--- /dev/null
+diff -up ecryptfs-utils-85/src/key_mod/ecryptfs_key_mod_pkcs11_helper.c.werror ecryptfs-utils-85/src/key_mod/ecryptfs_key_mod_pkcs11_helper.c
+--- ecryptfs-utils-85/src/key_mod/ecryptfs_key_mod_pkcs11_helper.c.werror 2010-12-17 18:34:04.000000000 +0100
++++ ecryptfs-utils-85/src/key_mod/ecryptfs_key_mod_pkcs11_helper.c 2011-02-01 11:12:14.813646937 +0100
+@@ -86,7 +86,7 @@ static int ecryptfs_pkcs11h_deserialize(
+ pkcs11h_data->serialized_id = NULL;
+ }
+ else {
+- pkcs11h_data->serialized_id = blob + i;
++ pkcs11h_data->serialized_id = (char *)blob + i;
+ i += serialized_id_length;
+ }
+ pkcs11h_data->certificate_blob_size = blob[i++] % 256;
+@@ -104,12 +104,11 @@ static int ecryptfs_pkcs11h_deserialize(
+ pkcs11h_data->passphrase = NULL;
+ }
+ else {
+- pkcs11h_data->passphrase = blob + i;
++ pkcs11h_data->passphrase = (char *)blob + i;
+ i += passphrase_length;
+ }
+
+ rc = 0;
+-out:
+ return rc;
+ }
+
+@@ -346,14 +345,14 @@ static int ecryptfs_pkcs11h_get_key_sig(
+ data[i++] = '\02';
+ data[i++] = (char)(nbits >> 8);
+ data[i++] = (char)nbits;
+- BN_bn2bin(rsa->n, &(data[i]));
++ BN_bn2bin(rsa->n, (unsigned char *)&(data[i]));
+ i += nbytes;
+ data[i++] = (char)(ebits >> 8);
+ data[i++] = (char)ebits;
+- BN_bn2bin(rsa->e, &(data[i]));
++ BN_bn2bin(rsa->e, (unsigned char *)&(data[i]));
+ i += ebytes;
+- SHA1(data, len + 3, hash);
+- to_hex(sig, hash, ECRYPTFS_SIG_SIZE);
++ SHA1((unsigned char *)data, len + 3, (unsigned char *)hash);
++ to_hex((char *)sig, hash, ECRYPTFS_SIG_SIZE);
+ sig[ECRYPTFS_SIG_SIZE_HEX] = '\0';
+
+ rc = 0;
+@@ -411,8 +410,8 @@ static int ecryptfs_pkcs11h_encrypt(char
+ if (
+ (rc = RSA_public_encrypt(
+ from_size,
+- from,
+- to,
++ (unsigned char *)from,
++ (unsigned char *)to,
+ rsa,
+ RSA_PKCS1_PADDING
+ )) == -1
+@@ -506,9 +505,9 @@ static int ecryptfs_pkcs11h_decrypt(char
+ (rv = pkcs11h_certificate_decryptAny (
+ certificate,
+ CKM_RSA_PKCS,
+- from,
++ (unsigned char *)from,
+ from_size,
+- to,
++ (unsigned char *)to,
+ to_size
+ )) != CKR_OK
+ ) {
+@@ -534,9 +533,9 @@ static int ecryptfs_pkcs11h_decrypt(char
+ pkcs11h_certificate_decryptAny (
+ certificate,
+ CKM_RSA_PKCS,
+- from,
++ (unsigned char *)from,
+ from_size,
+- tmp,
++ (unsigned char *)tmp,
+ to_size
+ );
+
+@@ -851,7 +850,7 @@ static int ecryptfs_pkcs11h_process_key(
+ rc = MOUNT_ERROR;
+ goto out;
+ }
+- if ((rc = ecryptfs_pkcs11h_serialize(subgraph_key_ctx->key_mod->blob,
++ if ((rc = ecryptfs_pkcs11h_serialize((unsigned char *)subgraph_key_ctx->key_mod->blob,
+ &subgraph_key_ctx->key_mod->blob_size,
+ pkcs11h_data))) {
+ syslog(LOG_ERR, "PKCS#11: Error serializing pkcs11; rc=[%d]\n", rc);
+@@ -930,7 +929,7 @@ static int tf_pkcs11h_global_loglevel(st
+
+ rc = DEFAULT_TOK;
+ node->val = NULL;
+-out:
++// out:
+ return rc;
+ }
+
+@@ -943,7 +942,7 @@ static int tf_pkcs11h_global_pincache(st
+
+ rc = DEFAULT_TOK;
+ node->val = NULL;
+-out:
++// out:
+ return rc;
+ }
+
+@@ -1013,7 +1012,7 @@ static int tf_pkcs11h_provider_prot_auth
+ sscanf (node->val, "%x", &subgraph_provider_ctx->allow_protected_authentication);
+ rc = DEFAULT_TOK;
+ node->val = NULL;
+-out:
