diff -up ecryptfs-utils-83/src/key_mod/ecryptfs_key_mod_pkcs11_helper.c.werror ecryptfs-utils-83/src/key_mod/ecryptfs_key_mod_pkcs11_helper.c
--- ecryptfs-utils-83/src/key_mod/ecryptfs_key_mod_pkcs11_helper.c.werror	2010-03-22 09:14:49.758683763 +0100
+++ ecryptfs-utils-83/src/key_mod/ecryptfs_key_mod_pkcs11_helper.c	2010-03-22 09:21:16.957387907 +0100
@@ -86,7 +86,7 @@ static int ecryptfs_pkcs11h_deserialize(
 		pkcs11h_data->serialized_id = NULL;
 	}
 	else {
-		pkcs11h_data->serialized_id = blob + i;
+		pkcs11h_data->serialized_id = (char *)blob + i;
 		i += serialized_id_length;
 	}
 	pkcs11h_data->certificate_blob_size = blob[i++] % 256;
@@ -104,12 +104,11 @@ static int ecryptfs_pkcs11h_deserialize(
 		pkcs11h_data->passphrase = NULL;
 	}
 	else {
-		pkcs11h_data->passphrase = blob + i;
+		pkcs11h_data->passphrase = (char *)blob + i;
 		i += passphrase_length;
 	}
 
 	rc = 0;
-out:
 	return rc;
 }
 
@@ -346,14 +345,14 @@ static int ecryptfs_pkcs11h_get_key_sig(
 	data[i++] = '\02';
 	data[i++] = (char)(nbits >> 8);
 	data[i++] = (char)nbits;
-	BN_bn2bin(rsa->n, &(data[i]));
+	BN_bn2bin(rsa->n, (unsigned char *)&(data[i]));
 	i += nbytes;
 	data[i++] = (char)(ebits >> 8);
 	data[i++] = (char)ebits;
-	BN_bn2bin(rsa->e, &(data[i]));
+	BN_bn2bin(rsa->e, (unsigned char *)&(data[i]));
 	i += ebytes;
-	SHA1(data, len + 3, hash);
-	to_hex(sig, hash, ECRYPTFS_SIG_SIZE);
+	SHA1((unsigned char *)data, len + 3, (unsigned char *)hash);
+	to_hex((char *)sig, hash, ECRYPTFS_SIG_SIZE);
 	sig[ECRYPTFS_SIG_SIZE_HEX] = '\0';
 
 	rc = 0;
@@ -411,8 +410,8 @@ static int ecryptfs_pkcs11h_encrypt(char
 		if (
 			(rc = RSA_public_encrypt(
 				from_size,
-				from,
-				to,
+				(unsigned char *)from,
+				(unsigned char *)to,
 				rsa,
 				RSA_PKCS1_PADDING
 			)) == -1
@@ -506,9 +505,9 @@ static int ecryptfs_pkcs11h_decrypt(char
 		(rv = pkcs11h_certificate_decryptAny (
 			certificate,
 			CKM_RSA_PKCS,
-			from,
+			(unsigned char *)from,
 			from_size,
-			to,
+			(unsigned char *)to,
 			to_size
 		)) != CKR_OK
 	) {
@@ -534,9 +533,9 @@ static int ecryptfs_pkcs11h_decrypt(char
 		pkcs11h_certificate_decryptAny (
 			certificate,
 			CKM_RSA_PKCS,
-			from,
+			(unsigned char *)from,
 			from_size,
-			tmp,
+			(unsigned char *)tmp,
 			to_size
 		);
 
@@ -851,7 +850,7 @@ static int ecryptfs_pkcs11h_process_key(
 		rc = MOUNT_ERROR;
 		goto out;
 	}
-	if ((rc = ecryptfs_pkcs11h_serialize(subgraph_key_ctx->key_mod->blob,
+	if ((rc = ecryptfs_pkcs11h_serialize((unsigned char *)subgraph_key_ctx->key_mod->blob,
 					     &subgraph_key_ctx->key_mod->blob_size, 
 					     pkcs11h_data))) {
 		syslog(LOG_ERR, "PKCS#11: Error serializing pkcs11; rc=[%d]\n", rc);
@@ -930,7 +929,7 @@ static int tf_pkcs11h_global_loglevel(st
 
 	rc = DEFAULT_TOK;
 	node->val = NULL;
-out:
+// out:
 	return rc;
 }
 
@@ -943,7 +942,7 @@ static int tf_pkcs11h_global_pincache(st
 
 	rc = DEFAULT_TOK;
 	node->val = NULL;
-out:
+// out:
 	return rc;
 }
 
@@ -1013,7 +1012,7 @@ static int tf_pkcs11h_provider_prot_auth
 	sscanf (node->val, "%x", &subgraph_provider_ctx->allow_protected_authentication);
 	rc = DEFAULT_TOK;
 	node->val = NULL;
-out:
+
 	return rc;
 }
 
@@ -1027,7 +1026,7 @@ static int tf_pkcs11h_provider_cert_priv
 	sscanf (node->val, "%x", &subgraph_provider_ctx->certificate_is_private);
 	rc = DEFAULT_TOK;
 	node->val = NULL;
-out:
+
 	return rc;
 }
 
