New upstream release including:
* Dropping entropy patch
* Remove default support for MD5 fingerprints
* Porting all the downstream patches and pam_ssh_agent_auth
to new sshbuf and sshkey API
* pam_ssh_agent_auth is no longer using MD5 fingerprints
* Drop unaccepted (unapplying) coverity patches
* Drop server support for SSH1 (server)
* Workaround #2641 for systemd
* UseLogin is gone
* Drop upstream commit 28652bca
* Tighten seccomp filter (cache credentials before entering sandbox) (#1395288)
root users are unconfined by definition, but they can be limited by SELinux so having privilege separation still makes sense. As a consequence we can remove hunk that handled this condition if we skipped forking.
The previous required to have for all SELInux user contexts with setexec capability. Otherwise user would not be able to change password if it is expired. This patch sets correct context and cleans up the exec context.
When doing chroot, copy_selinux_context is called twice