTARGET}-nptl
+		dodir $(alt_libdir)/tls $(alt_usrlibdir)/nptl
+
+		local l src_lib
+		for l in libc libm librt libpthread libthread_db ; do
+			# take care of shared lib first ...
+			l=${l}.so
+			if [[ -e ${l} ]] ; then
+				src_lib=${l}
+			else
+				src_lib=$(eval echo */${l})
+			fi
+			cp -a ${src_lib} "${D}"$(alt_libdir)/tls/${l} || die "copying nptl ${l}"
+			fperms a+rx $(alt_libdir)/tls/${l}
+			dosym ${l} $(alt_libdir)/tls/$(scanelf -qSF'%S#F' ${src_lib})
+
+			# then grab the linker script or the symlink ...
+			if [[ -L ${D}$(alt_usrlibdir)/${l} ]] ; then
+				dosym $(alt_libdir)/tls/${l} $(alt_usrlibdir)/nptl/${l}
+			else
+				sed \
+					-e "s:/${l}:/tls/${l}:g" \
+					-e "s:/${l/%.so/_nonshared.a}:/nptl/${l/%.so/_nonshared.a}:g" \
+					"${D}"$(alt_usrlibdir)/${l} > "${D}"$(alt_usrlibdir)/nptl/${l}
+			fi
+
+			# then grab the static lib ...
+			src_lib=${src_lib/%.so/.a}
+			[[ ! -e ${src_lib} ]] && src_lib=${src_lib/%.a/_pic.a}
+			cp -a ${src_lib} "${D}"$(alt_usrlibdir)/nptl/ || die "copying nptl ${src_lib}"
+			src_lib=${src_lib/%.a/_nonshared.a}
+			if [[ -e ${src_lib} ]] ; then
+				cp -a ${src_lib} "${D}"$(alt_usrlibdir)/nptl/ || die "copying nptl ${src_lib}"
+			fi
+		done
+
+		# use the nptl linker instead of the linuxthreads one as the linuxthreads
+		# one may lack TLS support and that can be really bad for business
+		cp -a elf/ld.so "${D}"$(alt_libdir)/$(scanelf -qSF'%S#F' elf/ld.so) || die "copying nptl interp"
+	fi
+
+	# We'll take care of the cache ourselves
+	rm -f "${D}"/etc/ld.so.cache
+
+	# Some things want this, notably ash.
+	dosym libbsd-compat.a $(alt_usrlibdir)/libbsd.a
+
+	# Handle includes for different ABIs
+	prep_ml_includes $(alt_headers)
+
+	# When cross-compiling for a non-multilib setup, make sure we have
+	# lib and a proper symlink setup
+	if is_crosscompile && ! use multilib && ! has_multilib_profile && [[ $(get_libdir) != "lib" ]] ; then
+		cd "${D}"$(alt_libdir)/..
+		mv $(get_libdir) lib || die
+		ln -s lib $(get_libdir) || die
+		cd "${D}"$(alt_usrlibdir)/..
+		mv $(get_libdir) lib || die
+		ln -s lib $(get_libdir) || die
+	fi
+
+	#################################################################
+	# EVERYTHING AFTER THIS POINT IS FOR NATIVE GLIBC INSTALLS ONLY #
+	# Make sure we install some symlink hacks so that when we build
+	# a 2nd stage cross-compiler, gcc finds the target system
+	# headers correctly.  See gcc/doc/gccinstall.info
+	if is_crosscompile ; then
+		dosym usr/include /usr/${CTARGET}/sys-include
+		return 0
+	fi
+
+	# Everything past this point just needs to be done once ...
+	is_final_abi || return 0
+
+	# Make sure the non-native interp can be found on multilib systems
+	if has_multilib_profile ; then
+		case $(tc-arch) in
+			amd64)
+				[[ ! -e ${D}/lib ]] && dosym $(get_abi_LIBDIR amd64) /lib
+				dosym /$(get_abi_LIBDIR x86)/ld-linux.so.2 /lib/ld-linux.so.2
+				;;
+			ppc64)
+				[[ ! -e ${D}/lib ]] && dosym $(get_abi_LIBDIR ppc64) /lib
+				dosym /$(get_abi_LIBDIR ppc)/ld.so.1 /lib/ld.so.1
+				;;
+		esac
+	fi
+
+	# Files for Debian-style locale updating
+	dodir /usr/share/i18n
+	sed \
+		-e "/^#/d" \
+		-e "/SUPPORTED-LOCALES=/d" \
+		-e "s: \\\\::g" -e "s:/: :g" \
+		"${S}"/localedata/SUPPORTED > "${D}"/usr/share/i18n/SUPPORTED \
+		|| die "generating /usr/share/i18n/SUPPORTED failed"
+	cd "${WORKDIR}"/extra/locale
+	dosbin locale-gen || die
+	doman *.[0-8]
+	insinto /etc
+	doins locale.gen || die
+
+	# Make sure all the ABI's can find the locales and so we only
+	# have to generate one set
+	local a
+	keepdir /usr/$(get_libdir)/locale
+	for a in $(get_install_abis) ; do
+		if [[ ! -e ${D}/usr/$(get_abi_LIBDIR ${a})/locale ]] ; then
+			dosym /usr/$(get_libdir)/locale /usr/$(get_abi_LIBDIR ${a})/locale
+		fi
+	done
+
+	if ! has noinfo ${FEATURES} && [[ ${GLIBC_INFOPAGE_VERSION} != "none" ]] ; then
+		einfo "Installing info pages..."
+
+		make \
+			-C "${GBUILDDIR}" \
+			PARALLELMFLAGS="${MAKEOPTS} -j1" \
+			install_root="${install_root}" \
+			info -i || die
+	fi
+
+	if [[ ${GLIBC_MANPAGE_VERSION} != "none" ]] ; then
+		einfo "Installing man pages..."
+
+		# Install linuxthreads man pages even if nptl is enabled
+		cd "${WORKDIR}"/man
+		doman *.3thr
+	fi
+
+	# Install misc network config files
+	insinto /etc
+	doins "${WORKDIR}"/extra/etc/*.conf || die
+	doinitd "${WORKDIR}"/extra/etc/nscd || die
+
+	cd "${S}"
+	dodoc BUGS ChangeLog* CONFORMANCE FAQ INTERFACE NEWS NOTES PROJECTS README*
+
+	# Prevent overwriting of the /etc/localtime symlink.  We'll handle the
+	# creation of the "factory" symlink in pkg_postinst().
+	rm -f "${D}"/etc/localtime
+
+	# simple test to make sure our new glibc isnt completely broken.
+	# for now, skip the multilib scenario.  also make sure we don't
+	# test with statically built binaries since they will fail.
+	[[ ${CBUILD} != ${CHOST} ]] && return 0
+	[[ $(get_libdir) != "lib" ]] && return 0
+	for x in date env ls true uname ; do
+		x=$(type -p ${x})
+		[[ -z ${x} ]] && continue
+		striptest=$(LC_ALL="C" file -L ${x} 2>/dev/null)
+		[[ -z ${striptest} ]] && continue
+		[[ ${striptest} == *"statically linked"* ]] && continue
+		"${D}"/$(get_libdir)/ld-*.so \
+			--library-path "${D}"/$(get_libdir) \
+			${x} > /dev/null \
+			|| die "simple run test (${x}) failed"
+	done
+}
+
+toolchain-glibc_headers_install() {
+	local GBUILDDIR=${WORKDIR}/build-${ABI}-${CTARGET}-headers
+	cd "${GBUILDDIR}"
+	make install_root="${D}/usr/${CTARGET}" install-headers || die "install-headers failed"
+	# Copy over headers that are not part of install-headers ... these
+	# are pretty much taken verbatim from crosstool, see it for more details
+	insinto $(alt_headers)/bits
+	doins misc/syscall-list.h bits/stdio_lim.h || die "doins include bits"
+	insinto $(alt_headers)/gnu
+	doins "${S}"/include/gnu/stubs.h || die "doins include gnu"
+	# Make sure we install the sys-include symlink so that when 
+	# we build a 2nd stage cross-compiler, gcc finds the target 
+	# system headers correctly.  See gcc/doc/gccinstall.info
+	dosym usr/include /usr/${CTARGET}/sys-include
+}
+
+toolchain-glibc_pkg_postinst() {
+	# Mixing nptlonly and -nptlonly glibc can prove dangerous if libpthread
+	# isn't removed in unmerge which happens sometimes.  See bug #87671
+	if ! is_crosscompile && want_linuxthreads && [[ ${ROOT} == "/" ]] ; then
+		for libdir in $(get_all_libdirs) ; do
+			for f in "${ROOT}"/${libdir}/libpthread-2.* "${ROOT}"/${libdir}/libpthread-0.6* ; do
+				if [[ -f ${f} ]] ; then
+					rm -f ${f}
+					ldconfig
+				fi
+			done
+		done
+	fi
+
+	if ! tc-is-cross-compiler && [[ -x ${ROOT}/usr/sbin/iconvconfig ]] ; then
+		# Generate fastloading iconv module configuration file.
+		"${ROOT}"/usr/sbin/iconvconfig --prefix="${ROOT}"
+	fi
+
+	if [[ ! -e ${ROOT}/lib/ld.so.1 ]] && use ppc64 && ! has_multilib_profile ; then
+		## SHOULDN'T THIS BE lib64??
+		ln -s ld64.so.1 "${ROOT}"/lib/ld.so.1
+	fi
+
+	if ! is_crosscompile && [[ ${ROOT} == "/" ]] ; then
+		# Reload init ...
+		/sbin/telinit U &> /dev/null
+
+		# if the host locales.gen contains no entries, we'll install everything
+		local locale_list="${ROOT}etc/locale.gen"
+		if [[ -z $(locale-gen --list --config "${locale_list}") ]] ; then
+			ewarn "Generating all locales; edit /etc/locale.gen to save time/space"
+			locale_list="${ROOT}usr/share/i18n/SUPPORTED"
+		fi
+		local x jobs
+		for x in ${MAKEOPTS} ; do [[ ${x} == -j* ]] && jobs=${x#-j} ; done
+		locale-gen -j ${jobs:-1} --config "${locale_list}"
+	fi
+
+	echo
+	einfo "Gentoo's glibc no longer includes mdns."
+	einfo "If you want mdns, emerge the sys-auth/nss-mdns package."
+	echo
+
+	if want_nptl && want_linuxthreads ; then
+		einfo "The default behavior of glibc on your system is to use NPTL.  If"
+		einfo "you want to use linuxthreads for a particular program, start it"
+		einfo "by executing 'LD_ASSUME_KERNEL=${LT_KERNEL_VERSION} <program> [<options>]'"
+		echo
+	fi
+}
+
+### SUPPORT FUNCTIONS ###
+# We need to be able to set alternative headers for
+# compiling for non-native platform
+# Will also become useful for testing kernel-headers without screwing up
+# the whole system.
+# note: intentionally undocumented.
+alt_headers() {
+	if [[ -z ${ALT_HEADERS} ]] ; then
+		if is_crosscompile ; then
+			ALT_HEADERS="/usr/${CTARGET}/usr/include"
+		else
+			ALT_HEADERS="/usr/include"
+		fi
+	fi
+	echo "${ALT_HEADERS}"
+}
+alt_build_headers() {
+	if [[ -z ${ALT_BUILD_HEADERS} ]] ; then
+		ALT_BUILD_HEADERS=$(alt_headers)
+		tc-is-cross-compiler && ALT_BUILD_HEADERS=${ROOT}$(alt_headers)
+	fi
+	echo "${ALT_BUILD_HEADERS}"
+}
+
+alt_libdir() {
+	if is_crosscompile ; then
+		echo /usr/${CTARGET}/$(get_libdir)
+	else
+		echo /$(get_libdir)
+	fi
+}
+
+alt_usrlibdir() {
+	if is_crosscompile ; then
+		echo /usr/${CTARGET}/usr/$(get_libdir)
+	else
+		echo /usr/$(get_libdir)
+	fi
+}
+
+setup_flags() {
+	# Make sure host make.conf doesn't pollute us
+	if is_crosscompile || tc-is-cross-compiler ; then
+		CHOST=${CTARGET} strip-unsupported-flags
+	fi
+
+	# Store our CFLAGS because it's changed depending on which CTARGET
+	# we are building when pulling glibc on a multilib profile
+	CFLAGS_BASE=${CFLAGS_BASE-${CFLAGS}}
+	CFLAGS=${CFLAGS_BASE}
+	CXXFLAGS_BASE=${CXXFLAGS_BASE-${CXXFLAGS}}
+	CXXFLAGS=${CXXFLAGS_BASE}
+	ASFLAGS_BASE=${ASFLAGS_BASE-${ASFLAGS}}
+	ASFLAGS=${ASFLAGS_BASE}
+
+	# Over-zealous CFLAGS can often cause problems.  What may work for one
+	# person may not work for another.  To avoid a large influx of bugs
+	# relating to failed builds, we strip most CFLAGS out to ensure as few
+	# problems as possible.
