diff --git a/cairo-Use-FT_Done_MM_Var-instead-of-free-when-available.patch b/cairo-Use-FT_Done_MM_Var-instead-of-free-when-available.patch
new file mode 100644
index 0000000..b7e42b2
--- /dev/null
+++ b/cairo-Use-FT_Done_MM_Var-instead-of-free-when-available.patch
@@ -0,0 +1,30 @@
+From 90e85c2493fdfa3551f202ff10282463f1e36645 Mon Sep 17 00:00:00 2001
+From: Carlos Garcia Campos <cgarcia@igalia.com>
+Date: Mon, 19 Nov 2018 12:33:07 +0100
+Subject: [PATCH] ft: Use FT_Done_MM_Var instead of free when available in
+ cairo_ft_apply_variations
+
+Fixes a crash when using freetype >= 2.9
+---
+ src/cairo-ft-font.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/src/cairo-ft-font.c b/src/cairo-ft-font.c
+index 325dd61b4..981973f78 100644
+--- a/src/cairo-ft-font.c
++++ b/src/cairo-ft-font.c
+@@ -2393,7 +2393,11 @@ skip:
+ done:
+         free (coords);
+         free (current_coords);
++#if HAVE_FT_DONE_MM_VAR
++        FT_Done_MM_Var (face->glyph->library, ft_mm_var);
++#else
+         free (ft_mm_var);
++#endif
+     }
+ }
+ 
+-- 
+2.19.2
+
diff --git a/cairo-composite_color_glyphs.patch b/cairo-composite_color_glyphs.patch
new file mode 100644
index 0000000..0d8ca47
--- /dev/null
+++ b/cairo-composite_color_glyphs.patch
@@ -0,0 +1,57 @@
+From 79ad01724161502e8d9d2bd384ff1f0174e5df6e Mon Sep 17 00:00:00 2001
+From: Matthias Clasen <mclasen@redhat.com>
+Date: Thu, 30 May 2019 07:30:55 -0400
+Subject: [PATCH] Fix a thinko in composite_color_glyphs
+
+We can't just move around the contents of the
+passed-in string, we need to make a copy. This
+was showing up as memory corruption in pango.
+
+See https://gitlab.gnome.org/GNOME/pango/issues/346
+---
+ src/cairo-surface.c | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+diff --git a/src/cairo-surface.c b/src/cairo-surface.c
+index c30f84087..e112b660a 100644
+--- a/src/cairo-surface.c
++++ b/src/cairo-surface.c
+@@ -2820,6 +2820,7 @@ _cairo_surface_show_text_glyphs (cairo_surface_t	    *surface,
+ 				 const cairo_clip_t		*clip)
+ {
+     cairo_int_status_t status;
++    char *utf8_copy = NULL;
+ 
+     TRACE ((stderr, "%s\n", __FUNCTION__));
+     if (unlikely (surface->status))
+@@ -2847,6 +2848,10 @@ _cairo_surface_show_text_glyphs (cairo_surface_t	    *surface,
+     status = CAIRO_INT_STATUS_UNSUPPORTED;
+ 
+     if (_cairo_scaled_font_has_color_glyphs (scaled_font)) {
++        utf8_copy = malloc (sizeof (char) * utf8_len);
++        memcpy (utf8_copy, utf8, sizeof (char) * utf8_len);
++        utf8 = utf8_copy;
++
+         status = composite_color_glyphs (surface, op,
+                                          source,
+                                          (char *)utf8, &utf8_len,
+@@ -2861,6 +2866,8 @@ _cairo_surface_show_text_glyphs (cairo_surface_t	    *surface,
+         if (num_glyphs == 0)
+             goto DONE;
+     }
++    else
++      utf8_copy = NULL;
+ 
+     /* The logic here is duplicated in _cairo_analysis_surface show_glyphs and
+      * show_text_glyphs.  Keep in synch. */
+@@ -2918,6 +2925,9 @@ _cairo_surface_show_text_glyphs (cairo_surface_t	    *surface,
+ 	surface->serial++;
+     }
+ 
++    if (utf8_copy)
++        free (utf8_copy);
++
+     return _cairo_surface_set_error (surface, status);
+ }
+
+ 
diff --git a/cairo.changes b/cairo.changes
index 0afbd5b..257262f 100644
--- a/cairo.changes
+++ b/cairo.changes
@@ -1,3 +1,16 @@
+-------------------------------------------------------------------
+Wed Sep  4 09:59:21 UTC 2019 - Bjørn Lie <bjorn.lie@gmail.com>
+
+- Add 2 upstream bug fix patches:
+  + cairo-Use-FT_Done_MM_Var-instead-of-free-when-available.patch:
+    ft: Use FT_Done_MM_Var instead of free when available in
+    cairo_ft_apply_variations. Fixes a crash when using freetype
+    >= 2.9
+  + cairo-composite_color_glyphs.patch: Fix a thinko in
+    composite_color_glyphs. We can't just move around the contents
+    of the passed-in string, we need to make a copy. This was
+    showing up as memory corruption in pango.
+
 -------------------------------------------------------------------
 Sun Oct 21 08:48:44 UTC 2018 - bjorn.lie@gmail.com
 
diff --git a/cairo.spec b/cairo.spec
index 2e0c8ad..1eb0d6a 100644
--- a/cairo.spec
+++ b/cairo.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package cairo
 #
-# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -31,6 +31,10 @@ Source99:       baselibs.conf
 Patch0:         cairo-xlib-endianness.patch
 # PATCH-FIX-UPSTREAM cairo-get_bitmap_surface-bsc1036789-CVE-2017-7475.diff alarrosa@suse.com -- Fix segfault in get_bitmap_surface
 Patch1:         cairo-get_bitmap_surface-bsc1036789-CVE-2017-7475.diff
+# PATCH-FIX-UPSTREAM cairo-Use-FT_Done_MM_Var-instead-of-free-when-available.patch -- ft: Use FT_Done_MM_Var instead of free when available in cairo_ft_apply_variations
+Patch2:         cairo-Use-FT_Done_MM_Var-instead-of-free-when-available.patch
+# PATCH-FIX-UPSTREAM cairo-composite_color_glyphs.patch -- Fix a thinko in composite_color_glyphs
+Patch3:         cairo-composite_color_glyphs.patch
 
 BuildRequires:  gtk-doc
 BuildRequires:  pkgconfig
@@ -138,9 +142,7 @@ This package contains all files necessary to build binaries using
 cairo.
 
 %prep
-%setup -q
-%patch0 -p1
-%patch1 -p1
+%autosetup -p1
 
 %build
 %configure \