--- a/eclass/toolchain.eclass	2010-04-25 17:47:56.000000000 +0200
+++ a/eclass/toolchain.eclass	2010-04-29 00:29:27.000000000 +0200
@@ -143,6 +143,7 @@ 
 		IUSE="${IUSE} altivec build fortran nls nocxx"
 		[[ -n ${PIE_VER} ]] && IUSE="${IUSE} nopie"
 		[[ -n ${PP_VER}	 ]] && IUSE="${IUSE} nossp"
+		[[ -n ${SPECS_VER} ]] && IUSE="${IUSE} nossp"
 		[[ -n ${HTB_VER} ]] && IUSE="${IUSE} boundschecking"
 		[[ -n ${D_VER}	 ]] && IUSE="${IUSE} d"
 
@@ -278,7 +279,7 @@ 
 #
 gentoo_urls() {
 	local devspace="HTTP~lv/GCC/URI HTTP~eradicator/gcc/URI HTTP~vapier/dist/URI
-	HTTP~halcy0n/patches/URI"
+	HTTP~halcy0n/patches/URI HTTP~zorry/patches/gcc/URI"
 	devspace=${devspace//HTTP/http:\/\/dev.gentoo.org\/}
 	echo mirror://gentoo/$1 ${devspace//URI/$1}
 }
@@ -290,9 +291,6 @@ 
 	export HTB_GCC_VER=${HTB_GCC_VER:-${GCC_RELEASE_VER}}
 	export SPECS_GCC_VER=${SPECS_GCC_VER:-${GCC_RELEASE_VER}}
 
-	[[ -n ${PIE_VER} ]] && \
-		PIE_CORE=${PIE_CORE:-gcc-${PIE_GCC_VER}-piepatches-v${PIE_VER}.tar.bz2}
-
 	# Set where to download gcc itself depending on whether we're using a
 	# prerelease, snapshot, or release tarball.
 	if [[ -n ${PRERELEASE} ]] ; then
@@ -334,11 +332,12 @@ 
 
 	# strawberry pie, Cappuccino and a Gauloises (it's a good thing)
 	[[ -n ${PIE_VER} ]] && \
-		GCC_SRC_URI="${GCC_SRC_URI} !nopie? ( $(gentoo_urls ${PIE_CORE}) )"
-
+		PIE_CORE=${PIE_CORE:-gcc-${PIE_GCC_VER}-piepatches-v${PIE_VER}.tar.bz2} && \
+		GCC_SRC_URI="${GCC_SRC_URI} $(gentoo_urls ${PIE_CORE})"
+		
 	# gcc minispec for the hardened gcc 4 compiler
 	[[ -n ${SPECS_VER} ]] && \
-		GCC_SRC_URI="${GCC_SRC_URI} !nopie? ( $(gentoo_urls gcc-${SPECS_GCC_VER}-specs-${SPECS_VER}.tar.bz2) )"
+		GCC_SRC_URI="${GCC_SRC_URI} $(gentoo_urls gcc-${SPECS_GCC_VER}-specs-${SPECS_VER}.tar.bz2)"
 
 	# gcc bounds checking patch
 	if [[ -n ${HTB_VER} ]] ; then
@@ -392,6 +393,7 @@ 
 		[[ ${CTARGET} == *-freebsd* ]] && return 1
 
 		want_pie || return 1
+		tc_version_is_at_least 4.3.2 && use nopie && return 1
 		hardened_gcc_is_stable pie && return 0
 		if has "~$(tc-arch)" ${ACCEPT_KEYWORDS} ; then
 			hardened_gcc_check_unsupported pie && return 1
@@ -400,7 +402,7 @@ 
 		fi
 		return 1
 	elif [[ $1 == "ssp" ]] ; then
-		[[ -z ${PP_VER} ]] && return 1
+		want_ssp || return 1
 		hardened_gcc_is_stable ssp && return 0
 		if has "~$(tc-arch)" ${ACCEPT_KEYWORDS} ; then
 			hardened_gcc_check_unsupported ssp && return 1
@@ -490,19 +490,39 @@ 
 	return 1
 }
 want_boundschecking() { _want_stuff HTB_VER boundschecking ; }
-want_pie() { _want_stuff PIE_VER !nopie ; }
-want_ssp() { _want_stuff PP_VER !nossp ; }
+want_pie() {
+	if tc_version_is_at_least 4.3.2 ; then
+		[[ -n ${PIE_VER} ]] && [[ -n ${SPECS_VER} ]] && return 0 || return 1
+	else
+		_want_stuff PIE_VER !nopie
+	fi
+}
+want_ssp() {
+	if tc_version_is_at_least 4.3.4 ; then
+		_want_stuff SPECS_VER !nossp
+	else
+		_want_stuff PP_VER !nossp
+	fi
+}
 
