diff --git a/SOURCES/0015-act-user-Prevent-segfault-if-accounts_proxy-is-not-c.patch b/SOURCES/0015-act-user-Prevent-segfault-if-accounts_proxy-is-not-c.patch
new file mode 100644
index 0000000..b6b10fe
--- /dev/null
+++ b/SOURCES/0015-act-user-Prevent-segfault-if-accounts_proxy-is-not-c.patch
@@ -0,0 +1,89 @@
+From 919e8972a6635539499f153a28d92e0c4052b354 Mon Sep 17 00:00:00 2001
+From: Ondrej Holy <oholy@redhat.com>
+Date: Tue, 30 Jan 2018 08:58:20 +0100
+Subject: [PATCH 15/15] act-user: Prevent segfault if accounts_proxy is not
+ created
+
+act_user_get_locked may segfault if accounts_proxy is not created (e.g.
+when run under root). All other functions which rely on accounts_proxy
+already contain checks for NULL and valid ActUser. Do the same also in
+act_user_get_locked in order to avoid segfaults in certain cases.
+
+https://bugs.freedesktop.org/show_bug.cgi?id=104851
+---
+ src/libaccountsservice/act-user.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/src/libaccountsservice/act-user.c b/src/libaccountsservice/act-user.c
+index a24f25a..e21c9db 100644
+--- a/src/libaccountsservice/act-user.c
++++ b/src/libaccountsservice/act-user.c
+@@ -859,60 +859,65 @@ act_user_is_logged_in (ActUser *user)
+ 
+ /**
+  * act_user_is_logged_in_anywhere:
+  * @user: a #ActUser
+  *
+  * Returns whether or not #ActUser is currently logged in in any way
+  * whatsoever.  See also act_user_is_logged_in().
+  *
+  * (Currently, this function is only implemented for systemd-logind.
+  * For ConsoleKit, it is equivalent to act_user_is_logged_in.)
+  *
+  * Returns: %TRUE or %FALSE
+  */
+ gboolean
+ act_user_is_logged_in_anywhere (ActUser *user)
+ {
+         return user->our_sessions != NULL || user->other_sessions != NULL;
+ }
+ 
+ /**
+  * act_user_get_locked:
+  * @user: a #ActUser
+  *
+  * Returns whether or not the #ActUser account is locked.
+  *
+  * Returns: %TRUE or %FALSE
+  */
+ gboolean
+ act_user_get_locked (ActUser *user)
+ {
++        g_return_val_if_fail (ACT_IS_USER (user), TRUE);
++
++        if (user->accounts_proxy == NULL)
++                return TRUE;
++
+         return accounts_user_get_locked (user->accounts_proxy);
+ }
+ 
+ /**
+  * act_user_get_automatic_login:
+  * @user: a #ActUser
+  *
+  * Returns whether or not #ActUser is automatically logged in at boot time.
+  *
+  * Returns: %TRUE or %FALSE
+  */
+ gboolean
+ act_user_get_automatic_login (ActUser *user)
+ {
+         g_return_val_if_fail (ACT_IS_USER (user), FALSE);
+ 
+         if (user->accounts_proxy == NULL)
+                 return FALSE;
+ 
+        return accounts_user_get_automatic_login (user->accounts_proxy);
+ }
+ 
+ /**
+  * act_user_is_system_account:
+  * @user: a #ActUser
+  *
+  * Returns whether or not #ActUser represents a 'system account' like
+  * 'root' or 'nobody'.
+  *
+  * Returns: %TRUE or %FALSE
+-- 
+2.14.3
+
diff --git a/SOURCES/0016-daemon-don-t-return-account-expiration-policy-if-not.patch b/SOURCES/0016-daemon-don-t-return-account-expiration-policy-if-not.patch
new file mode 100644
index 0000000..ca01fd1
--- /dev/null
+++ b/SOURCES/0016-daemon-don-t-return-account-expiration-policy-if-not.patch
@@ -0,0 +1,214 @@
+From 7facd87e8ba34654fc9c46b4a42943e92acafffb Mon Sep 17 00:00:00 2001
+From: Ray Strode <rstrode@redhat.com>
+Date: Wed, 7 Feb 2018 11:03:21 -0500
+Subject: [PATCH 16/16] daemon: don't return account expiration policy if not
+ known
+
+Right now we assume the user's shadow entry will always be available.