+	strip-flags
+	strip-unsupported-flags
+	filter-flags -m32 -m64 -mabi=*
+
+	unset CBUILD_OPT CTARGET_OPT
+	if has_multilib_profile ; then
+		CTARGET_OPT=$(get_abi_CTARGET)
+		[[ -z ${CTARGET_OPT} ]] && CTARGET_OPT=$(get_abi_CHOST)
+	fi
+
+	case $(tc-arch) in
+		amd64)
+			# Punt this when amd64's 2004.3 is removed
+			CFLAGS_x86="-m32"
+		;;
+		ppc)
+			append-flags "-freorder-blocks"
+		;;
+		sparc)
+			# Both sparc and sparc64 can use -fcall-used-g6.  -g7 is bad, though.
+			filter-flags "-fcall-used-g7"
+			append-flags "-fcall-used-g6"
+			filter-flags "-mvis"
+
+			if is_crosscompile || [[ ${PROFILE_ARCH} == "sparc64" ]] || { has_multilib_profile && ! tc-is-cross-compiler; } ; then
+				case ${ABI} in
+					sparc64)
+						filter-flags -Wa,-xarch -Wa,-A
+
+						if is-flag "-mcpu=ultrasparc3"; then
+							CTARGET_OPT="sparc64b-unknown-linux-gnu"
+							append-flags "-Wa,-xarch=v9b"
+							export ASFLAGS="${ASFLAGS} -Wa,-xarch=v9b"
+						else
+							CTARGET_OPT="sparc64-unknown-linux-gnu"
+							append-flags "-Wa,-xarch=v9a"
+							export ASFLAGS="${ASFLAGS} -Wa,-xarch=v9a"
+						fi
+					;;
+					*)
+						if is-flag "-mcpu=ultrasparc3"; then
+							CTARGET_OPT="sparcv9b-unknown-linux-gnu"
+						else
+							CTARGET_OPT="sparcv9-unknown-linux-gnu"
+						fi
+					;;
+				esac
+			else
+				if is-flag "-mcpu=ultrasparc3"; then
+					CTARGET_OPT="sparcv9b-unknown-linux-gnu"
+				elif { is_crosscompile && want_nptl; } || is-flag "-mcpu=ultrasparc2" || is-flag "-mcpu=ultrasparc"; then
+					CTARGET_OPT="sparcv9-unknown-linux-gnu"
+				fi
+			fi
+		;;
+	esac
+
+	if [[ -n ${CTARGET_OPT} && ${CBUILD} == ${CHOST} ]] && ! is_crosscompile; then
+		CBUILD_OPT=${CTARGET_OPT}
+	fi
+
+	if $(tc-getCC ${CTARGET}) -v 2>&1 | grep -q 'gcc version 3.[0123]'; then
+		append-flags -finline-limit=2000
+	fi
+
+	# Lock glibc at -O2 -- linuxthreads needs it and we want to be
+	# conservative here.  -fno-strict-aliasing is to work around #155906
+	filter-flags -O?
+	append-flags -O2 -fno-strict-aliasing
+
+	# building glibc with SSP is fraught with difficulty, especially
+	# due to __stack_chk_fail_local which would mean significant changes
+	# to the glibc build process. See bug #94325
+	filter-flags -fstack-protector
+
+	# Don't let the compiler automatically build PIEs unless USE=hardened.
+	#use hardened || filter-flags -fPIE
+	# Don't build glibc itself with PIE - otherwise you get broken crt*
+	# files, and PIE objects in libc.a and friends which isn't useful.
+	filter-flags -fPIE
+}
+
+check_kheader_version() {
+	local header="$(alt_build_headers)/linux/version.h"
+
+	[[ -z $1 ]] && return 1
+
+	if [[ -f ${header} ]] ; then
+		local version=$(grep 'LINUX_VERSION_CODE' ${header} | \
+			sed -e 's:^.*LINUX_VERSION_CODE[[:space:]]*::')
+
+		if [[ ${version} -ge "$1" ]] ; then
+			return 0
+		fi
+	fi
+
+	return 1
+}
+
+check_nptl_support() {
+	local min_kernel_version=$(KV_to_int "${NPTL_KERNEL_VERSION}")
+
+	echo
+
+	ebegin "Checking gcc for __thread support"
+	if ! eend $(want__thread) ; then
+		echo
+		eerror "Could not find a gcc that supports the __thread directive!"
+		eerror "Please update your binutils/gcc and try again."
+		die "No __thread support in gcc!"
+	fi
+
+	if ! is_crosscompile && ! tc-is-cross-compiler ; then
+		# Building fails on an non-supporting kernel
+		ebegin "Checking kernel version (>=${NPTL_KERNEL_VERSION})"
+		if ! eend $([[ $(get_KV) -ge ${min_kernel_version} ]]) ; then
+			echo
+			eerror "You need a kernel of at least version ${NPTL_KERNEL_VERSION}"
+			eerror "for NPTL support!"
+			die "Kernel version too low!"
+		fi
+	fi
+
+	# Building fails with too low linux-headers
+	ebegin "Checking linux-headers version (>=${NPTL_KERNEL_VERSION})"
+	if ! eend $(check_kheader_version "${min_kernel_version}") ; then
+		echo
+		eerror "You need linux-headers of at least version ${NPTL_KERNEL_VERSION}"
+		eerror "for NPTL support!"
+		die "linux-headers version too low!"
+	fi
+
+	echo
+}
+
+want_nptl() {
+	want_tls || return 1
+	use nptl || return 1
+
+	# Only list the arches that cannot do NPTL
+	case $(tc-arch) in
+		hppa|m68k) return 1;;
+		sparc)
+			# >= v9 is needed for nptl.
+			[[ ${PROFILE_ARCH} == "sparc" ]] && return 1
+		;;
+	esac
+
+	return 0
+}
+
+want_linuxthreads() {
+	! use nptlonly && return 0
+	want_nptl || return 0
+	return 1
+}
+
+want_tls() {
+	# Archs that can use TLS (Thread Local Storage)
+	case $(tc-arch) in
+		sparc)
+			# 2.3.6 should have tls support on sparc64
+			# when using newer binutils
+			case ${CTARGET/-*} in
+				sparc64*) return 1 ;;
+				*) return 0 ;;
+			esac
+		;;
+		x86)
+			# requires i486 or better #106556
+			[[ ${CTARGET} == i[4567]86* ]] && return 0
+			return 1
+		;;
+	esac
+
+	return 0
+}
+
+want__thread() {
+	want_tls || return 1
+
+	# For some reason --with-tls --with__thread is causing segfaults on sparc32.
+	[[ ${PROFILE_ARCH} == "sparc" ]] && return 1
+
+	[[ -n ${WANT__THREAD} ]] && return ${WANT__THREAD}
+
+	echo 'extern __thread int i;' > "${T}"/test-__thread.c
+	$(tc-getCC ${CTARGET}) -c "${T}"/test-__thread.c -o "${T}"/test-__thread.o &> /dev/null
+	WANT__THREAD=$?
+	rm -f "${T}"/test-__thread.[co]
+
+	return ${WANT__THREAD}
+}
+
+glibc_do_configure() {
+	local myconf
+
+	# set addons
+	pushd "${S}" > /dev/null
+	local ADDONS=$(echo */configure | sed \
+		-e 's:/configure::g' \
+		-e 's:\(linuxthreads\|nptl\|rtkaio\|glibc-compat\)\( \|$\)::g' \
+		-e 's: \+$::' \
+		-e 's! !,!g' \
+		-e 's!^!,!' \
+		-e '/^,\*$/d')
+	popd > /dev/null
+
+	if [[ -n ${PPC_CPU_ADDON_VER} ]] && [[ $(tc-arch) == ppc* ]] ; then
+		ADDONS="${ADDONS},powerpc-cpu"
+		case $(get-flag mcpu) in
+			970|power4|power5|power5+) myconf="${myconf} --with-cpu=$(get-flag mcpu)"
+		esac
+	fi
+
+	use nls || myconf="${myconf} --disable-nls"
+	myconf="${myconf} $(use_enable hardened stackguard-randomization)"
+	if [[ $(<"${S}"/.ssp.compat) == "yes" ]] ; then
+		myconf="${myconf} --enable-old-ssp-compat"
+	else
+		myconf="${myconf} --disable-old-ssp-compat"
+	fi
+
+	use glibc-omitfp && myconf="${myconf} --enable-omitfp"
+
+	[[ ${CTARGET//_/-} == *-softfloat-* ]] && myconf="${myconf} --without-fp"
+
+	if [[ $1 == "linuxthreads" ]] ; then
+		if want_tls ; then
+			myconf="${myconf} --with-tls"
+
+			if ! want__thread || use glibc-compat20 || [[ ${LT_KERNEL_VERSION} == 2.[02].* ]] ; then
+				myconf="${myconf} --without-__thread"
+			else
+				myconf="${myconf} --with-__thread"
+			fi
+		else
+			myconf="${myconf} --without-tls --without-__thread"
+		fi
+
+		myconf="${myconf} --disable-sanity-checks"
+		myconf="${myconf} --enable-add-ons=ports,linuxthreads${ADDONS}"
+		myconf="${myconf} --enable-kernel=${LT_KERNEL_VERSION}"
+	elif [[ $1 == "nptl" ]] ; then
+		myconf="${myconf} --with-tls --with-__thread"
+		myconf="${myconf} --enable-add-ons=ports,nptl${ADDONS}"
+		myconf="${myconf} --enable-kernel=${NPTL_KERNEL_VERSION}"
+	else
+		die "invalid pthread option"
+	fi
+
+	# Since SELinux support is only required for nscd, only enable it if:
+	# 1. USE selinux
+	# 2. ! USE build
+	# 3. only for the primary ABI on multilib systems
+	if use selinux && ! use build ; then
+		if use multilib || has_multilib_profile ; then
+			if is_final_abi ; then
+				myconf="${myconf} --with-selinux"
+			else
+				myconf="${myconf} --without-selinux"
+			fi
+		else
+			myconf="${myconf} --with-selinux"
+		fi
+	else
+		myconf="${myconf} --without-selinux"
+	fi
+
+	myconf="${myconf}
+		--without-cvs
+		--enable-bind-now
+		--build=${CBUILD_OPT:-${CBUILD}}
+		--host=${CTARGET_OPT:-${CTARGET}}
+		$(use_enable profile)
+		--without-gd
+		--with-headers=$(alt_build_headers)
+		--prefix=/usr
+		--libdir=/usr/$(get_libdir)
+		--mandir=/usr/share/man
+		--infodir=/usr/share/info
+		--libexecdir=/usr/$(get_libdir)/misc/glibc
+		${EXTRA_ECONF}"
+
+	# There is no configure option for this and we need to export it
+	# since the glibc build will re-run configure on itself
+	export libc_cv_slibdir=/$(get_libdir)
+
+	has_version app-admin/eselect-compiler || export CC=$(tc-getCC ${CTARGET})
+
+	local GBUILDDIR=${WORKDIR}/build-${ABI}-${CTARGET}-$1
+	mkdir -p "${GBUILDDIR}"
+	cd "${GBUILDDIR}"
+	einfo "Configuring GLIBC for $1 with: ${myconf// /\n\t\t}"
+	"${S}"/configure ${myconf} || die "failed to configure glibc"
+}
+
+fix_lib64_symlinks() {
+	# the original Gentoo/AMD64 devs decided that since 64bit is the native
+	# bitdepth for AMD64, lib should be used for 64bit libraries. however,
+	# this ignores the FHS and breaks multilib horribly... especially
+	# since it wont even work without a lib64 symlink anyways. *rolls eyes*
+	# see bug 59710 for more information.
+	# Travis Tilley <lv@gentoo.org> (08 Aug 2004)
+	if [ -L ${ROOT}/lib64 ] ; then
+		ewarn "removing /lib64 symlink and moving lib to lib64..."
