diff --git a/.gitignore b/.gitignore
index 9635208..922bbeb 100644
--- a/.gitignore
+++ b/.gitignore
@@ -52,3 +52,5 @@ certmonger-0.28.tar.gz
 /certmonger-0.65.tar.gz.sig
 /certmonger-0.67.tar.gz
 /certmonger-0.67.tar.gz.sig
+/certmonger-0.68.tar.gz
+/certmonger-0.68.tar.gz.sig
diff --git a/certmonger-certutil.patch b/certmonger-certutil.patch
deleted file mode 100644
index 1508b96..0000000
--- a/certmonger-certutil.patch
+++ /dev/null
@@ -1,200 +0,0 @@
-commit d8db04e88cc82272f6fba5102c38d4cac1c64517
-Author: Nalin Dahyabhai <nalin@dahyabhai.net>
-Date:   Thu Aug 1 16:14:13 2013 -0400
-
-    Fixup tests for recent certutil changes
-    
-    * Skip certutil's
-    certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services"
-      message, which is printed at a different point(?) now.
-    * If a certutil error message includes an error name, strip out the
-      name, because it didn't always used to be there.
-
-diff --git a/tests/015-lockedkey-dbm/expected.out b/tests/015-lockedkey-dbm/expected.out
-index e2ffc54..4378b91 100644
---- a/tests/015-lockedkey-dbm/expected.out
-+++ b/tests/015-lockedkey-dbm/expected.out
-@@ -36,40 +36,32 @@ OK (2048).
- [Not pre-creating database.]
- [Generating key (dbm) without PIN.]
- OK.
--certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services"
- < 0> rsa PRIVATE-KEY Test
- [Providing Unnecessary PIN.]
- [Reading Key Info With Unnecessary PIN.]
- Failed to read key "dbm:$tmpdir/dbmdb":"Test".
- (Need PIN.)
--certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services"
- < 0> rsa PRIVATE-KEY Test
- [Generating CSR With Unnecessary PIN.]
--certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services"
- < 0> rsa PRIVATE-KEY Test
- [Creating database, without PIN.]
- [Generating key (dbm) without PIN.]
- OK.
--certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services"
- < 0> rsa PRIVATE-KEY Test
- [Providing Unnecessary PIN.]
- [Reading Key Info With Unnecessary PIN.]
- Failed to read key "dbm:$tmpdir/dbmdb":"Test".
- (Need PIN.)
--certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services"
- < 0> rsa PRIVATE-KEY Test
- [Generating CSR With Unnecessary PIN.]
--certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services"
- < 0> rsa PRIVATE-KEY Test
- [Not pre-creating database, with PIN.]
- [Generating key (dbm) with PIN.]
- OK.
--certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services"
- < 0> rsa PRIVATE-KEY Test
- [Reading Key Info Without PIN.]
- Failed to read key "dbm:$tmpdir/dbmdb":"Test".
- (Need PIN.)
--certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services"
- Incorrect password/PIN entered.
- certutil: could not authenticate to token NSS Certificate DB.: The security password entered is incorrect.
- [Reading Key Info With Bogus PIN Location.]
-@@ -85,12 +77,10 @@ OK (2048).
- [Creating database with PIN.]
- [Generating key (dbm) with PIN.]
- OK.
--certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services"
- < 0> rsa PRIVATE-KEY Test
- [Reading Key Info Without PIN.]
- Failed to read key "dbm:$tmpdir/dbmdb":"Test".
- (Need PIN.)
--certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services"
- Incorrect password/PIN entered.
- certutil: could not authenticate to token NSS Certificate DB.: The security password entered is incorrect.
- [Reading Key Info With Bogus PIN Location.]
-diff --git a/tests/015-lockedkey-sql/expected.out b/tests/015-lockedkey-sql/expected.out
-index 48a1a90..a739284 100644
---- a/tests/015-lockedkey-sql/expected.out
-+++ b/tests/015-lockedkey-sql/expected.out
-@@ -36,40 +36,32 @@ OK (2048).
- [Not pre-creating database.]
- [Generating key (sql) without PIN.]
- OK.
--certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services"
- < 0> rsa PRIVATE-KEY Test
- [Providing Unnecessary PIN.]
- [Reading Key Info With Unnecessary PIN.]
- Failed to read key "sql:$tmpdir/sqldb":"Test".
- (Need PIN.)
--certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services"
- < 0> rsa PRIVATE-KEY Test
- [Generating CSR With Unnecessary PIN.]
--certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services"
- < 0> rsa PRIVATE-KEY Test
- [Creating database, without PIN.]
- [Generating key (sql) without PIN.]
- OK.
--certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services"
- < 0> rsa PRIVATE-KEY Test
- [Providing Unnecessary PIN.]
- [Reading Key Info With Unnecessary PIN.]
- Failed to read key "sql:$tmpdir/sqldb":"Test".
- (Need PIN.)
--certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services"
- < 0> rsa PRIVATE-KEY Test
- [Generating CSR With Unnecessary PIN.]
--certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services"
- < 0> rsa PRIVATE-KEY Test
- [Not pre-creating database, with PIN.]
- [Generating key (sql) with PIN.]
- OK.
--certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services"
- < 0> rsa PRIVATE-KEY Test
- [Reading Key Info Without PIN.]
- Failed to read key "sql:$tmpdir/sqldb":"Test".
- (Need PIN.)
--certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services"
- Incorrect password/PIN entered.
- certutil: could not authenticate to token NSS Certificate DB.: The security password entered is incorrect.
- [Reading Key Info With Bogus PIN Location.]
-@@ -85,12 +77,10 @@ OK (2048).
- [Creating database with PIN.]
- [Generating key (sql) with PIN.]
- OK.
--certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services"
- < 0> rsa PRIVATE-KEY Test
- [Reading Key Info Without PIN.]
- Failed to read key "sql:$tmpdir/sqldb":"Test".
- (Need PIN.)
--certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services"
- Incorrect password/PIN entered.
- certutil: could not authenticate to token NSS Certificate DB.: The security password entered is incorrect.
- [Reading Key Info With Bogus PIN Location.]
-diff --git a/tests/015-lockedkey/expected.out b/tests/015-lockedkey/expected.out
-index 779308e..eae75dc 100644
---- a/tests/015-lockedkey/expected.out
-+++ b/tests/015-lockedkey/expected.out
-@@ -36,40 +36,32 @@ OK (2048).
- [Not pre-creating database.]
- [Generating key without PIN.]
- OK.
--certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services"
- < 0> rsa PRIVATE-KEY Test
- [Providing Unnecessary PIN.]
- [Reading Key Info With Unnecessary PIN.]
- Failed to read key "$tmpdir/db":"Test".
- (Need PIN.)
--certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services"
- < 0> rsa PRIVATE-KEY Test
- [Generating CSR With Unnecessary PIN.]
--certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services"
- < 0> rsa PRIVATE-KEY Test
- [Creating database, without PIN.]
- [Generating key without PIN.]
- OK.
--certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services"
- < 0> rsa PRIVATE-KEY Test
- [Providing Unnecessary PIN.]
- [Reading Key Info With Unnecessary PIN.]
- Failed to read key "$tmpdir/db":"Test".
- (Need PIN.)
--certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services"
- < 0> rsa PRIVATE-KEY Test
- [Generating CSR With Unnecessary PIN.]
--certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services"
- < 0> rsa PRIVATE-KEY Test
- [Not pre-creating database, with PIN.]
- [Generating key with PIN.]
- OK.
--certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services"
- < 0> rsa PRIVATE-KEY Test
- [Reading Key Info Without PIN.]
- Failed to read key "$tmpdir/db":"Test".
- (Need PIN.)
--certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services"
- Incorrect password/PIN entered.
- certutil: could not authenticate to token NSS Certificate DB.: The security password entered is incorrect.
- [Reading Key Info With Bogus PIN Location.]
-@@ -85,12 +77,10 @@ OK (2048).
- [Creating database with PIN.]
- [Generating key with PIN.]
- OK.
--certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services"
- < 0> rsa PRIVATE-KEY Test
- [Reading Key Info Without PIN.]
- Failed to read key "$tmpdir/db":"Test".
- (Need PIN.)
--certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services"
- Incorrect password/PIN entered.
- certutil: could not authenticate to token NSS Certificate DB.: The security password entered is incorrect.
- [Reading Key Info With Bogus PIN Location.]
-diff --git a/tests/015-lockedkey/run.sh b/tests/015-lockedkey/run.sh
-index 7f1d973..1f6340d 100755
---- a/tests/015-lockedkey/run.sh
-+++ b/tests/015-lockedkey/run.sh
-@@ -10,7 +10,8 @@ echo $pin > pin.txt
- echo ""   > empty.txt
- 
- clean() {
--	sed 's|'"$tmpdir"'|$tmpdir|g'
-+	sed -r -e 's|'"$tmpdir"'|$tmpdir|g' -e 's,: SEC_ERROR_[^:]+: ,: ,g' |\
-+	grep -vF 'certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services"'
- }
- 
- echo '['Generate Key Without PIN.']'
diff --git a/certmonger.spec b/certmonger.spec
index 980af3d..3256f1c 100644
--- a/certmonger.spec
+++ b/certmonger.spec
@@ -19,8 +19,8 @@
 %endif
 
