diff -Nru gjs-1.52.1/debian/changelog gjs-1.52.1/debian/changelog
--- gjs-1.52.1/debian/changelog	2018-04-12 16:12:07.000000000 +0800
+++ gjs-1.52.1/debian/changelog	2018-04-16 14:30:31.000000000 +0800
@@ -1,3 +1,14 @@
+gjs (1.52.1-1ubuntu1) bionic; urgency=medium
+
+  * Add fix-crashes-lp1763878-revert-575f1e2e077.patch to fix shutdown
+    crashes (LP: #1763878)
+  * Add some patches to solve large memory leaks (LP: #1672297)
+    - fix-leaks-lp1672297-1-context-Add-API-to-force-GC-schedule.patch
+    - fix-leaks-lp1672297-2-object-Queue-a-forced-GC-when-toggling-down.patch
+    - Note: More such patches are under review so this list may grow in future.
+
+ -- Daniel van Vugt <daniel.van.vugt@canonical.com>  Mon, 16 Apr 2018 14:30:31 +0800
+
 gjs (1.52.1-1) unstable; urgency=medium
 
   * New upstream release 
diff -Nru gjs-1.52.1/debian/patches/fix-crashes-lp1763878-revert-575f1e2e077.patch gjs-1.52.1/debian/patches/fix-crashes-lp1763878-revert-575f1e2e077.patch
--- gjs-1.52.1/debian/patches/fix-crashes-lp1763878-revert-575f1e2e077.patch	1970-01-01 08:00:00.000000000 +0800
+++ gjs-1.52.1/debian/patches/fix-crashes-lp1763878-revert-575f1e2e077.patch	2018-04-16 14:30:31.000000000 +0800
@@ -0,0 +1,69 @@
+From 8510bede1dd1f8a5fb95a2f594b4d3a68289e5ea Mon Sep 17 00:00:00 2001
+From: Philip Chimento <philip.chimento@gmail.com>
+Date: Sat, 14 Apr 2018 16:25:58 -0700
+Subject: [PATCH] Revert "engine: Free Cairo static data on shutdown"
+
+This reverts commit 575f1e2e077af04a112b9e5eaabaf008b086568e.
+Per https://bugs.freedesktop.org/show_bug.cgi?id=105466, calling
+cairo_debug_reset_static_data() was supposed to be safe in production,
+but actually it fails assertions on program exit, with certain Cairo
+versions, including 1.14.12.
+
+Unreviewed.
+---
+ gjs/engine.cpp | 18 ++----------------
+ 1 file changed, 2 insertions(+), 16 deletions(-)
+
+diff --git a/gjs/engine.cpp b/gjs/engine.cpp
+index 90fa57c..67911ee 100644
+--- a/gjs/engine.cpp
++++ b/gjs/engine.cpp
+@@ -37,10 +37,6 @@
+ #include <windows.h>
+ #endif
+ 
+-#ifdef ENABLE_CAIRO
+-# include <cairo.h>
+-#endif
+-
+ /* Implementations of locale-specific operations; these are used
+  * in the implementation of String.localeCompare(), Date.toLocaleDateString(),
+  * and so forth. We take the straight-forward approach of converting
+@@ -218,16 +214,6 @@ on_promise_unhandled_rejection(JSContext                    *cx,
+                                                       std::move(stack));
+ }
+ 
+-static void
+-shutdown(void)
+-{
+-    JS_ShutDown();
+-
+-#ifdef ENABLE_CAIRO
+-    cairo_debug_reset_static_data();  /* for valgrind reports */
+-#endif
+-}
+-
+ #ifdef G_OS_WIN32
+ HMODULE gjs_dll;
+ static bool gjs_is_inited = false;
+@@ -245,7 +231,7 @@ LPVOID    lpvReserved)
+     break;
+ 
+   case DLL_THREAD_DETACH:
+-    shutdown();
++    JS_ShutDown ();
+     break;
+ 
+   default:
+@@ -265,7 +251,7 @@ public:
+     }
+ 
+     ~GjsInit() {
+-        shutdown();
++        JS_ShutDown();
+     }
+ 
+     operator bool() {
+-- 
+2.17.0
+
diff -Nru gjs-1.52.1/debian/patches/fix-leaks-lp1672297-1-context-Add-API-to-force-GC-schedule.patch gjs-1.52.1/debian/patches/fix-leaks-lp1672297-1-context-Add-API-to-force-GC-schedule.patch
--- gjs-1.52.1/debian/patches/fix-leaks-lp1672297-1-context-Add-API-to-force-GC-schedule.patch	1970-01-01 08:00:00.000000000 +0800
+++ gjs-1.52.1/debian/patches/fix-leaks-lp1672297-1-context-Add-API-to-force-GC-schedule.patch	2018-04-16 14:30:31.000000000 +0800
@@ -0,0 +1,90 @@
+From 33cbbeb11b61a0ffc8ff50e261e5dd33806590f9 Mon Sep 17 00:00:00 2001
+From: Georges Basile Stavracas Neto <georges.stavracas@gmail.com>
+Date: Fri, 30 Mar 2018 21:37:37 -0300
+Subject: [PATCH 1/2] context: Add API to force GC schedule
+
+There are situations where we cannot run the
+GC right away, but we also cannot ignore the
+need of running it.