+		ewarn "dont hit ctrl-c until this is done"
+		addwrite ${ROOT}/
+		rm ${ROOT}/lib64
+		# now that lib64 is gone, nothing will run without calling ld.so
+		# directly. luckily the window of brokenness is almost non-existant
+		use amd64 && /lib/ld-linux-x86-64.so.2 /bin/mv ${ROOT}/lib ${ROOT}/lib64
+		use ppc64 && /lib/ld64.so.1 /bin/mv ${ROOT}/lib ${ROOT}/lib64
+		# all better :)
+		ldconfig
+		ln -s lib64 ${ROOT}/lib
+		einfo "done! :-)"
+		einfo "fixed broken lib64/lib symlink in ${ROOT}"
+	fi
+	if [ -L ${ROOT}/usr/lib64 ] ; then
+		addwrite ${ROOT}/usr
+		rm ${ROOT}/usr/lib64
+		mv ${ROOT}/usr/lib ${ROOT}/usr/lib64
+		ln -s lib64 ${ROOT}/usr/lib
+		einfo "fixed broken lib64/lib symlink in ${ROOT}/usr"
+	fi
+	if [ -L ${ROOT}/usr/X11R6/lib64 ] ; then
+		addwrite ${ROOT}/usr/X11R6
+		rm ${ROOT}/usr/X11R6/lib64
+		mv ${ROOT}/usr/X11R6/lib ${ROOT}/usr/X11R6/lib64
+		ln -s lib64 ${ROOT}/usr/X11R6/lib
+		einfo "fixed broken lib64/lib symlink in ${ROOT}/usr/X11R6"
+	fi
+}
+
+use_multilib() {
+	case ${CTARGET} in
+		sparc64*|mips64*|x86_64*|powerpc64*|s390x*)
+			has_multilib_profile || use multilib ;;
+		*)  false ;;
+	esac
+}
+
+# Setup toolchain variables that would be defined in the profiles for these archs.
+setup_env() {
+	# These should not be set, else the zoneinfo do not always get installed ...
+	unset LANGUAGE LANG LC_ALL
+	# silly users
+	unset LD_RUN_PATH
+
+	if is_crosscompile || tc-is-cross-compiler ; then
+		multilib_env ${CTARGET}
+		if ! use multilib ; then
+			MULTILIB_ABIS=${DEFAULT_ABI}
+		else
+			MULTILIB_ABIS=${MULTILIB_ABIS:-${DEFAULT_ABI}}
+		fi
+
+		# If the user has CFLAGS_<CTARGET> in their make.conf, use that,
+		# and fall back on CFLAGS.
+		local VAR=CFLAGS_${CTARGET//[-.]/_}
+		CFLAGS=${!VAR-${CFLAGS}}
+	fi
+
+	setup_flags
+
+	export ABI=${ABI:-${DEFAULT_ABI:-default}}
+
+	if is_crosscompile || tc-is-cross-compiler ; then
+		local VAR=CFLAGS_${ABI}
+		# We need to export CFLAGS with abi information in them because
+		# glibc's configure script checks CFLAGS for some targets (like mips)
+		export CFLAGS="${!VAR} ${CFLAGS}"
+	fi
+}
+
+### /ECLASS PUNTAGE ###
+
+if is_crosscompile ; then
+	SLOT="${CTARGET}-2.2"
+else
+	SLOT="2.2"
+fi
+
+# we'll handle stripping ourself #46186
+RESTRICT="nostrip multilib-pkg-force"
+
+# General: We need a new-enough binutils for as-needed
+# arch: we need to make sure our binutils/gcc supports TLS
+DEPEND=">=sys-devel/gcc-3.4.4
+	arm? ( >=sys-devel/binutils-2.16.90 >=sys-devel/gcc-4.1.0 )
+	ppc? ( >=sys-devel/gcc-4.1.0 )
+	ppc64? ( >=sys-devel/gcc-4.1.0 )
+	nptl? ( || ( >=sys-kernel/mips-headers-${NPTL_KERNEL_VERSION} >=sys-kernel/linux-headers-${NPTL_KERNEL_VERSION} ) )
+	>=sys-devel/binutils-2.15.94
+	|| ( >=sys-devel/gcc-config-1.3.12 app-admin/eselect-compiler )
+	>=app-misc/pax-utils-0.1.10
+	virtual/os-headers
+	nls? ( sys-devel/gettext )
+	selinux? ( !build? ( sys-libs/libselinux ) )"
+RDEPEND="nls? ( sys-devel/gettext )
+	selinux? ( !build? ( sys-libs/libselinux ) )"
+
+if [[ ${CATEGORY/cross-} != ${CATEGORY} ]] ; then
+	DEPEND="${DEPEND} ${CATEGORY}/gcc"
+
+	if [[ ${CATEGORY} == *-linux* ]] ; then
+		if [[ ${CATEGORY} == cross-mips* ]] ; then
+			DEPEND="${DEPEND} >=${CATEGORY}/mips-headers-2.6.10"
+		else
+			DEPEND="${DEPEND} ${CATEGORY}/linux-headers"
+		fi
+	fi
+else
+	DEPEND="${DEPEND} sys-libs/timezone-data"
+	RDEPEND="${RDEPEND} sys-libs/timezone-data"
+fi
+
+pkg_setup() {
+	# prevent native builds from downgrading ... maybe update to allow people
+	# to change between diff -r versions ? (2.3.6-r4 -> 2.3.6-r2)
+	if ! is_crosscompile && ! tc-is-cross-compiler ; then
+		if has_version '>'${CATEGORY}/${PF} ; then
+			eerror "Sanity check to keep you from breaking your system:"
+			eerror " Downgrading glibc is not supported and a sure way to destruction"
+			die "aborting to save your system"
+		fi
+	fi
+
+	if use glibc-compat20 ; then
+		eerror "This version no longer provides compatibility with old broken"
+		eerror "applications.  If you need this support, call your vendor"
+		eerror "and tell them to release an update that isn't broken."
+		die "non-TLS symbol errno@glibc_2.0 not supported"
+	fi
+	if want_linuxthreads ; then
+		ewarn "glibc-2.4 is nptl-only!"
+		[[ ${CTARGET} == i386-* ]] && eerror "NPTL requires a CHOST of i486 or better"
+		die "please add USE='nptl nptlonly' to make.conf"
+	fi
+
+	if use nptlonly && ! use nptl ; then
+		eerror "If you want nptlonly, add nptl to your USE too ;p"
+		die "nptlonly without nptl"
+	fi
+
+	if [[ -e /proc/xen ]] && [[ $(tc-arch) == "x86" ]] && ! is-flag -mno-tls-direct-seg-refs ; then
+		ewarn "You are using Xen but don't have -mno-tls-direct-seg-refs in your CFLAGS."
+		ewarn "This will result in a 50% performance penalty, which is probably not what you want."
+	fi
+
+	if ! type -p scanelf > /dev/null ; then
+		eerror "You do not have pax-utils installed."
+		die "install pax-utils"
+	fi
+
+	# give some sort of warning about the nptl logic changes...
+	if want_nptl && want_linuxthreads ; then
+		ewarn "Warning! Gentoo's GLIBC with NPTL enabled now behaves like the"
+		ewarn "glibc from almost every other distribution out there. This means"
+		ewarn "that glibc is compiled -twice-, once with linuxthreads and once"
+		ewarn "with nptl. The NPTL version is installed to lib/tls and is still"
+		ewarn "used by default. If you do not need nor want the linuxthreads"
+		ewarn "fallback, you can disable this behavior by adding nptlonly to"
+		ewarn "USE to save yourself some compile time."
+
+		ebeep
+		epause 5
+	fi
+}
+
+src_unpack() {
+	setup_env
+
+	toolchain-glibc_src_unpack
+
+	# Backwards SSP support
+	cd "${S}"
+# For now, we force everyone to have the extra symbols
+#	einfon "Scanning system for __guard to see if we need SSP compat ... "
+#	if [[ -n $(scanelf -qyls__guard -F'#s%F' | grep -v '^/lib.*/libc-2.*.so$') ]] ; then
+		echo "yes" > "${S}"/.ssp.compat
+#	else
+#		# ok, a quick scan didnt find it, so lets do a deep scan ...
+#		if [[ -n $(scanelf -qyRlps__guard -F'#s%F' | grep -v '^/lib.*/libc-2.*.so$') ]] ; then
+#			echo "yes" > "${T}"/.ssp.compat
+#		else
+#			echo "no" > "${T}"/.ssp.compat
+#		fi
+#	fi
+#	cat "${T}"/.ssp.compat
+
+	# Glibc is stupid sometimes, and doesn't realize that with a
+	# static C-Only gcc, -lgcc_eh doesn't exist.
+	# http://sources.redhat.com/ml/libc-alpha/2003-09/msg00100.html
+	# http://sourceware.org/ml/libc-alpha/2005-02/msg00042.html
+	echo 'int main(){}' > "${T}"/gcc_eh_test.c
+	if ! $(tc-getCC ${CTARGET}) "${T}"/gcc_eh_test.c -lgcc_eh 2>/dev/null ; then
+		sed -i -e 's:-lgcc_eh::' Makeconfig || die "sed gcc_eh"
+	fi
+
+	# Some configure checks fail on the first emerge through because they
+	# try to link.  This doesn't work well if we don't have a libc yet.
+	# http://sourceware.org/ml/libc-alpha/2005-02/msg00042.html
+	if is_crosscompile && use build; then
+		rm "${S}"/sysdeps/sparc/sparc64/elf/configure{,.in}
+		rm "${S}"/nptl/sysdeps/pthread/configure{,.in}
+	fi
+
+	cd "${WORKDIR}"
+	find . -type f '(' -size 0 -o -name "*.orig" ')' -exec rm -f {} \;
+	find . -name configure -exec touch {} \;
+
+	# Fix permissions on some of the scripts
+	chmod u+x "${S}"/scripts/*.sh
+}
+
+src_compile() {
+	setup_env
+
+	if [[ -z ${OABI} ]] ; then
+		local abilist=""
+		if has_multilib_profile ; then
+			abilist=$(get_install_abis)
+			einfo "Building multilib glibc for ABIs: ${abilist}"
+		elif is_crosscompile || tc-is-cross-compiler ; then
+			abilist=${DEFAULT_ABI}
+		fi
+		if [[ -n ${abilist} ]] ; then
+			OABI=${ABI}
+			for ABI in ${abilist} ; do
+				export ABI
+				src_compile
+			done
+			ABI=${OABI}
+			unset OABI
+			return 0
+		fi
+	fi
+
+	if just_headers ; then
+		toolchain-glibc_headers_compile
+	else
+		toolchain-glibc_src_compile
+	fi
+}
+
+src_test() {
+	setup_env
+
+	if [[ -z ${OABI} ]] && has_multilib_profile ; then
+		OABI=${ABI}
+		einfo "Testing multilib glibc for ABIs: $(get_install_abis)"
+		for ABI in $(get_install_abis) ; do
+			export ABI
+			einfo "   Testing ${ABI} glibc"
+			src_test
+		done
+		ABI=${OABI}
+		unset OABI
+		return 0
+	fi
+
+	want_linuxthreads && toolchain-glibc_src_test linuxthreads
+	want_nptl && toolchain-glibc_src_test nptl
+}
+
+src_strip() {
+	# Now, strip everything but the thread libs #46186, as well as the dynamic
+	# linker, else we cannot set breakpoints in shared libraries due to bugs in
+	# gdb.  Also want to grab stuff in tls subdir.  whee.
+#when new portage supports this ...
+#	env \
+#		-uRESTRICT \
+#		CHOST=${CTARGET} \
+#		STRIP_MASK="/*/{,tls/}{ld-,lib{pthread,thread_db}}*" \
+#		prepallstrip
+	pushd "${D}" > /dev/null
+
+	if ! is_crosscompile ; then
+		mkdir -p "${T}"/strip-backup
+		for x in $(find "${D}" -maxdepth 3 \
+		           '(' -name 'ld-*' -o -name 'libpthread*' -o -name 'libthread_db*' ')' \
+		           -a '(' '!' -name '*.a' ')' -type f -printf '%P ')
+		do
+			mkdir -p "${T}/strip-backup/${x%/*}"
+			cp -a -- "${D}/${x}" "${T}/strip-backup/${x}" || die "backing up ${x}"
+		done
+	fi
+	env -uRESTRICT CHOST=${CTARGET} prepallstrip
+	if ! is_crosscompile ; then
+		cp -a -- "${T}"/strip-backup/* "${D}"/ || die "restoring non-stripped libs"
+	fi
+
+	popd > /dev/null
+}
+
+src_install() {
+	setup_env
+
+	if [[ -z ${OABI} ]] ; then
+		local abilist=""
+		if has_multilib_profile ; then
+			abilist=$(get_install_abis)
+			einfo "Installing multilib glibc for ABIs: ${abilist}"
+		elif is_crosscompile || tc-is-cross-compiler ; then
+			abilist=${DEFAULT_ABI}
+		fi
+		if [[ -n ${abilist} ]] ; then
+			OABI=${ABI}
+			for ABI in ${abilist} ; do
+				export ABI
+				src_install
+			done
+			ABI=${OABI}
+			unset OABI
+			src_strip
+			return 0
+		fi
+	fi
+
+	if just_headers ; then
+		toolchain-glibc_headers_install
+	else
+		toolchain-glibc_src_install
+	fi
+	[[ -z ${OABI} ]] && src_strip
+}
+
+pkg_preinst() {
+	toolchain-glibc_pkg_preinst
+}
+
+pkg_postinst() {
+	toolchain-glibc_pkg_postinst
+}
diff --git a/hardened/toolchain/branches/gcc-glibc-nopie/sys-libs/glibc/glibc-2.5.ebuild b/hardened/toolchain/branches/gcc-glibc-nopie/sys-libs/glibc/glibc-2.5.ebuild
new file mode 100644
index 0000000..ae28828
--- /dev/null
+++ b/hardened/toolchain/branches/gcc-glibc-nopie/sys-libs/glibc/glibc-2.5.ebuild
@@ -0,0 +1,1244 @@
+# Copyright 1999-2006 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-libs/glibc/glibc-2.5.ebuild,v 1.17 2006/12/03 19:54:20 vapier Exp $
+
+# Here's how the cross-compile logic breaks down ...