 Name:		certmonger
-Version:	0.67
-Release:	3%{?dist}
+Version:	0.68
+Release:	1%{?dist}
 Summary:	Certificate status monitor and PKI enrollment client
 
 Group:		System Environment/Daemons
@@ -29,7 +29,6 @@ URL:		http://certmonger.fedorahosted.org
 Source0:	http://fedorahosted.org/released/certmonger/certmonger-%{version}.tar.gz
 Source1:	http://fedorahosted.org/released/certmonger/certmonger-%{version}.tar.gz.sig
 BuildRoot:	%(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
-Patch0:		certmonger-certutil.patch
 
 BuildRequires:	dbus-devel, nspr-devel, nss-devel, openssl-devel
 %if 0%{?fedora} >= 12 || 0%{?rhel} >= 6
@@ -88,7 +87,6 @@ system enrolled with a certificate authority (CA) and keeping it enrolled.
 
 %prep
 %setup -q
-%patch0 -p1 -b .certutil
 %if 0%{?rhel} > 0
 # Enabled by default for RHEL for bug #765600, still disabled by default for
 # Fedora pending a similar bug report there.
@@ -203,6 +201,11 @@ exit 0
 %endif
 
 %changelog
+* Thu Aug 29 2013 Nalin Dahyabhai <nalin@redhat.com> 0.68-1
+- notice when the OpenSSL RNG isn't seeded
+- notice when saving certificates or keys fails due to filesystem-related
+  permission denial (#996581)
+
 * Tue Aug  6 2013 Nalin Dahyabhai <nalin@redhat.com> 0.67-3
 - pull up a patch from master to adapt self-tests to certutil's diagnostic
   output having changed (#992050)
diff --git a/sources b/sources
index 8e1f263..57a4ef2 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
-173c3e1d0ab81a0045abbb147e3e2251  certmonger-0.67.tar.gz
-ecc205036d8fb3562fd1d6c89286730e  certmonger-0.67.tar.gz.sig
+8f9be1b71d32065ee3ce6a0fc623abd6  certmonger-0.68.tar.gz
+b91df4987b5c865bc3a369765d0fb57d  certmonger-0.68.tar.gz.sig