+
+For those cases, add a new private function
+that forces GC to happen on idle.
+---
+ gjs/context-private.h |  2 ++
+ gjs/context.cpp       | 29 +++++++++++++++++++++++++----
+ 2 files changed, 27 insertions(+), 4 deletions(-)
+
+diff --git a/gjs/context-private.h b/gjs/context-private.h
+index 6dbe669..c45c8d0 100644
+--- a/gjs/context-private.h
++++ b/gjs/context-private.h
+@@ -36,6 +36,8 @@ bool         _gjs_context_destroying                  (GjsContext *js_context);
+ 
+ void         _gjs_context_schedule_gc_if_needed       (GjsContext *js_context);
+ 
++void _gjs_context_schedule_gc (GjsContext *js_context);
++
+ void _gjs_context_exit(GjsContext *js_context,
+                        uint8_t     exit_code);
+ 
+diff --git a/gjs/context.cpp b/gjs/context.cpp
+index c509943..77d7eaa 100644
+--- a/gjs/context.cpp
++++ b/gjs/context.cpp
+@@ -90,6 +90,7 @@ struct _GjsContext {
+     uint8_t exit_code;
+ 
+     guint    auto_gc_id;
++    bool     force_gc;
+ 
+     std::array<JS::PersistentRootedId*, GJS_STRING_LAST> const_strings;
+ 
+@@ -592,21 +593,41 @@ trigger_gc_if_needed (gpointer user_data)
+ {
+     GjsContext *js_context = GJS_CONTEXT(user_data);
+     js_context->auto_gc_id = 0;
+-    gjs_gc_if_needed(js_context->context);
++
++    if (js_context->force_gc)
++        JS_GC(js_context->context);
++    else
++        gjs_gc_if_needed(js_context->context);
++
+     return G_SOURCE_REMOVE;
+ }
+ 
+-void
+-_gjs_context_schedule_gc_if_needed (GjsContext *js_context)
++
++static void
++_gjs_context_schedule_gc_internal (GjsContext *js_context,
++                                   bool        force_gc)
+ {
+     if (js_context->auto_gc_id > 0)
+-        return;
++        g_source_remove(js_context->auto_gc_id);
+ 
++    js_context->force_gc = force_gc;
+     js_context->auto_gc_id = g_idle_add_full(G_PRIORITY_LOW,
+                                              trigger_gc_if_needed,
+                                              js_context, NULL);
+ }
+ 
++void
++_gjs_context_schedule_gc (GjsContext *js_context)
++{
++    _gjs_context_schedule_gc_internal(js_context, true);
++}
++
++void
++_gjs_context_schedule_gc_if_needed (GjsContext *js_context)
++{
++    _gjs_context_schedule_gc_internal(js_context, false);
++}
++
+ void
+ _gjs_context_exit(GjsContext *js_context,
+                   uint8_t     exit_code)
+-- 
+2.17.0
+
diff -Nru gjs-1.52.1/debian/patches/fix-leaks-lp1672297-2-object-Queue-a-forced-GC-when-toggling-down.patch gjs-1.52.1/debian/patches/fix-leaks-lp1672297-2-object-Queue-a-forced-GC-when-toggling-down.patch
--- gjs-1.52.1/debian/patches/fix-leaks-lp1672297-2-object-Queue-a-forced-GC-when-toggling-down.patch	1970-01-01 08:00:00.000000000 +0800
+++ gjs-1.52.1/debian/patches/fix-leaks-lp1672297-2-object-Queue-a-forced-GC-when-toggling-down.patch	2018-04-16 14:30:31.000000000 +0800
@@ -0,0 +1,123 @@
+From 3f94b11a943c0e4d29c96930ced238580dc18fc7 Mon Sep 17 00:00:00 2001
+From: Georges Basile Stavracas Neto <georges.stavracas@gmail.com>
+Date: Wed, 28 Mar 2018 19:21:52 -0300
+Subject: [PATCH 2/2] object: Queue a forced GC when toggling down
+
+During a GC, the collector asks each object which other
+objects that it wants to hold on to so if there's an entire
+section of the heap graph that's not connected to anything
+else, and not reachable from the root set, then it can be
+trashed all at once.
+
+GObjects, however, don't work like that, there's only a
+reference count but no notion of who owns the reference so,
+a JS object that's proxying a GObject is unconditionally held
+alive as long as the GObject has >1 references.
