Fix X11 forwarding CVE according to upstream

openssh-7.1p2-fallback-x11-untrusted.patch

@@ -113,7 +113,7 @@ index f555451..c0386d5 100644
 -	} else if (!client_x11_display_valid(display)) {
 -		logit("DISPLAY '%s' invalid, falling back to fake xauth data",
 +	if (!client_x11_display_valid(display)) {
-+		debug("DISPLAY \"%s\" invalid; disabling X11 forwarding",
++		logit("DISPLAY \"%s\" invalid; disabling X11 forwarding",
  		    display);
 -	} else {
 -		if (display == NULL) {
@@ -350,3 +350,38 @@ index 81704ab..096c5b5 100644
  		    "spoofing.");
 -- 
 2.5.0
+
+From 5658ef2501e785fbbdf5de2dc33b1ff7a4dca73a Mon Sep 17 00:00:00 2001
+From: "millert@openbsd.org" <millert@openbsd.org>
+Date: Mon, 1 Feb 2016 21:18:17 +0000
+Subject: upstream commit
+
+Avoid ugly "DISPLAY "(null)" invalid; disabling X11
+ forwarding" message when DISPLAY is not set.  This could also result in a
+ crash on systems with a printf that doesn't handle NULL.  OK djm@
+
+Upstream-ID: 20ee0cfbda678a247264c20ed75362042b90b412
+---
+ clientloop.c | 7 ++++---
+ 1 file changed, 4 insertions(+), 3 deletions(-)
+
+diff --git a/clientloop.c b/clientloop.c
+index f8f9a3f..f0a08f2 100644
+--- a/clientloop.c
++++ b/clientloop.c
+@@ -318,8 +318,9 @@ client_x11_get_proto(const char *display, const char *xauth_path,
+ 	proto[0] = data[0] = xauthfile[0] = xauthdir[0] = '\0';
+ 
+ 	if (!client_x11_display_valid(display)) {
+-		logit("DISPLAY \"%s\" invalid; disabling X11 forwarding",
+-		    display);
++		if (display != NULL)
++			logit("DISPLAY \"%s\" invalid; disabling X11 forwarding",
++			    display);
+ 		return -1;
+ 	}
+ 	if (xauth_path != NULL && stat(xauth_path, &st) == -1) {
+-- 
+cgit v0.11.2
+
+