diff --git a/NEWS b/NEWS
index 53ff4c7fb0c2f..d05761ae27512 100644
--- a/NEWS
+++ b/NEWS
@@ -20,11 +20,15 @@ PHP                                                                        NEWS
   (Christian Seiler)
 - Fixed bug #46215 (json_encode mutates its parameter and has some 
   class-specific state). (Felipe)
+- Fixed bug #46206 (pg_query_params/pg_execute convert passed values to
+  strings). (Ilia)
 - Fixed bug #46191 (BC break: DOMDocument saveXML() doesn't accept null). (Rob)
 - Fixed bug #46164 (stream_filter_remove() closes the stream). (Arnaud)
 - Fixed bug #46157 (PDOStatement::fetchObject prototype error). (Felipe)
 - Fixed bug #46147 (after stream seek, appending stream filter reads 
   incorrect data). (Greg)
+- Fixed bug #46110 (XMLWriter - openmemory() and openuri() leak memory on
+  multiple calls). (Ilia)
 - Fixed bug #46088 (RegexIterator::accept - segfault). (Felipe)
 - Fixed bug #46059 (Compile failure under IRIX 6.5.30 building posix.c). 
   (Arnaud)
@@ -77,6 +81,7 @@ PHP                                                                        NEWS
 - Fixed bug #45405 (snmp extension memory leak). (Federico Cuello, Rodrigo
   Campos)
 - Fixed bug #45392 (ob_start()/ob_end_clean() and memory_limit). (Arnaud)
+- Fixed bug #45382 (timeout bug in stream_socket_enable_crypto). (Ilia)
 - Fixed bug #45373 (php crash on query with errors in params). (Felipe)
 - Fixed bug #45352 (Segmentation fault because of tick function on second
   request). (Dmitry)
diff --git a/ext/openssl/xp_ssl.c b/ext/openssl/xp_ssl.c
index e0d6e3c475782..557856cbc0c79 100644
--- a/ext/openssl/xp_ssl.c
+++ b/ext/openssl/xp_ssl.c
@@ -417,7 +417,7 @@ static inline int php_openssl_enable_crypto(php_stream *stream,
 				n = SSL_connect(sslsock->ssl_handle);
 				gettimeofday(&tve, &tz);
 
-				timeout -= (tve.tv_sec + tve.tv_usec / 1000000) - (tvs.tv_sec + tvs.tv_usec / 1000000);
+				timeout -= (tve.tv_sec + (float) tve.tv_usec / 1000000) - (tvs.tv_sec + (float) tvs.tv_usec / 1000000);
 				if (timeout < 0) {
 					php_error_docref(NULL TSRMLS_CC, E_WARNING, "SSL: connection timeout");
 					return -1;
diff --git a/ext/pgsql/pgsql.c b/ext/pgsql/pgsql.c
index 8f4b0e6531dcd..948dcc9634f89 100644
--- a/ext/pgsql/pgsql.c
+++ b/ext/pgsql/pgsql.c
@@ -1199,6 +1199,10 @@ PHP_FUNCTION(pg_query)
 static void _php_pgsql_free_params(char **params, int num_params)
 {
 	if (num_params > 0) {
+		int i;
+		for (i = 0; i < num_params; i++) {
+			efree(params[i]);
+		}
 		efree(params);
 	}
 }
@@ -1216,7 +1220,6 @@ PHP_FUNCTION(pg_query_params)
 	int leftover = 0;
 	int num_params = 0;
 	char **params = NULL;
-	unsigned char otype;
 	PGconn *pgsql;
 	PGresult *pgsql_result;
 	ExecStatusType status;
@@ -1276,19 +1279,20 @@ PHP_FUNCTION(pg_query_params)
 				RETURN_FALSE;
 			}
 
-			otype = (*tmp)->type;
-			convert_to_string_ex(tmp);
-			if (Z_TYPE_PP(tmp) != IS_STRING) {
-				php_error_docref(NULL TSRMLS_CC, E_WARNING,"Error converting parameter");
-				_php_pgsql_free_params(params, num_params);
-				RETURN_FALSE;
-			}
-
-			if (otype == IS_NULL) {
+			if (Z_TYPE_PP(tmp) == IS_NULL) {
 				params[i] = NULL;
-			}
-			else {
-				params[i] = Z_STRVAL_PP(tmp);
+			} else {
+				zval tmp_val = **tmp;
+				zval_copy_ctor(&tmp_val);
+				convert_to_string(&tmp_val);
+				if (Z_TYPE(tmp_val) != IS_STRING) {
+					php_error_docref(NULL TSRMLS_CC, E_WARNING,"Error converting parameter");
+					zval_dtor(&tmp_val);
+					_php_pgsql_free_params(params, num_params);
+					RETURN_FALSE;
+				}
+				params[i] = estrndup(Z_STRVAL(tmp_val), Z_STRLEN(tmp_val));
+				zval_dtor(&tmp_val);
 			}
 