@@ -1042,7 +1041,7 @@ static int tf_pkcs11h_provider_private_m
 
 	rc = DEFAULT_TOK;
 	node->val = NULL;
-out:
+
 	return rc;
 }
 
@@ -1073,7 +1072,7 @@ static int tf_pkcs11h_provider_end(struc
 	free(subgraph_provider_ctx);
 	*foo = NULL;
 	rc = DEFAULT_TOK;
-out:
+
 	return rc;
 }
 
diff -up ecryptfs-utils-83/src/libecryptfs/ecryptfs-stat.c.werror ecryptfs-utils-83/src/libecryptfs/ecryptfs-stat.c
--- ecryptfs-utils-83/src/libecryptfs/ecryptfs-stat.c.werror	2009-10-20 20:49:55.000000000 +0200
+++ ecryptfs-utils-83/src/libecryptfs/ecryptfs-stat.c	2010-03-22 09:13:24.003425916 +0100
@@ -146,7 +146,7 @@ int ecryptfs_parse_stat(struct ecryptfs_
 	if (buf_size < (ECRYPTFS_FILE_SIZE_BYTES
 			+ MAGIC_ECRYPTFS_MARKER_SIZE_BYTES
 			+ 4)) {
-		printf("%s: Invalid metadata size; must have at least [%lu] "
+		printf("%s: Invalid metadata size; must have at least [%zu] "
 		       "bytes; there are only [%zu] bytes\n", __FUNCTION__,
 		       (ECRYPTFS_FILE_SIZE_BYTES
 			+ MAGIC_ECRYPTFS_MARKER_SIZE_BYTES
diff -up ecryptfs-utils-83/src/pam_ecryptfs/pam_ecryptfs.c.werror ecryptfs-utils-83/src/pam_ecryptfs/pam_ecryptfs.c
--- ecryptfs-utils-83/src/pam_ecryptfs/pam_ecryptfs.c.werror	2010-02-16 18:01:43.000000000 +0100
+++ ecryptfs-utils-83/src/pam_ecryptfs/pam_ecryptfs.c	2010-03-22 09:13:24.003425916 +0100
@@ -43,31 +43,6 @@
 
 #define PRIVATE_DIR "Private"
 
-static void error(const char *msg)
-{
-	syslog(LOG_ERR, "errno = [%i]; strerror = [%m]\n", errno);
-	switch (errno) {
-	case ENOKEY:
-		syslog(LOG_ERR, "%s: Requested key not available\n", msg);
-		return;
-
-	case EKEYEXPIRED:
-		syslog(LOG_ERR, "%s: Key has expired\n", msg);
-		return;
-
-	case EKEYREVOKED:
-		syslog(LOG_ERR, "%s: Key has been revoked\n", msg);
-		return;
-
-	case EKEYREJECTED:
-		syslog(LOG_ERR, "%s: Key was rejected by service\n", msg);
-		return;
-	default:
-		syslog(LOG_ERR, "%s: Unknown key error\n", msg);
-		return;
-	}
-}
-
 /* returns: 0 for pam automounting not set, 1 for set, <0 for error */
 static int ecryptfs_pam_automount_set(const char *homedir)
 {
@@ -87,7 +62,7 @@ out:
 	return rc;
 }
 
-static int wrap_passphrase_if_necessary(char *username, uid_t uid, char *wrapped_pw_filename, char *passphrase, char *salt)
+static int wrap_passphrase_if_necessary(const char *username, uid_t uid, char *wrapped_pw_filename, char *passphrase, char *salt)
 {
 	char *unwrapped_pw_filename = NULL;
 	struct stat s;
@@ -198,8 +173,6 @@ PAM_EXTERN int pam_sm_authenticate(pam_h
 		if ((argc == 1)
 		    && (memcmp(argv[0], "unwrap\0", 7) == 0)) {
 			char *wrapped_pw_filename;
-			char *unwrapped_pw_filename;
-			struct stat s;
 
 			rc = asprintf(
 				&wrapped_pw_filename, "%s/.ecryptfs/%s",
@@ -291,8 +264,6 @@ static int private_dir(pam_handle_t *pam
 	char *autoumount = "auto-umount";
 	struct stat s;
 	pid_t pid;
-	struct utmp *u;
-	int count = 0;
 
 	if ((pwd = fetch_pwd(pamh)) == NULL) {
 		/* fetch_pwd() logged a message */
@@ -339,7 +310,7 @@ static int private_dir(pam_handle_t *pam
 			if (stat(recorded, &s) != 0 && stat("/usr/share/ecryptfs-utils/ecryptfs-record-passphrase", &s) == 0) {
 				/* User has not recorded their passphrase */
 				unlink("/var/lib/update-notifier/user.d/ecryptfs-record-passphrase");
-				symlink("/usr/share/ecryptfs-utils/ecryptfs-record-passphrase", "/var/lib/update-notifier/user.d/ecryptfs-record-passphrase");
+				rc=symlink("/usr/share/ecryptfs-utils/ecryptfs-record-passphrase", "/var/lib/update-notifier/user.d/ecryptfs-record-passphrase");
 				fd = open("/var/lib/update-notifier/dpkg-run-stamp", O_WRONLY|O_CREAT|O_NONBLOCK, 0666);
 				close(fd);
 			}
@@ -428,7 +399,7 @@ PAM_EXTERN int pam_sm_chauthtok(pam_hand
 		}
 	} else {
 		syslog(LOG_ERR, "Error getting passwd info for user [%s]; "
-		       "rc = [%ld]\n", username, rc);
+		       "rc = [%d]\n", username, rc);
 		goto out;
 	}
 	saved_uid = geteuid();