+
+Since we cannot know how many more wrapped GObjects are going
+be marked for garbage collection after the owner is destroyed,
+always queue a garbage collection when a toggle reference goes
+down.
+
+Issue: #140
+---
+ gi/object.cpp         | 22 ++++++++++++++++++++++
+ gjs/context-private.h |  2 +-
+ gjs/context.cpp       | 14 ++++++++------
+ 3 files changed, 31 insertions(+), 7 deletions(-)
+
+diff --git a/gi/object.cpp b/gi/object.cpp
+index b20d8b9..f9cf3cc 100644
+--- a/gi/object.cpp
++++ b/gi/object.cpp
+@@ -987,8 +987,30 @@ handle_toggle_down(GObject *gobj)
+      * collected by the GC
+      */
+     if (priv->keep_alive.rooted()) {
++        GjsContext *context;
++
+         gjs_debug_lifecycle(GJS_DEBUG_GOBJECT, "Unrooting object");
+         priv->keep_alive.switch_to_unrooted();
++
++        /* During a GC, the collector asks each object which other
++         * objects that it wants to hold on to so if there's an entire
++         * section of the heap graph that's not connected to anything
++         * else, and not reachable from the root set, then it can be
++         * trashed all at once.
++         *
++         * GObjects, however, don't work like that, there's only a
++         * reference count but no notion of who owns the reference so,
++         * a JS object that's proxying a GObject is unconditionally held
++         * alive as long as the GObject has >1 references.
++         *
++         * Since we cannot know how many more wrapped GObjects are going
++         * be marked for garbage collection after the owner is destroyed,
++         * always queue a garbage collection when a toggle reference goes
++         * down.
++         */
++        context = gjs_context_get_current();
++        if (!_gjs_context_destroying(context))
++            _gjs_context_schedule_gc(context);
+     }
+ }
+ 
+diff --git a/gjs/context-private.h b/gjs/context-private.h
+index c45c8d0..49c0cf9 100644
+--- a/gjs/context-private.h
++++ b/gjs/context-private.h
+@@ -36,7 +36,7 @@ bool         _gjs_context_destroying                  (GjsContext *js_context);
+ 
+ void         _gjs_context_schedule_gc_if_needed       (GjsContext *js_context);
+ 
+-void _gjs_context_schedule_gc (GjsContext *js_context);
++void _gjs_context_schedule_gc(GjsContext *js_context);
+ 
+ void _gjs_context_exit(GjsContext *js_context,
+                        uint8_t     exit_code);
+diff --git a/gjs/context.cpp b/gjs/context.cpp
+index 77d7eaa..a2ce34a 100644
+--- a/gjs/context.cpp
++++ b/gjs/context.cpp
+@@ -599,31 +599,33 @@ trigger_gc_if_needed (gpointer user_data)
+     else
+         gjs_gc_if_needed(js_context->context);
+ 
++    js_context->force_gc = false;
++
+     return G_SOURCE_REMOVE;
+ }
+ 
+ 
+ static void
+-_gjs_context_schedule_gc_internal (GjsContext *js_context,
+-                                   bool        force_gc)
++_gjs_context_schedule_gc_internal(GjsContext *js_context,
++                                  bool        force_gc)
+ {
+     if (js_context->auto_gc_id > 0)
+-        g_source_remove(js_context->auto_gc_id);
++        return;
+ 
+-    js_context->force_gc = force_gc;
++    js_context->force_gc |= force_gc;
+     js_context->auto_gc_id = g_idle_add_full(G_PRIORITY_LOW,
+                                              trigger_gc_if_needed,
+                                              js_context, NULL);
+ }
+ 
+ void
+-_gjs_context_schedule_gc (GjsContext *js_context)
++_gjs_context_schedule_gc(GjsContext *js_context)
+ {
+     _gjs_context_schedule_gc_internal(js_context, true);
+ }
+ 
+ void
+-_gjs_context_schedule_gc_if_needed (GjsContext *js_context)
++_gjs_context_schedule_gc_if_needed(GjsContext *js_context)
+ {
+     _gjs_context_schedule_gc_internal(js_context, false);
+ }
+-- 
+2.17.0
+
diff -Nru gjs-1.52.1/debian/patches/series gjs-1.52.1/debian/patches/series
--- gjs-1.52.1/debian/patches/series	2018-04-10 16:15:49.000000000 +0800
+++ gjs-1.52.1/debian/patches/series	2018-04-16 14:30:31.000000000 +0800
@@ -0,0 +1,6 @@
+# Cherry picked from gjs master:
+fix-crashes-lp1763878-revert-575f1e2e077.patch
+
+# Critical leak fixes (not yet landed in gjs master):
+fix-leaks-lp1672297-1-context-Add-API-to-force-GC-schedule.patch
+fix-leaks-lp1672297-2-object-Queue-a-forced-GC-when-toggling-down.patch