diff --git a/SOURCES/python-gssapi-display_status-infinite-recursion.patch b/SOURCES/python-gssapi-display_status-infinite-recursion.patch
new file mode 100644
index 0000000..326d273
--- /dev/null
+++ b/SOURCES/python-gssapi-display_status-infinite-recursion.patch
@@ -0,0 +1,71 @@
+From b7e6c6c5451590f18df965a2a84550a63461d76e Mon Sep 17 00:00:00 2001
+From: Robbie Harwood <rharwood@redhat.com>
+Date: Mon, 27 Mar 2017 13:24:37 -0400
+Subject: [PATCH] Prevent GSSError/_display_status() infinite recursion
+
+I was unable to reproduce the problem, but this should prevent the issue.
+
+Resolves: #111
+---
+ gssapi/raw/misc.pyx | 20 +++++++++++---------
+ 1 file changed, 11 insertions(+), 9 deletions(-)
+
+diff --git a/gssapi/raw/misc.pyx b/gssapi/raw/misc.pyx
+index e278c4b..4ea0c55 100644
+--- a/gssapi/raw/misc.pyx
++++ b/gssapi/raw/misc.pyx
+@@ -139,7 +139,7 @@ def _display_status(unsigned int error_code, bint is_major_code,
+ whether or not to call again for further messages
+
+ Raises:
+- GSSError
++ ValueError
+ """
+
+ cdef int status_type
+@@ -165,13 +165,16 @@ def _display_status(unsigned int error_code, bint is_major_code,
+
+ if maj_stat == GSS_S_COMPLETE:
+ call_again = bool(msg_ctx_out)
+-
+ msg_out = msg_buff.value[:msg_buff.length]
+ gss_release_buffer(&min_stat, &msg_buff)
+ return (msg_out, msg_ctx_out, call_again)
+ else:
+- # NB(directxman12): this is highly unlikely to cause a recursive loop
+- raise GSSError(maj_stat, min_stat)
++ # This hides whatever error gss_display_status is complaining about,
++ # but obviates infinite recursion into stack exhaustion. The
++ # exception raised here is handled by get_all_statuses(), which prints
++ # the code.
++ raise ValueError("gss_display_status call returned failure "
++ "(major {0}, minor {1}).".format(maj_stat, min_stat))
+
+
+ class GSSErrorRegistry(type):
+@@ -294,8 +297,8 @@ class GSSError(Exception, metaclass=GSSErrorRegistry):
+ try:
+ msg, ctx, cont = _display_status(code, is_maj)
+ res.append(msg.decode(msg_encoding))
+- except GSSError:
+- res.append(u'issue decoding code: {0}'.format(code))
++ except ValueError as e:
++ res.append(u'{0} Decoding code: {1}'.format(e, code))
+ cont = False
+
+ while cont:
+@@ -303,9 +306,8 @@ class GSSError(Exception, metaclass=GSSErrorRegistry):
+ msg, ctx, cont = _display_status(code, is_maj,
+ message_context=ctx)
+ res.append(msg.decode(msg_encoding))
+- except GSSError:
+- res.append(u'issue decoding '
+- u'code: {0}'.format(code))
++ except ValueError:
++ res.append(u'{0} Decoding code: {1}'.format(e, code))
+ cont = False
+
+ return res
+--
+2.11.0
+
diff --git a/SPECS/python-gssapi.spec b/SPECS/python-gssapi.spec
index c3071f0..7f5d7ad 100644
--- a/SPECS/python-gssapi.spec
+++ b/SPECS/python-gssapi.spec
@@ -6,7 +6,7 @@
Name: python-gssapi
Version: 1.2.0
-Release: 2%{?dist}
+Release: 3%{?dist}
Summary: Python Bindings for GSSAPI (RFC 2743/2744 and extensions)
License: ISC
@@ -16,6 +16,7 @@ Source0: https://github.com/pythongssapi/%{name}/releases/download/v%{ver
Patch0: k5test-0.9.1-usr_lib64.patch
Patch1: python-gssapi-cython_0.19.patch
Patch2: python-gssapi-1.2.1-overwrite_cred_store.patch
+Patch3: python-gssapi-display_status-infinite-recursion.patch
BuildRequires: python2-devel
BuildRequires: krb5-devel >= 1.10
@@ -76,6 +77,7 @@ RFC 2743, as well as multiple extensions.
%patch0 -p1 -b .usr_lib64
%patch1 -p1 -b .cython_0.19
%patch2 -p1 -b .overwrite_cred_store
+%patch3 -p1 -b .display_status-infinite-recursion
%if 0%{?with_python3}
rm -rf %{py3dir}
@@ -139,6 +141,10 @@ popd
%changelog
+* Tue Apr 11 2017 Robbie Harwood <rharwood@redhat.com> - 1.2.0-3
+- Fix an infinite loop from gss_display_status
+- Resolves: #1438390
+
* Mon Apr 04 2016 Robbie Harwood <rharwood@redhat.com> - 1.2.0-2
- Move python-tox from build requirement to test requirement
- Resolves: #1292139