- changed %attr in %config(noreplace) files from %{name} to root * fixes CVE-2014-544[7-9] and CVE-2014-5450