+#  CTARGET - machine that will target the binaries
+#  CHOST   - machine that will host the binaries
+#  CBUILD  - machine that will build the binaries
+# If CTARGET != CHOST, it means you want a libc for cross-compiling.
+# If CHOST != CBUILD, it means you want to cross-compile the libc.
+#  CBUILD = CHOST = CTARGET    - native build/install
+#  CBUILD != (CHOST = CTARGET) - cross-compile a native build
+#  (CBUILD = CHOST) != CTARGET - libc for cross-compiler
+#  CBUILD != CHOST != CTARGET  - cross-compile a libc for a cross-compiler
+# For install paths:
+#  CHOST = CTARGET  - install into /
+#  CHOST != CTARGET - install into /usr/CTARGET/
+
+KEYWORDS="-* ~amd64 ~arm ~ia64 ~ppc ~ppc64 ~sh ~x86"
+
+BRANCH_UPDATE=""
+
+# Generated man pages
+GLIBC_MANPAGE_VERSION="none"
+
+# Generated stuff in manual subdir
+GLIBC_INFOPAGE_VERSION="none"
+
+# Gentoo patchset
+PATCH_VER="1.3"
+
+GENTOO_TOOLCHAIN_BASE_URI="mirror://gentoo"
+GENTOO_TOOLCHAIN_DEV_URI="http://dev.gentoo.org/~azarah/glibc/XXX http://dev.gentoo.org/~vapier/dist/XXX"
+
+### PUNT OUT TO ECLASS?? ###
+inherit eutils versionator libtool toolchain-funcs flag-o-matic gnuconfig multilib
+
+DESCRIPTION="GNU libc6 (also called glibc2) C library"
+HOMEPAGE="http://www.gnu.org/software/libc/libc.html"
+LICENSE="LGPL-2"
+
+IUSE="nls build nptl nptlonly hardened multilib selinux glibc-omitfp profile glibc-compat20 debug"
+
+export CBUILD=${CBUILD:-${CHOST}}
+export CTARGET=${CTARGET:-${CHOST}}
+if [[ ${CTARGET} == ${CHOST} ]] ; then
+	if [[ ${CATEGORY/cross-} != ${CATEGORY} ]] ; then
+		export CTARGET=${CATEGORY/cross-}
+	fi
+fi
+if [[ ${CTARGET} == ${CHOST} ]] ; then
+	PROVIDE="virtual/libc"
+fi
+
+is_crosscompile() {
+	[[ ${CHOST} != ${CTARGET} ]]
+}
+just_headers() {
+	is_crosscompile && use crosscompile_opts_headers-only
+}
+
+GLIBC_RELEASE_VER=$(get_version_component_range 1-3)
+
+# Don't set this to :-, - allows BRANCH_UPDATE=""
+BRANCH_UPDATE=${BRANCH_UPDATE-$(get_version_component_range 4)}
+GLIBC_PORTS_VER=${GLIBC_RELEASE_VER}
+#GLIBC_PORTS_VER="20060925"
+GLIBC_LT_VER=${GLIBC_RELEASE_VER}
+#GLIBC_LT_VER="20060605"
+
+# (Recent snapshots fails with 2.6.5 and earlier with NPTL)
+NPTL_KERNEL_VERSION=${NPTL_KERNEL_VERSION:-"2.6.9"}
+LT_KERNEL_VERSION=${LT_KERNEL_VERSION:-"2.4.1"}
+
+### SRC_URI ###
+
+# This function handles the basics of setting the SRC_URI for a glibc ebuild.
+# To use, set SRC_URI with:
+#
+#	SRC_URI="$(get_glibc_src_uri)"
+#
+# Other than the variables normally set by portage, this function's behavior
+# can be altered by setting the following:
+#
+#	GENTOO_TOOLCHAIN_BASE_URI
+#			This sets the base URI for all gentoo-specific patch files. Note
+#			that this variable is only important for a brief period of time,
+#			before your source files get picked up by mirrors. However, it is
+#			still highly suggested that you keep files in this location
+#			available.
+#
+#	BRANCH_UPDATE
+#			If set, this variable signals that we should be using the main
+#			release tarball (determined by ebuild version) and applying a
+#			CVS branch update patch against it. The location of this branch
+#			update patch is assumed to be in ${GENTOO_TOOLCHAIN_BASE_URI}.
+#			Just like with SNAPSHOT, this variable is ignored if the ebuild
+#			has a _pre suffix.
+#
+#	PATCH_VER
+#	PATCH_GLIBC_VER
+#			This should be set to the version of the gentoo patch tarball.
+#			The resulting filename of this tarball will be:
+#			glibc-${PATCH_GLIBC_VER:-${GLIBC_RELEASE_VER}}-patches-${PATCH_VER}.tar.bz2
+#
+#	GLIBC_MANPAGE_VERSION
+#	GLIBC_INFOPAGE_VERSION
+#			The version of glibc for which we will download pages. This will
+#			default to ${GLIBC_RELEASE_VER}, but we may not want to pre-generate man pages
+#			for prerelease test ebuilds for example. This allows you to
+#			continue using pre-generated manpages from the last stable release.
+#			If set to "none", this will prevent the downloading of manpages,
+#			which is useful for individual library targets.
+#
+get_glibc_src_uri() {
+	GENTOO_TOOLCHAIN_BASE_URI=${GENTOO_TOOLCHAIN_BASE_URI:-"mirror://gentoo"}
+
+	GLIBC_SRC_URI="mirror://gnu/glibc/glibc-${GLIBC_RELEASE_VER}.tar.bz2
+	               mirror://gnu/glibc/glibc-ports-${GLIBC_PORTS_VER}.tar.bz2
+	               ftp://sources.redhat.com/pub/glibc/snapshots/glibc-ports-${GLIBC_PORTS_VER}.tar.bz2
+	               mirror://gnu/glibc/glibc-libidn-${GLIBC_RELEASE_VER}.tar.bz2"
+
+	if [[ -n ${BRANCH_UPDATE} ]] ; then
+		GLIBC_SRC_URI="${GLIBC_SRC_URI}
+			${GENTOO_TOOLCHAIN_BASE_URI}/glibc-${GLIBC_RELEASE_VER}-branch-update-${BRANCH_UPDATE}.patch.bz2
+			${GENTOO_TOOLCHAIN_DEV_URI//XXX/glibc-${GLIBC_RELEASE_VER}-branch-update-${BRANCH_UPDATE}.patch.bz2}"
+	fi
+
+	if [[ -n ${PATCH_VER} ]] ; then
+		GLIBC_SRC_URI="${GLIBC_SRC_URI}
+			${GENTOO_TOOLCHAIN_BASE_URI}/glibc-${PATCH_GLIBC_VER:-${GLIBC_RELEASE_VER}}-patches-${PATCH_VER}.tar.bz2
+			${GENTOO_TOOLCHAIN_DEV_URI//XXX/glibc-${PATCH_GLIBC_VER:-${GLIBC_RELEASE_VER}}-patches-${PATCH_VER}.tar.bz2}"
+	fi
+
+	if [[ ${GLIBC_MANPAGE_VERSION} != "none" ]] ; then
+		GLIBC_SRC_URI="${GLIBC_SRC_URI}
+			${GENTOO_TOOLCHAIN_BASE_URI}/glibc-manpages-${GLIBC_MANPAGE_VERSION:-${GLIBC_RELEASE_VER}}.tar.bz2
+			${GENTOO_TOOLCHAIN_DEV_URI//XXX/glibc-manpages-${GLIBC_MANPAGE_VERSION:-${GLIBC_RELEASE_VER}}.tar.bz2}"
+	fi
+
+	if [[ ${GLIBC_INFOPAGE_VERSION} != "none" ]] ; then
+		GLIBC_SRC_URI="${GLIBC_SRC_URI}
+			${GENTOO_TOOLCHAIN_BASE_URI}/glibc-infopages-${GLIBC_INFOPAGE_VERSION:-${GLIBC_RELEASE_VER}}.tar.bz2
+			${GENTOO_TOOLCHAIN_DEV_URI//XXX/glibc-infopages-${GLIBC_INFOPAGE_VERSION:-${GLIBC_RELEASE_VER}}.tar.bz2}"
+	fi
+
+	if [[ -n ${GLIBC_LT_VER} ]] ; then
+		GLIBC_SRC_URI="${GLIBC_SRC_URI}
+			mirror://gnu/glibc/glibc-linuxthreads-${GLIBC_LT_VER}.tar.bz2
+			ftp://sources.redhat.com/pub/glibc/snapshots/glibc-linuxthreads-${GLIBC_LT_VER}.tar.bz2"
+	fi
+
+	echo "${GLIBC_SRC_URI}"
+}
+
+SRC_URI=$(get_glibc_src_uri)
+S=${WORKDIR}/glibc-${GLIBC_RELEASE_VER}
+
+### EXPORTED FUNCTIONS ###
+unpack_addon() {
+	local addon=$1 ver=${2:-${GLIBC_RELEASE_VER}}
+	unpack glibc-${addon}-${ver}.tar.bz2
+	mv glibc-${addon}-${ver} ${addon} || die
+}
+toolchain-glibc_src_unpack() {
+	# Check NPTL support _before_ we unpack things to save some time
+	want_nptl && check_nptl_support
+
+	unpack glibc-${GLIBC_RELEASE_VER}.tar.bz2
+
+	cd "${S}"
+	[[ -n ${GLIBC_LT_VER} ]] && unpack glibc-linuxthreads-${GLIBC_LT_VER}.tar.bz2
+	unpack_addon libidn
+	unpack_addon ports ${GLIBC_PORTS_VER}
+
+	if [[ -n ${PATCH_VER} ]] ; then
+		cd "${WORKDIR}"
+		unpack glibc-${PATCH_GLIBC_VER:-${GLIBC_RELEASE_VER}}-patches-${PATCH_VER}.tar.bz2
+		# pull out all the addons
+		local d
+		for d in extra/*/configure ; do
+			mv "${d%/configure}" "${S}" || die "moving ${d}"
+		done
+	fi
+
+	# XXX: We should do the branchupdate, before extracting the manpages and
+	# infopages else it does not help much (mtimes change if there is a change
+	# to them with branchupdate)
+	if [[ -n ${BRANCH_UPDATE} ]] ; then
+		cd "${S}"
+		epatch "${DISTDIR}"/glibc-${GLIBC_RELEASE_VER}-branch-update-${BRANCH_UPDATE}.patch.bz2
+
+		# Snapshot date patch
+		einfo "Patching version to display snapshot date ..."
+		sed -i -e "s:\(#define RELEASE\).*:\1 \"${BRANCH_UPDATE}\":" version.h
+	fi
+
+	if [[ ${GLIBC_MANPAGE_VERSION} != "none" ]] ; then
+		cd "${WORKDIR}"
+		unpack glibc-manpages-${GLIBC_MANPAGE_VERSION:-${GLIBC_RELEASE_VER}}.tar.bz2
+	fi
+
+	if [[ ${GLIBC_INFOPAGE_VERSION} != "none" ]] ; then
+		cd "${S}"
+		unpack glibc-infopages-${GLIBC_INFOPAGE_VERSION:-${GLIBC_RELEASE_VER}}.tar.bz2
+	fi
+
+	if [[ -n ${PATCH_VER} ]] ; then
+		cd "${S}"
+		EPATCH_MULTI_MSG="Applying Gentoo Glibc Patchset ${PATCH_GLIBC_VER:-${GLIBC_RELEASE_VER}}-${PATCH_VER} ..." \
+		EPATCH_EXCLUDE=${GLIBC_PATCH_EXCLUDE} \
+		EPATCH_SUFFIX="patch" \
+		ARCH=$(tc-arch) \
+		epatch "${WORKDIR}"/patches
+
+		# tag, glibc is it
+		[[ -e csu/Banner ]] && die "need new banner location"
+		echo "Gentoo patchset ${PATCH_VER}" > csu/Banner
+	fi
+
+	einfo "Patching to make test failures clear, and to run all of them."