++
+ return rc;
+ }
+
+@@ -1027,7 +1026,7 @@ static int tf_pkcs11h_provider_cert_priv
+ sscanf (node->val, "%x", &subgraph_provider_ctx->certificate_is_private);
+ rc = DEFAULT_TOK;
+ node->val = NULL;
+-out:
++
+ return rc;
+ }
+
+@@ -1042,7 +1041,7 @@ static int tf_pkcs11h_provider_private_m
+
+ rc = DEFAULT_TOK;
+ node->val = NULL;
+-out:
++
+ return rc;
+ }
+
+@@ -1073,7 +1072,7 @@ static int tf_pkcs11h_provider_end(struc
+ free(subgraph_provider_ctx);
+ *foo = NULL;
+ rc = DEFAULT_TOK;
+-out:
++
+ return rc;
+ }
+
+@@ -1120,7 +1119,7 @@ static int tf_pkcs11h_key_x509file(struc
+ X509 *x509 = NULL;
+ unsigned char *p = NULL;
+ FILE *fp = NULL;
+- int rc;
++ int rc = 0;
+
+ subgraph_key_ctx = (struct pkcs11h_subgraph_key_ctx *)(*foo);
+
+diff -up ecryptfs-utils-85/src/libecryptfs/ecryptfs-stat.c.werror ecryptfs-utils-85/src/libecryptfs/ecryptfs-stat.c
+--- ecryptfs-utils-85/src/libecryptfs/ecryptfs-stat.c.werror 2010-12-17 18:34:04.000000000 +0100
++++ ecryptfs-utils-85/src/libecryptfs/ecryptfs-stat.c 2011-02-01 11:12:14.813646937 +0100
+@@ -146,7 +146,7 @@ int ecryptfs_parse_stat(struct ecryptfs_
+ if (buf_size < (ECRYPTFS_FILE_SIZE_BYTES
+ + MAGIC_ECRYPTFS_MARKER_SIZE_BYTES
+ + 4)) {
+- printf("%s: Invalid metadata size; must have at least [%lu] "
++ printf("%s: Invalid metadata size; must have at least [%zu] "
+ "bytes; there are only [%zu] bytes\n", __FUNCTION__,
+ (ECRYPTFS_FILE_SIZE_BYTES
+ + MAGIC_ECRYPTFS_MARKER_SIZE_BYTES
+diff -up ecryptfs-utils-85/src/pam_ecryptfs/pam_ecryptfs.c.werror ecryptfs-utils-85/src/pam_ecryptfs/pam_ecryptfs.c
+--- ecryptfs-utils-85/src/pam_ecryptfs/pam_ecryptfs.c.werror 2010-12-17 18:34:04.000000000 +0100
++++ ecryptfs-utils-85/src/pam_ecryptfs/pam_ecryptfs.c 2011-02-01 11:12:18.061664154 +0100
+@@ -43,31 +43,6 @@
+
+ #define PRIVATE_DIR "Private"
+
+-static void error(const char *msg)
+-{
+- syslog(LOG_ERR, "errno = [%i]; strerror = [%m]\n", errno);
+- switch (errno) {
+- case ENOKEY:
+- syslog(LOG_ERR, "%s: Requested key not available\n", msg);
+- return;
+-
+- case EKEYEXPIRED:
+- syslog(LOG_ERR, "%s: Key has expired\n", msg);
+- return;
+-
+- case EKEYREVOKED:
+- syslog(LOG_ERR, "%s: Key has been revoked\n", msg);
+- return;
+-
+- case EKEYREJECTED:
+- syslog(LOG_ERR, "%s: Key was rejected by service\n", msg);
+- return;
+- default:
+- syslog(LOG_ERR, "%s: Unknown key error\n", msg);
+- return;
+- }
+-}
+-
+ /* returns: 0 for pam automounting not set, 1 for set, <0 for error */
+ static int ecryptfs_pam_automount_set(const char *homedir)
+ {
+@@ -87,7 +62,7 @@ out:
+ return rc;
+ }
+
+-static int wrap_passphrase_if_necessary(char *username, uid_t uid, char *wrapped_pw_filename, char *passphrase, char *salt)
++static int wrap_passphrase_if_necessary(const char *username, uid_t uid, char *wrapped_pw_filename, char *passphrase, char *salt)
+ {
+ char *unwrapped_pw_filename = NULL;
+ struct stat s;
+@@ -198,8 +173,6 @@ PAM_EXTERN int pam_sm_authenticate(pam_h
+ if ((argc == 1)
+ && (memcmp(argv[0], "unwrap\0", 7) == 0)) {
+ char *wrapped_pw_filename;
+- char *unwrapped_pw_filename;
+- struct stat s;
+
+ rc = asprintf(