 want_split_specs() {
 	[[ ${SPLIT_SPECS} == "true" ]] && want_pie
 }
 want_minispecs() {
 	if tc_version_is_at_least 4.3.2 && use hardened ; then
-		if [[ -n ${SPECS_VER} ]] ; then
-			return 0
+		if ! want_pie ; then
+			ewarn "PIE_VER or SPECS_VER is not defiend in the GCC ebuild."
+		elif use vanilla ; then
+			ewarn "You will not get hardened features if you have the vanilla USE-flag."
+		elif use nopie && use nossp ; then
+			ewarn "You will not get hardened features if you have the nopie and nossp USE-flag."
+		elif ! hardened_gcc_works pie && ! hardened_gcc_works ssp && ! use nopie ; then
+			ewarn "Your $(tc-arch) arch is not supported."
 		else
-			die "For Hardened to work you need the minispecs files"
+			return 0
 		fi
+		ewarn "Hope you know what you are doing. Hardened will not work."
+		return 0
 	fi
 	return 1
 }
@@ -709,11 +729,16 @@ 
 }
 setup_minispecs_gcc_build_specs() {
 	# Setup the "build.specs" file for gcc to use when building.
-	if want_minispecs ; then
+	if want_minispecs && ! tc_version_is_at_least 4.4.3 ; then
 		if hardened_gcc_works pie ; then
 			cat "${WORKDIR}"/specs/pie.specs >> "${WORKDIR}"/build.specs
 		fi
-		for s in nostrict znow; do
+		if hardened_gcc_works ssp ; then
+			for s in ssp sspall ; do
+				cat "${WORKDIR}"/specs/${s}.specs >> "${WORKDIR}"/build.specs
+			done
+		fi
+		for s in nostrict znow ; do
 			cat "${WORKDIR}"/specs/${s}.specs >> "${WORKDIR}"/build.specs
 		done
 		export GCC_SPECS="${WORKDIR}"/build.specs
@@ -723,11 +748,14 @@ 
 	# Build system specs file which, if it exists, must be a complete set of
 	# specs as it completely and unconditionally overrides the builtin specs.
 	# For gcc 4
-	if use hardened && want_minispecs ; then
-		$(XGCC) -dumpspecs > "${WORKDIR}"/specs/specs
-		cat "${WORKDIR}"/build.specs >> "${WORKDIR}"/specs/specs
+	if want_minispecs ; then
 		insinto ${LIBPATH}
-		doins "${WORKDIR}"/specs/* || die "failed to install specs"
+		if ! tc_version_is_at_least 4.4.3 ; then
+			$(XGCC) -dumpspecs > "${WORKDIR}"/specs/specs
+			cat "${WORKDIR}"/build.specs >> "${WORKDIR}"/specs/specs
+			doins "${WORKDIR}"/specs/specs || die "failed to install specs"
+		fi
+		doins "${WORKDIR}"/specs/*.specs || die "failed to install specs"
 	fi
 }
 add_profile_eselect_conf() {
@@ -885,6 +913,7 @@ 
 
 	want_libssp && libc_has_ssp && \
 		die "libssp cannot be used with a glibc that has been patched to provide ssp symbols"
+	want_minispecs
 
 	unset LANGUAGES #265283
 }
@@ -1015,6 +1044,9 @@ 
 		make_gcc_hard || die "failed to make gcc hard"
 	fi
 
+	# Rebrand to make bug reports easier
+	want_minispecs && BRANDING_GCC_PKGVERSION=${BRANDING_GCC_PKGVERSION/Gentoo/Gentoo Hardened}
+
 	if is_libffi ; then
 		# move the libffi target out of gcj and into all
 		sed -i \
@@ -1201,6 +1233,19 @@ 
 			confgcc="${confgcc} --disable-libssp"
 		fi
 
+		# If we want hardened support with the newer pie-patchset for >=gcc 4.4.3
+		if tc_version_is_at_least 4.4.3 && want_minispecs && ! use vanilla ; then
+			if hardened_gcc_works ; then 
+				confgcc="${confgcc} --enable-esp=all"
+			elif ! hardened_gcc_works pie && hardened_gcc_works ssp ; then
+				confgcc="${confgcc} --enable-esp=nopie"
+			elif ! hardened_gcc_works ssp && hardened_gcc_works pie ; then
+				confgcc="${confgcc} --enable-esp=nossp"
+			else
+				confgcc="${confgcc} --disable-esp"
+			fi
+		fi
+
 		if tc_version_is_at_least "4.2" ; then
 			confgcc="${confgcc} $(use_enable openmp libgomp)"
 		fi
@@ -1808,8 +1853,14 @@ 
 	fi
 	# Setup the gcc_env_entry for hardened gcc 4 with minispecs
 	if want_minispecs ; then
+		if hardened_gcc_works ; then
+			create_gcc_env_entry hardenednopiessp
+		fi
 		if hardened_gcc_works pie ; then
-		    create_gcc_env_entry hardenednopie
+			create_gcc_env_entry hardenednopie
+		fi
+		if hardened_gcc_works ssp ; then
+			create_gcc_env_entry hardenednossp
 		fi
 		create_gcc_env_entry vanilla
 	fi
@@ -1917,7 +1968,7 @@ 
 	# Create config files for eselect-compiler
 	create_eselect_conf
 
-	# Cpoy the needed minispec for hardened gcc 4
+	# Copy the needed minispec for hardened gcc 4
 	copy_minispecs_gcc_specs
 
 	# Move pretty-printers to gdb datadir to shut ldconfig up
@@ -2072,7 +2123,7 @@ 
 	[[ -n ${UCLIBC_VER} ]] && \
 		unpack gcc-${UCLIBC_GCC_VER}-uclibc-patches-${UCLIBC_VER}.tar.bz2
 
-	if want_ssp ; then
+	if want_ssp && [[ -z ${SPECS_VER} ]] ; then
 		if [[ -n ${PP_FVER} ]] ; then
 			# The gcc 3.4 propolice versions are meant to be unpacked to ${S}
 			pushd "${S}" > /dev/null
@@ -2162,6 +2213,7 @@ 
 		do_gcc_stub ssp
 		return 0
 	fi
+	[[ -z ${SPECS_VER} ]] || return 0
 
 	local ssppatch
 	local sspdocs