+	epatch ${FILESDIR}/2.4/glibc-2.4-testfailobvious.patch
+
+	einfo "Patching to get working PIE binaries on PIE (hardened) platforms"
+	epatch ${FILESDIR}/2.4/glibc-2.4-hardened-pie.patch
+
+	if use hardened; then
+		einfo "Installing Hardened Gentoo SSP handler"
+		cp -f ${FILESDIR}/2.4/glibc-2.4-gentoo-stack_chk_fail.c \
+			${S}/debug/stack_chk_fail.c
+
+		if use debug; then
+			# When using Hardened Gentoo stack handler, have smashes dump core for
+			# analysis - debug only, as core could be an information leak
+			# (paranoia).
+			sed -i -e '/^CFLAGS-backtrace.c/ iCFLAGS-stack_chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \
+				${S}/debug/Makefile ||
+				die "Failed to modify debug/Makefile for debug stack handler"
+		fi
+
+		# Build nscd with ssp-all
+		sed -e -i 's:-fstack-protector$:-fstack-protector-all:' ${S}/nscd/Makefile
+	fi
+
+	gnuconfig_update
+}
+
+toolchain-glibc_src_compile() {
+	echo
+	local v
+	for v in ABI CBUILD CHOST CTARGET CBUILD_OPT CTARGET_OPT CC CFLAGS ; do
+		einfo " $(printf '%15s' ${v}:)   ${!v}"
+	done
+	echo
+
+	if want_linuxthreads ; then
+		glibc_do_configure linuxthreads
+		einfo "Building GLIBC with linuxthreads..."
+		make PARALLELMFLAGS="${MAKEOPTS}" || die "make for ${ABI} failed"
+	fi
+	if want_nptl ; then
+		# ... and then do the optional nptl build
+		unset LD_ASSUME_KERNEL
+		glibc_do_configure nptl
+		einfo "Building GLIBC with NPTL..."
+		make PARALLELMFLAGS="${MAKEOPTS}" || die "make for ${ABI} failed"
+	fi
+}
+
+toolchain-glibc_headers_compile() {
+	local GBUILDDIR=${WORKDIR}/build-${ABI}-${CTARGET}-headers
+	mkdir -p "${GBUILDDIR}"
+	cd "${GBUILDDIR}"
+
+	# Pick out the correct location for build headers
+	local myconf="--disable-sanity-checks --enable-hacker-mode"
+	myconf="${myconf}
+		--enable-add-ons=nptl,ports
+		--without-cvs
+		--enable-bind-now
+		--build=${CBUILD_OPT:-${CBUILD}}
+		--host=${CTARGET_OPT:-${CTARGET}}
+		--with-headers=$(alt_build_headers)
+		--prefix=/usr
+		${EXTRA_ECONF}"
+
+	einfo "Configuring GLIBC headers with: ${myconf// /\n\t\t}"
+	CC=gcc \
+	CFLAGS="-O1 -pipe" \
+	"${S}"/configure ${myconf} || die "failed to configure glibc"
+}
+
+toolchain-glibc_src_test() {
+	cd "${WORKDIR}"/build-${ABI}-${CTARGET}-$1 || die "cd build-${ABI}-${CTARGET}-$1"
+	unset LD_ASSUME_KERNEL
+	# Don't force bind-now on test programs (some test that lazy binding works)
+	gcc-specs-now && append-ldflags "-nonow"
+	make check || ewarn "make check failed for ${ABI}-${CTARGET}-$1"
+}
+
+toolchain-glibc_pkg_preinst() {
+	# PPC64+others may want to eventually be added to this logic if they
+	# decide to be multilib compatible and FHS compliant. note that this
+	# chunk of FHS compliance only applies to 64bit archs where 32bit
+	# compatibility is a major concern (not IA64, for example).
+
+	# amd64's 2005.0 is the first amd64 profile to not need this code.
+	# 2005.0 is setup properly, and this is executed as part of the
+	# 2004.3 -> 2005.0 upgrade script.
+	# It can be removed after 2004.3 has been purged from portage.
+	{ use amd64 || use ppc64; } && [ "$(get_libdir)" == "lib64" ] && ! has_multilib_profile && fix_lib64_symlinks
+
+	# it appears that /lib/tls is sometimes not removed. See bug
+	# 69258 for more info.
+	if [[ -d ${ROOT}/$(alt_libdir)/tls ]] && ! { want_nptl && want_linuxthreads; }; then
+		addwrite "${ROOT}"/$(alt_libdir)/
+		ewarn "nptlonly or -nptl in USE, removing /${ROOT}$(alt_libdir)/tls..."
+		rm -r "${ROOT}"/$(alt_libdir)/tls || die
+	fi
+
+	# Shouldnt need to keep this updated
+	[[ -e ${ROOT}/etc/locale.gen ]] && rm -f "${D}"/etc/locale.gen
+}
+
+toolchain-glibc_src_install() {
+	# These should not be set, else the
+	# zoneinfo do not always get installed ...
+	unset LANGUAGE LANG LC_ALL
+
+	local GBUILDDIR
+	if want_linuxthreads ; then
+		GBUILDDIR=${WORKDIR}/build-${ABI}-${CTARGET}-linuxthreads
+	else
+		GBUILDDIR=${WORKDIR}/build-${ABI}-${CTARGET}-nptl
+	fi
+
+	local install_root=${D}
+	is_crosscompile && install_root="${install_root}/usr/${CTARGET}"
+	if want_linuxthreads ; then
+		cd "${WORKDIR}"/build-${ABI}-${CTARGET}-linuxthreads
+		einfo "Installing GLIBC ${ABI} with linuxthreads ..."
+		make PARALLELMFLAGS="${MAKEOPTS}" \
+			install_root="${install_root}" \
+			install || die
+	else # nptlonly
+		cd "${WORKDIR}"/build-${ABI}-${CTARGET}-nptl
+		einfo "Installing GLIBC ${ABI} with NPTL ..."
+		make PARALLELMFLAGS="${MAKEOPTS}" \
+			install_root="${install_root}" \
+			install || die
+	fi
+
+	if is_crosscompile ; then
+		# punt all the junk not needed by a cross-compiler
+		cd "${D}"/usr/${CTARGET} || die
+		rm -rf ./{,usr/}{bin,etc,sbin,share} ./{,usr/}*/{gconv,misc}
+	fi
+
+	if want_linuxthreads && want_nptl ; then
+		einfo "Installing NPTL to $(alt_libdir)/tls/..."
+		cd "${WORKDIR}"/build-${ABI}-${CTARGET}-nptl
+		dodir $(alt_libdir)/tls $(alt_usrlibdir)/nptl
+
+		local l src_lib
+		for l in libc libm librt libpthread libthread_db ; do
+			# take care of shared lib first ...
+			l=${l}.so
+			if [[ -e ${l} ]] ; then
+				src_lib=${l}
+			else
+				src_lib=$(eval echo */${l})
+			fi
+			cp -a ${src_lib} "${D}"$(alt_libdir)/tls/${l} || die "copying nptl ${l}"
+			fperms a+rx $(alt_libdir)/tls/${l}
+			dosym ${l} $(alt_libdir)/tls/$(scanelf -qSF'%S#F' ${src_lib})
+
+			# then grab the linker script or the symlink ...
+			if [[ -L ${D}$(alt_usrlibdir)/${l} ]] ; then
+				dosym $(alt_libdir)/tls/${l} $(alt_usrlibdir)/nptl/${l}
+			else
+				sed \
+					-e "s:/${l}:/tls/${l}:g" \
+					-e "s:/${l/%.so/_nonshared.a}:/nptl/${l/%.so/_nonshared.a}:g" \
+					"${D}"$(alt_usrlibdir)/${l} > "${D}"$(alt_usrlibdir)/nptl/${l}
+			fi
+
+			# then grab the static lib ...
+			src_lib=${src_lib/%.so/.a}
+			[[ ! -e ${src_lib} ]] && src_lib=${src_lib/%.a/_pic.a}
+			cp -a ${src_lib} "${D}"$(alt_usrlibdir)/nptl/ || die "copying nptl ${src_lib}"
+			src_lib=${src_lib/%.a/_nonshared.a}
+			if [[ -e ${src_lib} ]] ; then
+				cp -a ${src_lib} "${D}"$(alt_usrlibdir)/nptl/ || die "copying nptl ${src_lib}"
+			fi
+		done
+
+		# use the nptl linker instead of the linuxthreads one as the linuxthreads
+		# one may lack TLS support and that can be really bad for business
+		cp -a elf/ld.so "${D}"$(alt_libdir)/$(scanelf -qSF'%S#F' elf/ld.so) || die "copying nptl interp"
+	fi
+
+	# We'll take care of the cache ourselves
+	rm -f "${D}"/etc/ld.so.cache
+
+	# Some things want this, notably ash.
+	dosym libbsd-compat.a $(alt_usrlibdir)/libbsd.a
+
+	# Handle includes for different ABIs
+	prep_ml_includes $(alt_headers)
+
+	# When cross-compiling for a non-multilib setup, make sure we have
+	# lib and a proper symlink setup
+	if is_crosscompile && ! use multilib && ! has_multilib_profile && [[ $(get_libdir) != "lib" ]] ; then
+		cd "${D}"$(alt_libdir)/..
+		mv $(get_libdir) lib || die
+		ln -s lib $(get_libdir) || die
+		cd "${D}"$(alt_usrlibdir)/..
+		mv $(get_libdir) lib || die
+		ln -s lib $(get_libdir) || die
+	fi
+
+	#################################################################
+	# EVERYTHING AFTER THIS POINT IS FOR NATIVE GLIBC INSTALLS ONLY #
+	# Make sure we install some symlink hacks so that when we build
+	# a 2nd stage cross-compiler, gcc finds the target system
+	# headers correctly.  See gcc/doc/gccinstall.info
+	if is_crosscompile ; then
+		dosym usr/include /usr/${CTARGET}/sys-include
+		return 0
+	fi
+
+	# Everything past this point just needs to be done once ...
+	is_final_abi || return 0
+
+	# Make sure the non-native interp can be found on multilib systems
+	if has_multilib_profile ; then
+		case $(tc-arch) in
+			amd64)
+				[[ ! -e ${D}/lib ]] && dosym $(get_abi_LIBDIR amd64) /lib
+				dosym /$(get_abi_LIBDIR x86)/ld-linux.so.2 /lib/ld-linux.so.2
+				;;
+			ppc64)
+				[[ ! -e ${D}/lib ]] && dosym $(get_abi_LIBDIR ppc64) /lib
+				dosym /$(get_abi_LIBDIR ppc)/ld.so.1 /lib/ld.so.1
+				;;
+		esac
+	fi
+
+	# Files for Debian-style locale updating
+	dodir /usr/share/i18n
+	sed \
+		-e "/^#/d" \
+		-e "/SUPPORTED-LOCALES=/d" \
+		-e "s: \\\\::g" -e "s:/: :g" \
+		"${S}"/localedata/SUPPORTED > "${D}"/usr/share/i18n/SUPPORTED \
+		|| die "generating /usr/share/i18n/SUPPORTED failed"
+	cd "${WORKDIR}"/extra/locale
+	dosbin locale-gen || die
+	doman *.[0-8]
+	insinto /etc
+	doins locale.gen || die
+
+	# Make sure all the ABI's can find the locales and so we only
+	# have to generate one set
+	local a
+	keepdir /usr/$(get_libdir)/locale
+	for a in $(get_install_abis) ; do
+		if [[ ! -e ${D}/usr/$(get_abi_LIBDIR ${a})/locale ]] ; then
+			dosym /usr/$(get_libdir)/locale /usr/$(get_abi_LIBDIR ${a})/locale
+		fi
+	done
+
+	if ! has noinfo ${FEATURES} && [[ ${GLIBC_INFOPAGE_VERSION} != "none" ]] ; then
+		einfo "Installing info pages..."
+
+		make \
+			-C "${GBUILDDIR}" \
+			PARALLELMFLAGS="${MAKEOPTS} -j1" \
+			install_root="${install_root}" \
+			info -i || die
+	fi
+
+	if [[ ${GLIBC_MANPAGE_VERSION} != "none" ]] ; then
+		einfo "Installing man pages..."