+If it's not available, we return fields from it initialized to 0.
+
+That leads to spurious password expired notifications in GNOME.
+
+This commit throws a NOT_SUPPORTED error if the shadow file is off
+limits.
+---
+ src/user.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/src/user.c b/src/user.c
+index a83cfe4..cf7eb26 100644
+--- a/src/user.c
++++ b/src/user.c
+@@ -79,60 +79,61 @@ struct User {
+         gchar *object_path;
+ 
+         Daemon       *daemon;
+ 
+         GKeyFile     *keyfile;
+ 
+         uid_t         uid;
+         gid_t         gid;
+         gchar        *user_name;
+         gchar        *real_name;
+         AccountType   account_type;
+         PasswordMode  password_mode;
+         gchar        *password_hint;
+         gchar        *home_dir;
+         gchar        *shell;
+         gchar        *email;
+         gchar        *language;
+         gchar        *x_session;
+         gchar        *location;
+         guint64       login_frequency;
+         gint64        login_time;
+         gint64        expiration_time;
+         gint64        last_change_time;
+         gint64        min_days_between_changes;
+         gint64        max_days_between_changes;
+         gint64        days_to_warn;
+         gint64        days_after_expiration_until_lock;
+         GVariant     *login_history;
+         gchar        *icon_file;
+         gchar        *default_icon_file;
++        gboolean      account_expiration_policy_known;
+         gboolean      locked;
+         gboolean      automatic_login;
+         gboolean      system_account;
+         gboolean      local_account;
+         gboolean      cached;
+ 
+         guint        *extension_ids;
+         guint         n_extension_ids;
+ };
+ 
+ typedef struct UserClass
+ {
+         AccountsUserSkeletonClass parent_class;
+ } UserClass;
+ 
+ static void user_accounts_user_iface_init (AccountsUserIface *iface);
+ 
+ G_DEFINE_TYPE_WITH_CODE (User, user, ACCOUNTS_TYPE_USER_SKELETON, G_IMPLEMENT_INTERFACE (ACCOUNTS_TYPE_USER, user_accounts_user_iface_init));
+ 
+ static gint
+ account_type_from_pwent (struct passwd *pwent)
+ {
+         struct group *grp;
+         gint i;
+ 
+         if (pwent->pw_uid == 0) {
+                 g_debug ("user is root so account type is administrator");
+                 return ACCOUNT_TYPE_ADMINISTRATOR;
+         }
+ 
+@@ -261,60 +262,61 @@ user_update_from_pwent (User          *user,
+                 locked = TRUE;
+         }
+         else {
+                 locked = FALSE;
+         }
+ 
+         if (user->locked != locked) {
+                 user->locked = locked;
+                 changed = TRUE;
+                 g_object_notify (G_OBJECT (user), "locked");
+         }
+ 
+         if (passwd == NULL || passwd[0] != 0) {
+                 mode = PASSWORD_MODE_REGULAR;
+         }
+         else {
+                 mode = PASSWORD_MODE_NONE;
+         }
+ 
+         if (spent) {
+                 if (spent->sp_lstchg == 0) {
+                         mode = PASSWORD_MODE_SET_AT_LOGIN;
+                 }
+ 
+                 user->expiration_time = spent->sp_expire;
+                 user->last_change_time  = spent->sp_lstchg;
+                 user->min_days_between_changes = spent->sp_min;
+                 user->max_days_between_changes = spent->sp_max;
+                 user->days_to_warn  = spent->sp_warn;
+                 user->days_after_expiration_until_lock = spent->sp_inact;
++                user->account_expiration_policy_known = TRUE;
+         }
+ 
+         if (user->password_mode != mode) {
+                 user->password_mode = mode;
+                 changed = TRUE;
+                 g_object_notify (G_OBJECT (user), "password-mode");
+         }
+ 
+         user->system_account = !user_classify_is_human (user->uid, user->user_name, pwent->pw_shell, passwd);
+ 
+         g_object_thaw_notify (G_OBJECT (user));
+ 
+         if (changed)
+                 accounts_user_emit_changed (ACCOUNTS_USER (user));
+ }
+ 
+ void
+ user_update_from_keyfile (User     *user,
