diff --git a/SOURCES/passwd-0.79-incorrect-S-report.patch b/SOURCES/passwd-0.79-incorrect-S-report.patch
new file mode 100644
index 0000000..22c2109
--- /dev/null
+++ b/SOURCES/passwd-0.79-incorrect-S-report.patch
@@ -0,0 +1,48 @@
+diff --git a/libuser.c b/libuser.c
+index 7a36520..06c6200 100644
+--- a/libuser.c
++++ b/libuser.c
+@@ -233,6 +233,7 @@ pwdb_display_status(const char *username)
+ 	struct lu_ent *ent;
+ 	struct lu_error *error = NULL;
+ 	char *current;
++	char *current_user;
+ 	char *realname;
+ 	const char *msg;
+ 	int shadow = 1;
+@@ -256,9 +257,10 @@ pwdb_display_status(const char *username)
+ 			goto bail;
+ 		}
+ 		current = lu_ent_get_first_value_strdup(ent, LU_SHADOWPASSWORD);
++		current_user = lu_ent_get_first_value_strdup(ent, LU_USERPASSWORD);
+ 		if (current == NULL) {
+ 			shadow = 0;
+-			current = lu_ent_get_first_value_strdup(ent, LU_USERPASSWORD);
++			current = current_user;
+ 		} else {
+ 			sp_lstchg = (time_t) ent_value_int64(ent, LU_SHADOWLASTCHANGE);
+ 			sp_min = ent_value_int64(ent, LU_SHADOWMIN);
+@@ -298,6 +300,13 @@ pwdb_display_status(const char *username)
+ 				msg = _("Password set, DES crypt.");
+ 			}
+ 			if (shadow) {
++				if (status[0] != 'N' && current_user && strlen(current_user) == 0) {
++					fprintf(stderr, "%s: %s\n", progname,
++						_("There is a password information set in /etc/shadow,"
++						  " but the password field in /etc/passwd is empty."));
++					msg = _("Empty password.");
++					status = "NP";
++				}
+ 				sp_lstchg = sp_lstchg * 24L * 3600L;
+ 				localtime_r(&sp_lstchg, &tm);
+ 				strftime(date, sizeof(date), "%Y-%m-%d", &tm);
+@@ -307,6 +316,9 @@ pwdb_display_status(const char *username)
+ 				printf("%s %s (%s)\n", realname, status, msg);
+ 			}
+ 			g_free(current);
++			if (shadow && current_user) {
++				g_free(current_user);
++			}
+ 		} else {
+ 			printf(_("No password set.\n"));
+ 		}
diff --git a/SPECS/passwd.spec b/SPECS/passwd.spec
index 03c5ce4..9b24fcb 100644
--- a/SPECS/passwd.spec
+++ b/SPECS/passwd.spec
@@ -7,7 +7,7 @@
 Summary: An utility for setting or changing passwords using PAM
 Name: passwd
 Version: 0.79
-Release: 5%{?dist}
+Release: 6%{?dist}
 License: BSD or GPL+
 Group: System Environment/Base
 URL: https://pagure.io/%{name}
@@ -19,6 +19,9 @@ Patch1: passwd-0.79-no-length-limit-stdin-passwords.patch
 Patch2: passwd-0.79-auditing.patch
 # Backport 02d4478 (rhbz#1145256)
 Patch3: passwd-0.79-document-S-option.patch
+# Fix incorrect -S output when password field in /etc/passwd is empty but the
+# password information in /etc/shadow is present (rhbz#1686436)
+Patch4: passwd-0.79-incorrect-S-report.patch
 Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 Requires: pam >= 1.0.90, /etc/pam.d/system-auth
 %if %{WITH_SELINUX}
@@ -44,6 +47,7 @@ Modules) library.
 %patch1 -p1 -b .length-limit
 %patch2 -p1 -b .auditing
 %patch3 -p1 -b .doc-S-opt
+%patch4 -p1 -b .S-report
 
 %build
 %configure \
@@ -86,6 +90,11 @@ rm -rf $RPM_BUILD_ROOT
 %{_mandir}/man1/passwd.1*
 
 %changelog
+* Mon Aug 12 2019 Jiri Kucera <jkucera@redhat.com> - 0.79-6
+- Fix incorrect -S output when password field in /etc/passwd is empty but the
+  password information in /etc/shadow is set
+  Resolves: #1686436
+
 * Fri Mar 22 2019 Jiri Kucera <jkucera@redhat.com> - 0.79-5
 - Backport ca46cac (allow passwords longer than 79 characters)
   Backport Steve Grubb's patches