+
+		# Install linuxthreads man pages even if nptl is enabled
+		cd "${WORKDIR}"/man
+		doman *.3thr
+	fi
+
+	# Install misc network config files
+	insinto /etc
+	doins "${WORKDIR}"/extra/etc/*.conf || die
+	doinitd "${WORKDIR}"/extra/etc/nscd || die
+
+	cd "${S}"
+	dodoc BUGS ChangeLog* CONFORMANCE FAQ INTERFACE NEWS NOTES PROJECTS README*
+
+	# Prevent overwriting of the /etc/localtime symlink.  We'll handle the
+	# creation of the "factory" symlink in pkg_postinst().
+	rm -f "${D}"/etc/localtime
+
+	# simple test to make sure our new glibc isnt completely broken.
+	# for now, skip the multilib scenario.  also make sure we don't
+	# test with statically built binaries since they will fail.
+	[[ ${CBUILD} != ${CHOST} ]] && return 0
+	[[ $(get_libdir) != "lib" ]] && return 0
+	for x in date env ls true uname ; do
+		x=$(type -p ${x})
+		[[ -z ${x} ]] && continue
+		striptest=$(LC_ALL="C" file -L ${x} 2>/dev/null)
+		[[ -z ${striptest} ]] && continue
+		[[ ${striptest} == *"statically linked"* ]] && continue
+		"${D}"/$(get_libdir)/ld-*.so \
+			--library-path "${D}"/$(get_libdir) \
+			${x} > /dev/null \
+			|| die "simple run test (${x}) failed"
+	done
+}
+
+toolchain-glibc_headers_install() {
+	local GBUILDDIR=${WORKDIR}/build-${ABI}-${CTARGET}-headers
+	cd "${GBUILDDIR}"
+	make install_root="${D}/usr/${CTARGET}" install-headers || die "install-headers failed"
+	# Copy over headers that are not part of install-headers ... these
+	# are pretty much taken verbatim from crosstool, see it for more details
+	insinto $(alt_headers)/bits
+	doins misc/syscall-list.h bits/stdio_lim.h || die "doins include bits"
+	insinto $(alt_headers)/gnu
+	doins "${S}"/include/gnu/stubs.h || die "doins include gnu"
+	# Make sure we install the sys-include symlink so that when 
+	# we build a 2nd stage cross-compiler, gcc finds the target 
+	# system headers correctly.  See gcc/doc/gccinstall.info
+	dosym usr/include /usr/${CTARGET}/sys-include
+}
+
+toolchain-glibc_pkg_postinst() {
+	# Mixing nptlonly and -nptlonly glibc can prove dangerous if libpthread
+	# isn't removed in unmerge which happens sometimes.  See bug #87671
+	if ! is_crosscompile && want_linuxthreads && [[ ${ROOT} == "/" ]] ; then
+		for libdir in $(get_all_libdirs) ; do
+			for f in "${ROOT}"/${libdir}/libpthread-2.* "${ROOT}"/${libdir}/libpthread-0.6* ; do
+				if [[ -f ${f} ]] ; then
+					rm -f ${f}
+					ldconfig
+				fi
+			done
+		done
+	fi
+
+	if ! tc-is-cross-compiler && [[ -x ${ROOT}/usr/sbin/iconvconfig ]] ; then
+		# Generate fastloading iconv module configuration file.
+		"${ROOT}"/usr/sbin/iconvconfig --prefix="${ROOT}"
+	fi
+
+	if [[ ! -e ${ROOT}/lib/ld.so.1 ]] && use ppc64 && ! has_multilib_profile ; then
+		## SHOULDN'T THIS BE lib64??
+		ln -s ld64.so.1 "${ROOT}"/lib/ld.so.1
+	fi
+
+	if ! is_crosscompile && [[ ${ROOT} == "/" ]] ; then
+		# Reload init ...
+		/sbin/telinit U &> /dev/null
+
+		# if the host locales.gen contains no entries, we'll install everything
+		local locale_list="${ROOT}etc/locale.gen"
+		if [[ -z $(locale-gen --list --config "${locale_list}") ]] ; then
+			ewarn "Generating all locales; edit /etc/locale.gen to save time/space"
+			locale_list="${ROOT}usr/share/i18n/SUPPORTED"
+		fi
+		local x jobs
+		for x in ${MAKEOPTS} ; do [[ ${x} == -j* ]] && jobs=${x#-j} ; done
+		locale-gen -j ${jobs:-1} --config "${locale_list}"
+	fi
+
+	echo
+	einfo "Gentoo's glibc no longer includes mdns."
+	einfo "If you want mdns, emerge the sys-auth/nss-mdns package."
+	echo
+
+	if want_nptl && want_linuxthreads ; then
+		einfo "The default behavior of glibc on your system is to use NPTL.  If"
+		einfo "you want to use linuxthreads for a particular program, start it"
+		einfo "by executing 'LD_ASSUME_KERNEL=${LT_KERNEL_VERSION} <program> [<options>]'"
+		echo
+	fi
+}
+
+### SUPPORT FUNCTIONS ###
+# We need to be able to set alternative headers for
+# compiling for non-native platform
+# Will also become useful for testing kernel-headers without screwing up
+# the whole system.
+# note: intentionally undocumented.
+alt_headers() {
+	if [[ -z ${ALT_HEADERS} ]] ; then
+		if is_crosscompile ; then
+			ALT_HEADERS="/usr/${CTARGET}/usr/include"
+		else
+			ALT_HEADERS="/usr/include"
+		fi
+	fi
+	echo "${ALT_HEADERS}"
+}
+alt_build_headers() {
+	if [[ -z ${ALT_BUILD_HEADERS} ]] ; then
+		ALT_BUILD_HEADERS=$(alt_headers)
+		tc-is-cross-compiler && ALT_BUILD_HEADERS=${ROOT}$(alt_headers)
+	fi
+	echo "${ALT_BUILD_HEADERS}"
+}
+
+alt_libdir() {
+	if is_crosscompile ; then
+		echo /usr/${CTARGET}/$(get_libdir)
+	else
+		echo /$(get_libdir)
+	fi
+}
+
+alt_usrlibdir() {
+	if is_crosscompile ; then
+		echo /usr/${CTARGET}/usr/$(get_libdir)
+	else
+		echo /usr/$(get_libdir)
+	fi
+}
+
+setup_flags() {
+	# Make sure host make.conf doesn't pollute us
+	if is_crosscompile || tc-is-cross-compiler ; then
+		CHOST=${CTARGET} strip-unsupported-flags
+	fi
+
+	# Store our CFLAGS because it's changed depending on which CTARGET
+	# we are building when pulling glibc on a multilib profile
+	CFLAGS_BASE=${CFLAGS_BASE-${CFLAGS}}
+	CFLAGS=${CFLAGS_BASE}
+	CXXFLAGS_BASE=${CXXFLAGS_BASE-${CXXFLAGS}}
+	CXXFLAGS=${CXXFLAGS_BASE}
+	ASFLAGS_BASE=${ASFLAGS_BASE-${ASFLAGS}}
+	ASFLAGS=${ASFLAGS_BASE}
+
+	# Over-zealous CFLAGS can often cause problems.  What may work for one
+	# person may not work for another.  To avoid a large influx of bugs
+	# relating to failed builds, we strip most CFLAGS out to ensure as few
+	# problems as possible.
+	strip-flags
+	strip-unsupported-flags
+	filter-flags -m32 -m64 -mabi=*
+
+	unset CBUILD_OPT CTARGET_OPT
+	if has_multilib_profile ; then
+		CTARGET_OPT=$(get_abi_CTARGET)
+		[[ -z ${CTARGET_OPT} ]] && CTARGET_OPT=$(get_abi_CHOST)
+	fi
+
+	case $(tc-arch) in
+		amd64)
+			# Punt this when amd64's 2004.3 is removed
+			CFLAGS_x86="-m32"
+		;;
+		ppc)
+			append-flags "-freorder-blocks"
+		;;
+		sparc)
+			# Both sparc and sparc64 can use -fcall-used-g6.  -g7 is bad, though.
+			filter-flags "-fcall-used-g7"
+			append-flags "-fcall-used-g6"
+			filter-flags "-mvis"
+
+			if is_crosscompile || [[ ${PROFILE_ARCH} == "sparc64" ]] || { has_multilib_profile && ! tc-is-cross-compiler; } ; then
+				case ${ABI} in
+					sparc64)
+						filter-flags -Wa,-xarch -Wa,-A
+
+						if is-flag "-mcpu=ultrasparc3"; then
+							CTARGET_OPT="sparc64b-unknown-linux-gnu"
+							append-flags "-Wa,-xarch=v9b"
+							export ASFLAGS="${ASFLAGS} -Wa,-xarch=v9b"
+						else
+							CTARGET_OPT="sparc64-unknown-linux-gnu"
+							append-flags "-Wa,-xarch=v9a"
+							export ASFLAGS="${ASFLAGS} -Wa,-xarch=v9a"
+						fi
+					;;
+					*)
+						if is-flag "-mcpu=ultrasparc3"; then
+							CTARGET_OPT="sparcv9b-unknown-linux-gnu"
+						else
+							CTARGET_OPT="sparcv9-unknown-linux-gnu"
+						fi
+					;;
+				esac
+			else
+				if is-flag "-mcpu=ultrasparc3"; then
+					CTARGET_OPT="sparcv9b-unknown-linux-gnu"
+				elif { is_crosscompile && want_nptl; } || is-flag "-mcpu=ultrasparc2" || is-flag "-mcpu=ultrasparc"; then
+					CTARGET_OPT="sparcv9-unknown-linux-gnu"
+				fi
+			fi
+		;;
+	esac
+
+	if [[ -n ${CTARGET_OPT} && ${CBUILD} == ${CHOST} ]] && ! is_crosscompile; then
+		CBUILD_OPT=${CTARGET_OPT}
+	fi
+
+	if $(tc-getCC ${CTARGET}) -v 2>&1 | grep -q 'gcc version 3.[0123]'; then
+		append-flags -finline-limit=2000
+	fi
+
+	# Lock glibc at -O2 -- linuxthreads needs it and we want to be
+	# conservative here.  -fno-strict-aliasing is to work around #155906
+	filter-flags -O?
+	append-flags -O2 -fno-strict-aliasing
+
+	# building glibc with SSP is fraught with difficulty, especially
+	# due to __stack_chk_fail_local which would mean significant changes
+	# to the glibc build process. See bug #94325
+	filter-flags -fstack-protector
+
+	# Don't let the compiler automatically build PIEs unless USE=hardened.
+	use hardened || filter-flags -fPIE
+}
+
+check_kheader_version() {
+	local version=$(
+		printf '#include <linux/version.h>\nLINUX_VERSION_CODE\n' | \
+		$(tc-getCPP ${CTARGET}) -I "$(alt_build_headers)" | \
+		tail -n 1
+	)
+	[[ ${version} -ge "$1" ]]
+}
+
+check_nptl_support() {
+	local min_kernel_version=$(KV_to_int "${NPTL_KERNEL_VERSION}")
+
+	echo
+
+	ebegin "Checking gcc for __thread support"
+	if ! eend $(want__thread) ; then
+		echo
+		eerror "Could not find a gcc that supports the __thread directive!"
+		eerror "Please update your binutils/gcc and try again."
+		die "No __thread support in gcc!"
+	fi
+
+	if ! is_crosscompile && ! tc-is-cross-compiler ; then
+		# Building fails on an non-supporting kernel
+		ebegin "Checking kernel version (>=${NPTL_KERNEL_VERSION})"
+		if ! eend $([[ $(get_KV) -ge ${min_kernel_version} ]]) ; then
+			echo
+			eerror "You need a kernel of at least version ${NPTL_KERNEL_VERSION}"
+			eerror "for NPTL support!"
+			die "Kernel version too low!"
+		fi
+	fi
+
+	# Building fails with too low linux-headers
+	ebegin "Checking linux-headers version (>=${NPTL_KERNEL_VERSION})"
+	if ! eend $(check_kheader_version "${min_kernel_version}") ; then
+		echo
+		eerror "You need linux-headers of at least version ${NPTL_KERNEL_VERSION}"
+		eerror "for NPTL support!"
+		die "linux-headers version too low!"
+	fi
+
+	echo
+}
+
+want_nptl() {
+	want_tls || return 1
+	use nptl || return 1
+
+	# Only list the arches that cannot do NPTL
+	case $(tc-arch) in
+		hppa|m68k) return 1;;
+		sparc)
+			# >= v9 is needed for nptl.