+                           GKeyFile *keyfile)
+ {
+         gchar *s;
+ 
+         g_object_freeze_notify (G_OBJECT (user));
+ 
+         s = g_key_file_get_string (keyfile, "User", "Language", NULL);
+         if (s != NULL) {
+                 /* TODO: validate / normalize */
+                 g_free (user->language);
+                 user->language = s;
+                 g_object_notify (G_OBJECT (user), "language");
+@@ -1154,60 +1156,65 @@ user_set_x_session (AccountsUser          *auser,
+ 
+         if (!get_caller_uid (context, &uid)) {
+                 throw_error (context, ERROR_FAILED, "identifying caller failed");
+                 return FALSE;
+         }
+ 
+         if (user->uid == (uid_t) uid)
+                 action_id = "org.freedesktop.accounts.change-own-user-data";
+         else
+                 action_id = "org.freedesktop.accounts.user-administration";
+ 
+         daemon_local_check_auth (user->daemon,
+                                  user,
+                                  action_id,
+                                  TRUE,
+                                  user_change_x_session_authorized_cb,
+                                  context,
+                                  g_strdup (x_session),
+                                  (GDestroyNotify) g_free);
+ 
+         return TRUE;
+ }
+ 
+ static void
+ user_get_password_expiration_policy_authorized_cb (Daemon                *daemon,
+                                                    User                  *user,
+                                                    GDBusMethodInvocation *context,
+                                                    gpointer               data)
+ 
+ {
++        if (!user->account_expiration_policy_known) {
++                throw_error (context, ERROR_NOT_SUPPORTED, "account expiration policy unknown to accounts service");
++                return;
++        }
++
+         accounts_user_complete_get_password_expiration_policy (ACCOUNTS_USER (user),
+                                                                context,
+                                                                user->expiration_time,
+                                                                user->last_change_time,
+                                                                user->min_days_between_changes,
+                                                                user->max_days_between_changes,
+                                                                user->days_to_warn,
+                                                                user->days_after_expiration_until_lock);
+ }
+ 
+ static gboolean
+ user_get_password_expiration_policy (AccountsUser          *auser,
+                                      GDBusMethodInvocation *context)
+ {
+         User *user = (User*)auser;
+         int uid;
+         const gchar *action_id;
+ 
+         if (!get_caller_uid (context, &uid)) {
+                 throw_error (context, ERROR_FAILED, "identifying caller failed");
+                 return FALSE;
+         }
+ 
+         if (user->uid == (uid_t) uid)
+                 action_id = "org.freedesktop.accounts.change-own-user-data";
+         else
+                 action_id = "org.freedesktop.accounts.user-administration";
+ 
+         daemon_local_check_auth (user->daemon,
+                                  user,
+-- 
+2.14.3
+
diff --git a/SOURCES/0017-lib-don-t-try-to-update-login-frequency-manually.patch b/SOURCES/0017-lib-don-t-try-to-update-login-frequency-manually.patch
new file mode 100644
index 0000000..5115683
--- /dev/null
+++ b/SOURCES/0017-lib-don-t-try-to-update-login-frequency-manually.patch
@@ -0,0 +1,163 @@
+From 94e16cbaba4e727af4fe40a039110c5d0f0eb467 Mon Sep 17 00:00:00 2001
+From: Ray Strode <rstrode@redhat.com>
+Date: Wed, 14 Feb 2018 10:00:19 -0500
+Subject: [PATCH 17/17] lib: don't try to update login frequency manually
+
+The library will try to update the login frequency to 1 if the
+requested user isn't finished asynchronously loading yet, but we
+know they have an open session.