+ &wrapped_pw_filename, "%s/.ecryptfs/%s",
+@@ -291,8 +264,6 @@ static int private_dir(pam_handle_t *pam
+ char *autoumount = "auto-umount";
+ struct stat s;
+ pid_t pid;
+- struct utmp *u;
+- int count = 0;
+
+ if ((pwd = fetch_pwd(pamh)) == NULL) {
+ /* fetch_pwd() logged a message */
+@@ -339,7 +310,7 @@ static int private_dir(pam_handle_t *pam
+ if (stat(recorded, &s) != 0 && stat("/usr/share/ecryptfs-utils/ecryptfs-record-passphrase", &s) == 0) {
+ /* User has not recorded their passphrase */
+ unlink("/var/lib/update-notifier/user.d/ecryptfs-record-passphrase");
+- symlink("/usr/share/ecryptfs-utils/ecryptfs-record-passphrase", "/var/lib/update-notifier/user.d/ecryptfs-record-passphrase");
++ rc=symlink("/usr/share/ecryptfs-utils/ecryptfs-record-passphrase", "/var/lib/update-notifier/user.d/ecryptfs-record-passphrase");
+ fd = open("/var/lib/update-notifier/dpkg-run-stamp", O_WRONLY|O_CREAT|O_NONBLOCK, 0666);
+ close(fd);
+ }
+@@ -410,7 +381,7 @@ PAM_EXTERN int pam_sm_chauthtok(pam_hand
+ char *old_passphrase = NULL;
+ char *new_passphrase = NULL;
+ char *wrapped_pw_filename;
+- char *name = NULL;
++// char *name = NULL;
+ char salt[ECRYPTFS_SALT_SIZE];
+ char salt_hex[ECRYPTFS_SALT_SIZE_HEX];
+ pid_t child_pid, tmp_pid;
+@@ -424,11 +395,11 @@ PAM_EXTERN int pam_sm_chauthtok(pam_hand
+ if (pwd) {
+ uid = pwd->pw_uid;
+ homedir = pwd->pw_dir;
+- name = pwd->pw_name;
++// name = pwd->pw_name;
+ }
+ } else {
+ syslog(LOG_ERR, "Error getting passwd info for user [%s]; "
+- "rc = [%ld]\n", username, rc);
++ "rc = [%d]\n", username, rc);
+ goto out;
+ }
+ saved_uid = geteuid();
+diff -up ecryptfs-utils-85/src/utils/mount.ecryptfs.c.werror ecryptfs-utils-85/src/utils/mount.ecryptfs.c
+--- ecryptfs-utils-85/src/utils/mount.ecryptfs.c.werror 2010-12-17 18:34:04.000000000 +0100
++++ ecryptfs-utils-85/src/utils/mount.ecryptfs.c 2011-02-01 11:12:14.818646964 +0100
+@@ -461,7 +461,7 @@ static int ecryptfs_do_mount(int argc, c
+ {
+ int rc;
+ int flags = 0;
+- int num_opts = 0;
++// int num_opts = 0;
+ char *src = NULL, *targ = NULL, *opts = NULL, *new_opts = NULL, *temp;
+ char *val;
+
+@@ -472,7 +472,7 @@ static int ecryptfs_do_mount(int argc, c
+ rc = strip_userland_opts(opts);
+ if (rc)
+ goto out;
+- num_opts = ecryptfs_generate_mount_flags(opts, &flags);
++ ecryptfs_generate_mount_flags(opts, &flags);
+ if (!(temp = strdup("ecryptfs_unlink_sigs"))) {
+ rc = -ENOMEM;
+ goto out;
+diff -up ecryptfs-utils-85/src/utils/test.c.werror ecryptfs-utils-85/src/utils/test.c
+--- ecryptfs-utils-85/src/utils/test.c.werror 2010-12-17 18:34:04.000000000 +0100
++++ ecryptfs-utils-85/src/utils/test.c 2011-02-01 11:12:14.818646964 +0100
+@@ -281,7 +281,7 @@ int ecryptfs_encrypt_page(int page_cache
+ struct inode *lower_inode;
+ struct ecryptfs_crypt_stat *crypt_stat;
+ int rc = 0;
+- int lower_byte_offset;
++ int lower_byte_offset = 0;
+ int orig_byte_offset = 0;
+ int num_extents_per_page;
+ #define ECRYPTFS_PAGE_STATE_UNREAD 0
--- /dev/null
+diff -up ecryptfs-utils-83/src/libecryptfs/key_management.c.splitnss ecryptfs-utils-83/src/libecryptfs/key_management.c