+			[[ ${PROFILE_ARCH} == "sparc" ]] && return 1
+		;;
+	esac
+
+	return 0
+}
+
+want_linuxthreads() {
+	! use nptlonly && return 0
+	want_nptl || return 0
+	return 1
+}
+
+want_tls() {
+	# Archs that can use TLS (Thread Local Storage)
+	case $(tc-arch) in
+		sparc)
+			# 2.3.6 should have tls support on sparc64
+			# when using newer binutils
+			case ${CTARGET/-*} in
+				sparc64*) return 1 ;;
+				*) return 0 ;;
+			esac
+		;;
+		x86)
+			# requires i486 or better #106556
+			[[ ${CTARGET} == i[4567]86* ]] && return 0
+			return 1
+		;;
+	esac
+
+	return 0
+}
+
+want__thread() {
+	want_tls || return 1
+
+	# For some reason --with-tls --with__thread is causing segfaults on sparc32.
+	[[ ${PROFILE_ARCH} == "sparc" ]] && return 1
+
+	[[ -n ${WANT__THREAD} ]] && return ${WANT__THREAD}
+
+	echo 'extern __thread int i;' > "${T}"/test-__thread.c
+	$(tc-getCC ${CTARGET}) -c "${T}"/test-__thread.c -o "${T}"/test-__thread.o &> /dev/null
+	WANT__THREAD=$?
+	rm -f "${T}"/test-__thread.[co]
+
+	return ${WANT__THREAD}
+}
+
+glibc_do_configure() {
+	local myconf
+
+	# set addons
+	pushd "${S}" > /dev/null
+	local ADDONS=$(echo */configure | sed \
+		-e 's:/configure::g' \
+		-e 's:\(linuxthreads\|nptl\|rtkaio\|glibc-compat\)\( \|$\)::g' \
+		-e 's: \+$::' \
+		-e 's! !,!g' \
+		-e 's!^!,!' \
+		-e '/^,\*$/d')
+	popd > /dev/null
+
+	use nls || myconf="${myconf} --disable-nls"
+	myconf="${myconf} $(use_enable hardened stackguard-randomization)"
+	if [[ $(<"${S}"/.ssp.compat) == "yes" ]] ; then
+		myconf="${myconf} --enable-old-ssp-compat"
+	else
+		myconf="${myconf} --disable-old-ssp-compat"
+	fi
+
+	use glibc-omitfp && myconf="${myconf} --enable-omitfp"
+
+	[[ ${CTARGET//_/-} == *-softfloat-* ]] && myconf="${myconf} --without-fp"
+
+	if [[ $1 == "linuxthreads" ]] ; then
+		if want_tls ; then
+			myconf="${myconf} --with-tls"
+
+			if ! want__thread || use glibc-compat20 || [[ ${LT_KERNEL_VERSION} == 2.[02].* ]] ; then
+				myconf="${myconf} --without-__thread"
+			else
+				myconf="${myconf} --with-__thread"
+			fi
+		else
+			myconf="${myconf} --without-tls --without-__thread"
+		fi
+
+		myconf="${myconf} --disable-sanity-checks"
+		myconf="${myconf} --enable-add-ons=ports,linuxthreads${ADDONS}"
+		myconf="${myconf} --enable-kernel=${LT_KERNEL_VERSION}"
+	elif [[ $1 == "nptl" ]] ; then
+		myconf="${myconf} --with-tls --with-__thread"
+		myconf="${myconf} --enable-add-ons=ports,nptl${ADDONS}"
+		myconf="${myconf} --enable-kernel=${NPTL_KERNEL_VERSION}"
+	else
+		die "invalid pthread option"
+	fi
+
+	# Since SELinux support is only required for nscd, only enable it if:
+	# 1. USE selinux
+	# 2. ! USE build
+	# 3. only for the primary ABI on multilib systems
+	if use selinux && ! use build ; then
+		if use multilib || has_multilib_profile ; then
+			if is_final_abi ; then
+				myconf="${myconf} --with-selinux"
+			else
+				myconf="${myconf} --without-selinux"
+			fi
+		else
+			myconf="${myconf} --with-selinux"
+		fi
+	else
+		myconf="${myconf} --without-selinux"
+	fi
+
+	myconf="${myconf}
+		--without-cvs
+		--enable-bind-now
+		--build=${CBUILD_OPT:-${CBUILD}}
+		--host=${CTARGET_OPT:-${CTARGET}}
+		$(use_enable profile)
+		--without-gd
+		--with-headers=$(alt_build_headers)
+		--prefix=/usr
+		--libdir=/usr/$(get_libdir)
+		--mandir=/usr/share/man
+		--infodir=/usr/share/info
+		--libexecdir=/usr/$(get_libdir)/misc/glibc
+		${EXTRA_ECONF}"
+
+	# There is no configure option for this and we need to export it
+	# since the glibc build will re-run configure on itself
+	export libc_cv_slibdir=/$(get_libdir)
+
+	has_version app-admin/eselect-compiler || export CC=$(tc-getCC ${CTARGET})
+
+	local GBUILDDIR=${WORKDIR}/build-${ABI}-${CTARGET}-$1
+	mkdir -p "${GBUILDDIR}"
+	cd "${GBUILDDIR}"
+	einfo "Configuring GLIBC for $1 with: ${myconf// /\n\t\t}"
+	"${S}"/configure ${myconf} || die "failed to configure glibc"
+}
+
+fix_lib64_symlinks() {
+	# the original Gentoo/AMD64 devs decided that since 64bit is the native
+	# bitdepth for AMD64, lib should be used for 64bit libraries. however,
+	# this ignores the FHS and breaks multilib horribly... especially
+	# since it wont even work without a lib64 symlink anyways. *rolls eyes*
+	# see bug 59710 for more information.
+	# Travis Tilley <lv@gentoo.org> (08 Aug 2004)
+	if [ -L ${ROOT}/lib64 ] ; then
+		ewarn "removing /lib64 symlink and moving lib to lib64..."
+		ewarn "dont hit ctrl-c until this is done"
+		addwrite ${ROOT}/
+		rm ${ROOT}/lib64
+		# now that lib64 is gone, nothing will run without calling ld.so
+		# directly. luckily the window of brokenness is almost non-existant
+		use amd64 && /lib/ld-linux-x86-64.so.2 /bin/mv ${ROOT}/lib ${ROOT}/lib64
+		use ppc64 && /lib/ld64.so.1 /bin/mv ${ROOT}/lib ${ROOT}/lib64
+		# all better :)
+		ldconfig
+		ln -s lib64 ${ROOT}/lib
+		einfo "done! :-)"
+		einfo "fixed broken lib64/lib symlink in ${ROOT}"
+	fi
+	if [ -L ${ROOT}/usr/lib64 ] ; then
+		addwrite ${ROOT}/usr
+		rm ${ROOT}/usr/lib64
+		mv ${ROOT}/usr/lib ${ROOT}/usr/lib64
+		ln -s lib64 ${ROOT}/usr/lib
+		einfo "fixed broken lib64/lib symlink in ${ROOT}/usr"
+	fi
+	if [ -L ${ROOT}/usr/X11R6/lib64 ] ; then
+		addwrite ${ROOT}/usr/X11R6
+		rm ${ROOT}/usr/X11R6/lib64
+		mv ${ROOT}/usr/X11R6/lib ${ROOT}/usr/X11R6/lib64
+		ln -s lib64 ${ROOT}/usr/X11R6/lib
+		einfo "fixed broken lib64/lib symlink in ${ROOT}/usr/X11R6"
+	fi
+}
+
+use_multilib() {
+	case ${CTARGET} in
+		sparc64*|mips64*|x86_64*|powerpc64*|s390x*)
+			has_multilib_profile || use multilib ;;
+		*)  false ;;
+	esac
+}
+
+# Setup toolchain variables that would be defined in the profiles for these archs.
+setup_env() {
+	# These should not be set, else the zoneinfo do not always get installed ...
+	unset LANGUAGE LANG LC_ALL
+	# silly users
+	unset LD_RUN_PATH
+
+	if is_crosscompile || tc-is-cross-compiler ; then
+		multilib_env ${CTARGET}
+		if ! use multilib ; then
+			MULTILIB_ABIS=${DEFAULT_ABI}
+		else
+			MULTILIB_ABIS=${MULTILIB_ABIS:-${DEFAULT_ABI}}
+		fi
+
+		# If the user has CFLAGS_<CTARGET> in their make.conf, use that,
+		# and fall back on CFLAGS.
+		local VAR=CFLAGS_${CTARGET//[-.]/_}
+		CFLAGS=${!VAR-${CFLAGS}}
+	fi
+
+	setup_flags
+
+	export ABI=${ABI:-${DEFAULT_ABI:-default}}
+
+	if is_crosscompile || tc-is-cross-compiler ; then
+		local VAR=CFLAGS_${ABI}
+		# We need to export CFLAGS with abi information in them because
+		# glibc's configure script checks CFLAGS for some targets (like mips)
+		export CFLAGS="${!VAR} ${CFLAGS}"
+	fi
+}
+
+### /ECLASS PUNTAGE ###
+
+if is_crosscompile ; then
+	SLOT="${CTARGET}-2.2"
+else
+	SLOT="2.2"
+fi
+
+# we'll handle stripping ourself #46186
+RESTRICT="nostrip multilib-pkg-force"
+
+# General: We need a new-enough binutils for as-needed
+# arch: we need to make sure our binutils/gcc supports TLS
+DEPEND=">=sys-devel/gcc-3.4.4
+	arm? ( >=sys-devel/binutils-2.16.90 >=sys-devel/gcc-4.1.0 )
+	ppc? ( >=sys-devel/gcc-4.1.0 )
+	ppc64? ( >=sys-devel/gcc-4.1.0 )
+	nptl? ( || ( >=sys-kernel/mips-headers-${NPTL_KERNEL_VERSION} >=sys-kernel/linux-headers-${NPTL_KERNEL_VERSION} ) )
+	>=sys-devel/binutils-2.15.94
+	|| ( >=sys-devel/gcc-config-1.3.12 app-admin/eselect-compiler )
+	>=app-misc/pax-utils-0.1.10
+	virtual/os-headers
+	nls? ( sys-devel/gettext )
+	selinux? ( !build? ( sys-libs/libselinux ) )"
+RDEPEND="nls? ( sys-devel/gettext )
+	selinux? ( !build? ( sys-libs/libselinux ) )"
+
+if [[ ${CATEGORY/cross-} != ${CATEGORY} ]] ; then
+	DEPEND="${DEPEND} ${CATEGORY}/gcc"
+
+	if [[ ${CATEGORY} == *-linux* ]] ; then
+		if [[ ${CATEGORY} == cross-mips* ]] ; then
+			DEPEND="${DEPEND} >=${CATEGORY}/mips-headers-2.6.10"
+		else
+			DEPEND="${DEPEND} ${CATEGORY}/linux-headers"
+		fi
+	fi
+else
+	DEPEND="${DEPEND} sys-libs/timezone-data"
+	RDEPEND="${RDEPEND} sys-libs/timezone-data"
+fi
+
+pkg_setup() {
+	# prevent native builds from downgrading ... maybe update to allow people
+	# to change between diff -r versions ? (2.3.6-r4 -> 2.3.6-r2)
+	if ! is_crosscompile && ! tc-is-cross-compiler ; then
+		if has_version '>'${CATEGORY}/${PF} ; then
+			eerror "Sanity check to keep you from breaking your system:"
+			eerror " Downgrading glibc is not supported and a sure way to destruction"
+			die "aborting to save your system"
+		fi
+	fi
+
+	if want_nptl && [[ ${CTARGET} == i386-* ]] ; then
+		eerror "NPTL requires a CHOST of i486 or better"
+		die "please fix your CHOST"
+	fi
+
+	if use nptlonly && ! use nptl ; then
+		eerror "If you want nptlonly, add nptl to your USE too ;p"
+		die "nptlonly without nptl"
+	fi
+
+	if [[ -e /proc/xen ]] && [[ $(tc-arch) == "x86" ]] && ! is-flag -mno-tls-direct-seg-refs ; then
+		ewarn "You are using Xen but don't have -mno-tls-direct-seg-refs in your CFLAGS."
+		ewarn "This will result in a 50% performance penalty, which is probably not what you want."
+	fi
+
+	if ! type -p scanelf > /dev/null ; then
+		eerror "You do not have pax-utils installed."
+		die "install pax-utils"
+	fi
+}
+
+src_unpack() {
+	setup_env
+
+	toolchain-glibc_src_unpack
+
+	# Backwards SSP support
+	cd "${S}"
+# For now, we force everyone to have the extra symbols
+#	einfon "Scanning system for __guard to see if we need SSP compat ... "
+#	if [[ -n $(scanelf -qyls__guard -F'#s%F' | grep -v '^/lib.*/libc-2.*.so$') ]] ; then
+		echo "yes" > "${S}"/.ssp.compat
+#	else
+#		# ok, a quick scan didnt find it, so lets do a deep scan ...