+
+That no longer works, since we no longer track login-frequency
+separately from the dbus proxy object.
+
+This commit drops the code, since it's unnecessary anyway.
+
+To be "on the safe side" we change the value returned for unloaded
+users from 0 to 1.  This is okay because the value is undefined
+before the user is loaded anyway.
+---
+ src/libaccountsservice/act-user-manager.c | 6 ------
+ src/libaccountsservice/act-user.c         | 2 +-
+ 2 files changed, 1 insertion(+), 7 deletions(-)
+
+diff --git a/src/libaccountsservice/act-user-manager.c b/src/libaccountsservice/act-user-manager.c
+index 6c6628b..6efb772 100644
+--- a/src/libaccountsservice/act-user-manager.c
++++ b/src/libaccountsservice/act-user-manager.c
+@@ -1663,66 +1663,60 @@ get_x11_display_for_new_session (ActUserManagerNewSession *new_session)
+ static void
+ maybe_add_new_session (ActUserManagerNewSession *new_session)
+ {
+         ActUserManager *manager;
+         ActUser        *user;
+         gboolean        is_ours;
+ 
+         manager = ACT_USER_MANAGER (new_session->manager);
+ 
+         is_ours = TRUE;
+ 
+         if (new_session->x11_display == NULL) {
+                 g_debug ("AcUserManager: (mostly) ignoring session '%s' since it's not graphical",
+                          new_session->id);
+                 is_ours = FALSE;
+         } else if (session_is_login_window (manager, new_session->id)) {
+                 new_session->state = ACT_USER_MANAGER_NEW_SESSION_STATE_LOADED;
+                 unload_new_session (new_session);
+                 return;
+         } else if (!session_is_on_our_seat (manager, new_session->id)) {
+                 is_ours = FALSE;
+         }
+ 
+         user = act_user_manager_get_user_by_id (manager, new_session->uid);
+         if (user == NULL) {
+                 unload_new_session (new_session);
+                 return;
+         }
+ 
+         add_session_for_user (manager, user, new_session->id, is_ours);
+-
+-        /* if we haven't yet gotten the login frequency
+-           then at least add one because the session exists */
+-        if (act_user_get_login_frequency (user) == 0) {
+-                _act_user_update_login_frequency (user, 1);
+-        }
+ }
+ 
+ static void
+ load_new_session (ActUserManager *manager,
+                   const char     *session_id)
+ {
+         ActUserManagerNewSession *new_session;
+ 
+         new_session = g_slice_new0 (ActUserManagerNewSession);
+ 
+         new_session->manager = g_object_ref (manager);
+         new_session->id = g_strdup (session_id);
+         new_session->state = ACT_USER_MANAGER_NEW_SESSION_STATE_UNLOADED + 1;
+         new_session->cancellable = g_cancellable_new ();
+ 
+         manager->priv->new_sessions = g_slist_prepend (manager->priv->new_sessions,
+                                                        new_session);
+         load_new_session_incrementally (new_session);
+ }
+ 
+ static void
+ seat_session_added (GDBusProxy     *seat_proxy,
+                     const char     *session_id,
+                     ActUserManager *manager)
+ {
+         g_debug ("ActUserManager: Session added: %s", session_id);
+ 
+         load_new_session (manager, session_id);
+ }
+ 
+diff --git a/src/libaccountsservice/act-user.c b/src/libaccountsservice/act-user.c
+index e21c9db..bc8b7f8 100644
+--- a/src/libaccountsservice/act-user.c
++++ b/src/libaccountsservice/act-user.c
+@@ -705,61 +705,61 @@ act_user_get_location (ActUser *user)
+  *
+  * Returns: (transfer none): a pointer to an array of characters which must not be modified or
+  *  freed, or %NULL.
