* security: new fix for CVE-2017-5180 reported by Sebastian Krahmer last week
  * security: major cleanup of file copying code
  * security: tightening the rules for --chroot and --overlay features
  * bugfix: ported Gentoo compile patch
  * bugfix: Nvidia drivers bug in --private-dev
  * bugfix: fix ASSERT_PERMS_FD macro
  * feature: allow local customization using .local files under /etc/firejail
    backported from our development branch
  * feature: spoof machine-id backported from our development branch