diff --git a/.certmonger.metadata b/.certmonger.metadata
index 7f69c3f..213a5dd 100644
--- a/.certmonger.metadata
+++ b/.certmonger.metadata
@@ -1,2 +1,2 @@
-952f4b643f40e0d856bb2a53b581a67b20dc1ba1 SOURCES/certmonger-0.68.tar.gz.sig
-1590dc6bbcb35ae30734d77c8d315d6276aa8e11 SOURCES/certmonger-0.68.tar.gz
+ad584e16e8d457e97ddff8049411cdc45dc5122f SOURCES/certmonger-0.70.tar.gz
+adbb9f7d0cc6e6a40f0f80973585c141b62ec485 SOURCES/certmonger-0.70.tar.gz.sig
diff --git a/SPECS/certmonger.spec b/SPECS/certmonger.spec
index 3256f1c..77d8c7a 100644
--- a/SPECS/certmonger.spec
+++ b/SPECS/certmonger.spec
@@ -19,8 +19,8 @@
 %endif
 
 Name:		certmonger
-Version:	0.68
-Release:	1%{?dist}
+Version:	0.70
+Release:	2%{?dist}
 Summary:	Certificate status monitor and PKI enrollment client
 
 Group:		System Environment/Daemons
@@ -104,6 +104,7 @@ sed -i 's,^# chkconfig: - ,# chkconfig: 345 ,g' sysvinit/certmonger.in
 %if %{tmpfiles}
 	--enable-tmpfiles \
 %endif
+	--with-homedir=/var/run/certmonger \
 	--with-tmpdir=/var/run/certmonger --enable-pie --enable-now
 # For some reason, some versions of xmlrpc-c-config in Fedora and RHEL just
 # tell us about libxmlrpc_client, but we need more.  Work around.
@@ -201,6 +202,37 @@ exit 0
 %endif
 
 %changelog
+* Fri Jan 24 2014 Daniel Mach <dmach@redhat.com> - 0.70-2
+- Mass rebuild 2014-01-24
+
+* Thu Jan  2 2014 Nalin Dahyabhai <nalin@redhat.com> 0.70-1
+- add a --with-homedir option to configure, and use it, since subprocesses
+  which we run and which use NSS may attempt to write to $HOME/.pki, and
+  0.69's strategy of setting that to "/" was rightly hitting SELinux policy
+  denials (#1047798)
+
+* Fri Dec 27 2013 Daniel Mach <dmach@redhat.com> - 0.69-2
+- Mass rebuild 2013-12-27
+
+* Mon Dec  9 2013 Nalin Dahyabhai <nalin@redhat.com> 0.69-1
+- tweak how we decide whether we're on the master or a minion when we're
+  told to use certmaster as a CA
+- clean up one of the tests so that it doesn't have to work around internal
+  logging producing duplicate messages
+- when logging errors while setting up to contact xmlrpc servers, explicitly
+  note that the error is client-side
+- don't abort() due to incorrect locking when an attempt to save an issued
+  certificate to the designated location fails (part of #1032760/#1033333,
+  ticket #22)
+- when reading an issued certificate from an enrollment helper, ignore
+  noise before or after the certificate itself (more of #1032760/1033333,
+  ticket #22)
+- run subprocesses in a cleaned-up environment (more of #1032760/1033333,
+  ticket #22)
+- clear the ca-error that we saved when we had an error talking to the CA if we
+  subsequently succeed in talking to the CA
+- various other static-analysis fixes
+
 * Thu Aug 29 2013 Nalin Dahyabhai <nalin@redhat.com> 0.68-1
 - notice when the OpenSSL RNG isn't seeded
 - notice when saving certificates or keys fails due to filesystem-related