+  **/
+ 
+ const char *
+ act_user_get_user_name (ActUser *user)
+ {
+         g_return_val_if_fail (ACT_IS_USER (user), NULL);
+ 
+         if (user->accounts_proxy == NULL)
+                 return NULL;
+ 
+         return accounts_user_get_user_name (user->accounts_proxy);
+ }
+ 
+ /**
+  * act_user_get_login_frequency:
+  * @user: a #ActUser
+  *
+  * Returns the number of times @user has logged in.
+  *
+  * Returns: the login frequency
+  */
+ int
+ act_user_get_login_frequency (ActUser *user)
+ {
+         g_return_val_if_fail (ACT_IS_USER (user), 0);
+ 
+         if (user->accounts_proxy == NULL)
+-                return 0;
++                return 1;
+ 
+         return accounts_user_get_login_frequency (user->accounts_proxy);
+ }
+ 
+ /**
+  * act_user_get_login_time:
+  * @user: a #ActUser
+  *
+  * Returns the last login time for @user.
+  *
+  * Returns: (transfer none): the login time
+  */
+ gint64
+ act_user_get_login_time (ActUser *user)
+ {
+         g_return_val_if_fail (ACT_IS_USER (user), 0);
+ 
+         if (user->accounts_proxy == NULL)
+                 return 0;
+ 
+         return accounts_user_get_login_time (user->accounts_proxy);
+ }
+ 
+ /**
+  * act_user_get_login_history:
+  * @user: a #ActUser
+  *
+  * Returns the login history for @user.
+  *
+  * Returns: (transfer none): a pointer to GVariant of type "a(xxa{sv})"
+-- 
+2.14.3
+
diff --git a/SPECS/accountsservice.spec b/SPECS/accountsservice.spec
index a27e700..5e13e8d 100644
--- a/SPECS/accountsservice.spec
+++ b/SPECS/accountsservice.spec
@@ -2,7 +2,7 @@
 
 Name:           accountsservice
 Version:        0.6.45
-Release:        3%{?dist}.1
+Release:        7%{?dist}
 Summary:        D-Bus interfaces for querying and manipulating user account information
 
 Group:          System Environment/Daemons
@@ -42,6 +42,9 @@ Patch11: 0011-lib-simplify-code-dramatically.patch
 Patch12: 0012-lib-don-t-track-user-added-user-removed-until-we-get.patch
 Patch13: 0013-lib-only-track-users-after-act_user_manager_list_use.patch
 Patch14: 0014-lib-fix-crasher-if-accounts-proxy-is-unavailable.patch
+Patch15: 0015-act-user-Prevent-segfault-if-accounts_proxy-is-not-c.patch
+Patch16: 0016-daemon-don-t-return-account-expiration-policy-if-not.patch
+Patch17: 0017-lib-don-t-try-to-update-login-frequency-manually.patch
 
 %package libs
 Summary: Client-side library to talk to accountsservice
@@ -124,7 +127,20 @@ rm $RPM_BUILD_ROOT%{_libdir}/*.a
 %{_datadir}/gtk-doc/html/libaccountsservice/*
 
 %changelog
-* Fri Nov 03 2017 Ray Strode <rstrode@redhat.com> - 0.6.45-3.1
+* Wed Feb 14 2018 Ray Strode <rstrode@redhat.com> - 0.6.45-7
+- Fix bug leading to harmless error in log
+  Resolves: #1544640
+
+* Wed Feb 07 2018 Ray Strode <rstrode@redhat.com> - 0.6.45-6
+- Don't return bogus password expiration policy when
+  shadow file is unavailable
+  Resolves: #1530659
+
+* Tue Jan 30 2018 Ray Strode <rstrode@redhat.com> - 0.6.45-5
+- Fix other crasher introduced in -3
+  Resolves: #1532252
+
+* Fri Nov 03 2017 Ray Strode <rstrode@redhat.com> - 0.6.45-4
 - Fix crasher introduced in -3
   Related: #1474579, 1509261