+--- ecryptfs-utils-83/src/libecryptfs/key_management.c.splitnss 2010-02-16 17:59:21.000000000 +0100
++++ ecryptfs-utils-83/src/libecryptfs/key_management.c 2010-05-04 11:08:19.875872481 +0200
+@@ -133,28 +133,8 @@ out:
+ }
+
+
+-int ecryptfs_remove_auth_tok_from_keyring(char *auth_tok_sig)
+-{
+- int rc;
++#include "key_management.inc.c"
+
+- rc = (int)keyctl_search(KEY_SPEC_USER_KEYRING, "user", auth_tok_sig, 0);
+- if (rc < 0) {
+- rc = errno;
+- syslog(LOG_ERR, "Failed to find key with sig [%s]: %m\n",
+- auth_tok_sig);
+- goto out;
+- }
+- rc = keyctl_unlink(rc, KEY_SPEC_USER_KEYRING);
+- if (rc < 0) {
+- rc = errno;
+- syslog(LOG_ERR, "Failed to unlink key with sig [%s]: %s\n",
+- auth_tok_sig, strerror(rc));
+- goto out;
+- }
+- rc = 0;
+-out:
+- return rc;
+-}
+ int ecryptfs_add_auth_tok_to_keyring(struct ecryptfs_auth_tok *auth_tok,
+ char *auth_tok_sig)
+ {
+diff -up ecryptfs-utils-83/src/libecryptfs/key_management.inc.c.splitnss ecryptfs-utils-83/src/libecryptfs/key_management.inc.c
+--- ecryptfs-utils-83/src/libecryptfs/key_management.inc.c.splitnss 2010-05-04 11:08:19.875872481 +0200
++++ ecryptfs-utils-83/src/libecryptfs/key_management.inc.c 2010-05-04 11:08:19.875872481 +0200
+@@ -0,0 +1,22 @@
++int ecryptfs_remove_auth_tok_from_keyring(char *auth_tok_sig)
++{
++ int rc;
++
++ rc = (int)keyctl_search(KEY_SPEC_USER_KEYRING, "user", auth_tok_sig, 0);
++ if (rc < 0) {
++ rc = errno;
++ syslog(LOG_ERR, "Failed to find key with sig [%s]: %m\n",
++ auth_tok_sig);
++ goto out;
++ }
++ rc = keyctl_unlink(rc, KEY_SPEC_USER_KEYRING);
++ if (rc < 0) {
++ rc = errno;
++ syslog(LOG_ERR, "Failed to unlink key with sig [%s]: %s\n",
++ auth_tok_sig, strerror(rc));
++ goto out;
++ }
++ rc = 0;
++out:
++ return rc;
++}
+diff -up ecryptfs-utils-83/src/utils/Makefile.am.splitnss ecryptfs-utils-83/src/utils/Makefile.am
+--- ecryptfs-utils-83/src/utils/Makefile.am.splitnss 2010-05-04 11:09:05.176554494 +0200
++++ ecryptfs-utils-83/src/utils/Makefile.am 2010-05-04 11:09:05.200991500 +0200
+@@ -36,7 +36,7 @@ mount_ecryptfs_CFLAGS = $(AM_CFLAGS) $(K
+ mount_ecryptfs_LDADD = $(top_builddir)/src/libecryptfs/libecryptfs.la $(KEYUTILS_LIBS) $(LIBGCRYPT_LIBS)
+ umount_ecryptfs_SOURCES = umount.ecryptfs.c
+ umount_ecryptfs_CFLAGS = $(AM_CFLAGS) $(KEYUTILS_CFLAGS)
+-umount_ecryptfs_LDADD = $(top_builddir)/src/libecryptfs/libecryptfs.la
++umount_ecryptfs_LDADD = -lkeyutils
+ ecryptfs_manager_SOURCES = manager.c io.c io.h gen_key.c
+ ecryptfs_manager_CFLAGS = $(AM_CFLAGS) $(KEYUTILS_CFLAGS) $(LIBGCRYPT_CFLAGS)
+ ecryptfs_manager_LDADD = $(top_builddir)/src/libecryptfs/libecryptfs.la $(KEYUTILS_LIBS) $(LIBGCRYPT_LIBS)
+diff -up ecryptfs-utils-83/src/utils/umount.ecryptfs.c.splitnss ecryptfs-utils-83/src/utils/umount.ecryptfs.c
+--- ecryptfs-utils-83/src/utils/umount.ecryptfs.c.splitnss 2009-10-20 20:49:55.000000000 +0200
++++ ecryptfs-utils-83/src/utils/umount.ecryptfs.c 2010-05-04 11:08:19.893867192 +0200
+@@ -24,7 +24,10 @@
+ #include <stdlib.h>
+ #include <string.h>
+ #include <unistd.h>
+-#include "ecryptfs.h"
++#include <keyutils.h>
++#include <syslog.h>
++
++#include "../libecryptfs/key_management.inc.c"
+
+ static void usage()
+ {