+#		if [[ -n $(scanelf -qyRlps__guard -F'#s%F' | grep -v '^/lib.*/libc-2.*.so$') ]] ; then
+#			echo "yes" > "${T}"/.ssp.compat
+#		else
+#			echo "no" > "${T}"/.ssp.compat
+#		fi
+#	fi
+#	cat "${T}"/.ssp.compat
+
+	# Glibc is stupid sometimes, and doesn't realize that with a
+	# static C-Only gcc, -lgcc_eh doesn't exist.
+	# http://sources.redhat.com/ml/libc-alpha/2003-09/msg00100.html
+	# http://sourceware.org/ml/libc-alpha/2005-02/msg00042.html
+	echo 'int main(){}' > "${T}"/gcc_eh_test.c
+	if ! $(tc-getCC ${CTARGET}) "${T}"/gcc_eh_test.c -lgcc_eh 2>/dev/null ; then
+		sed -i -e 's:-lgcc_eh::' Makeconfig || die "sed gcc_eh"
+	fi
+
+	# Some configure checks fail on the first emerge through because they
+	# try to link.  This doesn't work well if we don't have a libc yet.
+	# http://sourceware.org/ml/libc-alpha/2005-02/msg00042.html
+	if is_crosscompile && use build; then
+		rm "${S}"/sysdeps/sparc/sparc64/elf/configure{,.in}
+		rm "${S}"/nptl/sysdeps/pthread/configure{,.in}
+	fi
+
+	cd "${WORKDIR}"
+	find . -type f '(' -size 0 -o -name "*.orig" ')' -exec rm -f {} \;
+	find . -name configure -exec touch {} \;
+
+	# Fix permissions on some of the scripts
+	chmod u+x "${S}"/scripts/*.sh
+}
+
+src_compile() {
+	setup_env
+
+	if [[ -z ${OABI} ]] ; then
+		local abilist=""
+		if has_multilib_profile ; then
+			abilist=$(get_install_abis)
+			einfo "Building multilib glibc for ABIs: ${abilist}"
+		elif is_crosscompile || tc-is-cross-compiler ; then
+			abilist=${DEFAULT_ABI}
+		fi
+		if [[ -n ${abilist} ]] ; then
+			OABI=${ABI}
+			for ABI in ${abilist} ; do
+				export ABI
+				src_compile
+			done
+			ABI=${OABI}
+			unset OABI
+			return 0
+		fi
+	fi
+
+	if just_headers ; then
+		toolchain-glibc_headers_compile
+	else
+		toolchain-glibc_src_compile
+	fi
+}
+
+src_test() {
+	setup_env
+
+	if [[ -z ${OABI} ]] && has_multilib_profile ; then
+		OABI=${ABI}
+		einfo "Testing multilib glibc for ABIs: $(get_install_abis)"
+		for ABI in $(get_install_abis) ; do
+			export ABI
+			einfo "   Testing ${ABI} glibc"
+			src_test
+		done
+		ABI=${OABI}
+		unset OABI
+		return 0
+	fi
+
+	want_linuxthreads && toolchain-glibc_src_test linuxthreads
+	want_nptl && toolchain-glibc_src_test nptl
+}
+
+src_strip() {
+	# Now, strip everything but the thread libs #46186, as well as the dynamic
+	# linker, else we cannot set breakpoints in shared libraries due to bugs in
+	# gdb.  Also want to grab stuff in tls subdir.  whee.
+#when new portage supports this ...
+#	env \
+#		-uRESTRICT \
+#		CHOST=${CTARGET} \
+#		STRIP_MASK="/*/{,tls/}{ld-,lib{pthread,thread_db}}*" \
+#		prepallstrip
+	pushd "${D}" > /dev/null
+
+	if ! is_crosscompile ; then
+		mkdir -p "${T}"/strip-backup
+		for x in $(find "${D}" -maxdepth 3 \
+		           '(' -name 'ld-*' -o -name 'libpthread*' -o -name 'libthread_db*' ')' \
+		           -a '(' '!' -name '*.a' ')' -type f -printf '%P ')
+		do
+			mkdir -p "${T}/strip-backup/${x%/*}"
+			cp -a -- "${D}/${x}" "${T}/strip-backup/${x}" || die "backing up ${x}"
+		done
+	fi
+	env -uRESTRICT CHOST=${CTARGET} prepallstrip
+	if ! is_crosscompile ; then
+		cp -a -- "${T}"/strip-backup/* "${D}"/ || die "restoring non-stripped libs"
+	fi
+
+	popd > /dev/null
+}
+
+src_install() {
+	setup_env
+
+	if [[ -z ${OABI} ]] ; then
+		local abilist=""
+		if has_multilib_profile ; then
+			abilist=$(get_install_abis)
+			einfo "Installing multilib glibc for ABIs: ${abilist}"
+		elif is_crosscompile || tc-is-cross-compiler ; then
+			abilist=${DEFAULT_ABI}
+		fi
+		if [[ -n ${abilist} ]] ; then
+			OABI=${ABI}
+			for ABI in ${abilist} ; do
+				export ABI
+				src_install
+			done
+			ABI=${OABI}
+			unset OABI
+			src_strip
+			return 0
+		fi
+	fi
+
+	if just_headers ; then
+		toolchain-glibc_headers_install
+	else
+		toolchain-glibc_src_install
+	fi
+	[[ -z ${OABI} ]] && src_strip
+}
+
+pkg_preinst() {
+	toolchain-glibc_pkg_preinst
+}
+
+pkg_postinst() {
+	toolchain-glibc_pkg_postinst
+}
diff --git a/hardened/toolchain/branches/gcc-glibc-nopie/toolchain.README b/hardened/toolchain/branches/gcc-glibc-nopie/toolchain.README
new file mode 100644
index 0000000..6e65198
--- /dev/null
+++ b/hardened/toolchain/branches/gcc-glibc-nopie/toolchain.README
@@ -0,0 +1,154 @@
+NOTES
+=====
+
+Non-PIE support is a mess (well, strictly speaking it's broken)
+So far, crt{begin,end}.o are now correctly built no-PIE.
+However, libgcc.a/libgcc_eh.a, libc.a, libpthread.a, libieee.a, libgcov.a
+are built PIE.  This ok for linking PIEs, but rubbish for doing non-PIE
+links (i.e. vanilla).  Also crtfastmath.o is only built once (there's no
+crtfastmathS.o) - so we build it PIE.
+
+So, what to do?
+
+For vanilla compiles, we need the .a's built -nopie.
+For hardened compiles, we need the .a's built -fPIE - if they ever get used
+that way.  If we can convince ourselves that when building -fPIE the .so's
+are used, then we don't need PIE versions of these .a's.
+To do this, add '-nopie' to CFLAGS for libgcc.a in gcc/Makefile.in?
+
+For libc.a - we could treat hardened as a multilib system; with the normal no-PIE
+ABI and our PIE ABI - and get glibc to build itself two ways; one for vanilla and
+one for hardened.  Or, we could try to force all .a's to be built -nopie - this
+isn't easy, however, as you can't tell from normal compilation commands whether
+it's for a .a or for an executable.
+
+I think the multiple-ABI approach is easier.  We could then drop PIE from the
+compiler variants,  leaving just relro/now and ssp combinations, which don't change
+the ABI, and do the -fPIE thing in the compiler wrapper, when ABI is PIE.
+I'm thinking of doing MULTLIB_ABIS="x86 x86_pie" and defining
+CFLAGS_x86_pie="-fpie -pie"
+LDFLAGS_x86_pie="-fpie -pie"
+LIBDIR_x86="lib"
+LIBDIR_x86_pie="libpie"
+note; the gcc-config wrapper adds CFLAGS_x86_pie to the command line, but doesn't look at LDFLAGS_<abi>
+
+
+Upgrade path for Hardened Gentoo users from glibc-2.3*/gcc-3* to glibc-2.4+/gcc-4.1+
+====================================================================================
+
+Note; references to "hardened", "non-hardened" etc refer to the toolchain, not the
+kernel.
+
+
+Generic upgrade instructions
+----------------------------
+
+There are separate instructions depending on where you start.  Instruction set (2)
+should work in all cases, provided a vanilla compiler is set via gcc-config first.
+However the most common case will be (1) - which is why it's listed first :)
+
+
+1) HARDENED SYSTEMS with hardened gcc-3 and glibc-2.3
+   Going from an existing hardened system (gcc-3.4.6 & glibc-2.3.6 hardened)
+
+  .1) emerge --oneshot sys-libs/glibc
+      build the hardened version of glibc-2.4 (with the gcc-3 hardened compiler)
+
+  .2) emerge --oneshot sys-devel/gcc
+      build the hardened gcc-4.1.1 with the hardened gcc-3.4.6
+      
+  .3) emerge --oneshot sys-libs/glibc
+      rebuild the hardened version of glibc-2.4 (with the gcc-4 hardened compiler)
+
+
+2) NON-HARDENED SYSTEMS with gcc-4.1.1 and glibc-2.4 (no -hardened compiler available)
+   Going from non-hardened stage3 2006.1:
+   This starts from non-hardened gcc-4.1.1 and glibc-2.4
+
+  .1) Switch profile to the hardened profile
+      This means remaking the softlink /etc/make.conf to a hardened profile.
+	  Do not confuse this with selecting a hardened compiler with gcc-config (which
+	  you can't do anyway from the standard 2006.1 stage3).
+
+  .2) emerge --oneshot sys-libs/glibc
+      Build glibc with support for both gcc-3 and gcc-4 stack protectiona.
+
+  .3) USE="-hardened" emerge --oneshot sys-devel/gcc
+      Build gcc-4 non-hardened, but including split-specs so it can build
+	  hardened objects later.
+
+  .4) gcc-config to the (now available) hardened variant of the compiler.
+
+  .5) emerge --oneshot sys-libs/glibc
+      Build the hardened version of glibc-2.4 (with the gcc-4 hardened compiler)
+
+  .6) emerge --oneshot sys-devel/gcc
+      This will build gcc itself hardened (in particular, building the static libraries PIE)
+
+
+3) NON-HARDENED SYSTEMS with a -hardened gcc available
+
+  .1) gcc-config to the -hardened gcc
+
+  .2) emerge --oneshot sys-libs/glibc
+      Build glibc with support for both gcc-3 and gcc-4 stack protectiona.
+
+  .3) emerge --oneshot sys-devel/gcc
+      build the hardened gcc-4.1.1 with a hardened gcc
+
+  .4) emerge --oneshot sys-libs/glibc
+      rebuild the hardened version of glibc-2.4 (with the gcc-4 hardened compiler)
+
+
+Platform-specific notes
+-----------------------
+
+sparc
+For gcc-4 SSP to work, glibc must be 2.4 or higher.  Glibc-2.4 is nptl-only, so this means
+it's not available on 32-bit sparc (sparcv8).
+
+
+
+
+Toolchain mods for hardened gcc-4.x/glibc-2.4
+=============================================
+
+* glibc __stack_chk_fail implementation written so that it's ok when glibc built with SSP
+  Implement stderr & syslog messaging, SIGKILL and _exit to provide a secure termination
+  (the one supplied by glibc is for debug purposes only), and all via inline syscalls
+  avoiding any function calls (which would potentially invoke __stack_chk_fail).
+  Note; building glibc with ssp-all is causing too many problems at the moment, so for
+  now it's set to build without ssp.
+  Sorted out the PIE building better (replaces the filter-ldflags -pie with something
+  more sensible).
+  (done) Use SIG_ABRT instead of SIG_KILL - means doing the sigset stuff.
+  (done) Use INTERNAL_SYSCALL (check vsyscall page isn't user modifiable)
+
+* gcc minispecs for gcc-4.1.1 and gcc-3.4.6, from psm
+  Much simplified gcc patching for hardened compiler; use of minispecs to generate
+  the relevant specs files.  Involves a few changes in toolchain.eclass and
+  flag-o-matic.eclass.
+
+* Specs switching handled by the wrappers, rather than the gcc-specs-env patch
+  (app-admin/eselect-compiler only).  This gives us ccache reliability, as for
+  gcc itself the specs are specified on the command line as normal.
+  May not be a good idea - doing it gcc itself guarantees it'll happen even if
+  the wrappers aren't used (is that ever the case?).
+  Further investigation ongoing to manage filtering; considering doing this by
+  adjusting GCC_SPECS, although it may be better as a separate variable (perhaps
+  as part of COMPILER_FEATURES - see bug #128810)
+
+Still cooking
+
+* Look into -DFORTIFY_SOURCE=2, -msecure-plt for ppc
+
+
+Status summary:
+===============
+
+glibc ok (builds itself non-ssp)
+gcc ok (ish)
+   Needs distfile gcc-4.1.1-piepatches-v9.0.6.tar.bz2 from toolchain/distfiles
+   (or gcc-3.4.6-piepatches-v9.0.5.tar.bz2 for gcc-3.4.6)
+
+