 			zend_hash_move_forward(Z_ARRVAL_PP(pv_param_arr));
@@ -1439,7 +1443,6 @@ PHP_FUNCTION(pg_execute)
 	int leftover = 0;
 	int num_params = 0;
 	char **params = NULL;
-	unsigned char otype;
 	PGconn *pgsql;
 	PGresult *pgsql_result;
 	ExecStatusType status;
@@ -1500,19 +1503,20 @@ PHP_FUNCTION(pg_execute)
 				RETURN_FALSE;
 			}
 
-			otype = (*tmp)->type;
-			SEPARATE_ZVAL(tmp);
-			convert_to_string_ex(tmp);
-			if (Z_TYPE_PP(tmp) != IS_STRING) {
-				php_error_docref(NULL TSRMLS_CC, E_WARNING,"Error converting parameter");
-				_php_pgsql_free_params(params, num_params);
-				RETURN_FALSE;
-			}
-
-			if (otype == IS_NULL) {
+			if (Z_TYPE_PP(tmp) == IS_NULL) {
 				params[i] = NULL;
 			} else {
-				params[i] = Z_STRVAL_PP(tmp);
+				zval tmp_val = **tmp;
+				zval_copy_ctor(&tmp_val);
+				convert_to_string(&tmp_val);
+				if (Z_TYPE(tmp_val) != IS_STRING) {
+					php_error_docref(NULL TSRMLS_CC, E_WARNING,"Error converting parameter");
+					zval_dtor(&tmp_val);
+					_php_pgsql_free_params(params, num_params);
+					RETURN_FALSE;
+				}
+				params[i] = estrndup(Z_STRVAL(tmp_val), Z_STRLEN(tmp_val));
+				zval_dtor(&tmp_val);
 			}
 
 			zend_hash_move_forward(Z_ARRVAL_PP(pv_param_arr));
@@ -4048,7 +4052,6 @@ PHP_FUNCTION(pg_send_query_params)
 	zval **pv_param_arr, **tmp;
 	int num_params = 0;
 	char **params = NULL;
-	unsigned char otype;
 	zval **query;
 	int id = -1;
 	PGconn *pgsql;
@@ -4097,20 +4100,20 @@ PHP_FUNCTION(pg_send_query_params)
 				RETURN_FALSE;
 			}
 
-			otype = (*tmp)->type;
-			SEPARATE_ZVAL(tmp);
-			convert_to_string_ex(tmp);
-			if (Z_TYPE_PP(tmp) != IS_STRING) {
-				php_error_docref(NULL TSRMLS_CC, E_WARNING,"Error converting parameter");
-				_php_pgsql_free_params(params, num_params);
-				RETURN_FALSE;
-			}
-
-			if (otype == IS_NULL) {
+			if (Z_TYPE_PP(tmp) == IS_NULL) {
 				params[i] = NULL;
-			}
-			else {
-				params[i] = Z_STRVAL_PP(tmp);
+			} else {
+				zval tmp_val = **tmp;
+				zval_copy_ctor(&tmp_val);
+				convert_to_string(&tmp_val);
+				if (Z_TYPE(tmp_val) != IS_STRING) {
+					php_error_docref(NULL TSRMLS_CC, E_WARNING,"Error converting parameter");
+					zval_dtor(&tmp_val);
+					_php_pgsql_free_params(params, num_params);
+					RETURN_FALSE;
+				}
+				params[i] = estrndup(Z_STRVAL(tmp_val), Z_STRLEN(tmp_val));
+				zval_dtor(&tmp_val);
 			}
 
 			zend_hash_move_forward(Z_ARRVAL_PP(pv_param_arr));
@@ -4194,7 +4197,6 @@ PHP_FUNCTION(pg_send_execute)
 	zval **pv_param_arr, **tmp;
 	int num_params = 0;
 	char **params = NULL;
-	unsigned char otype;
 	zval **stmtname;
 	int id = -1;
 	PGconn *pgsql;
@@ -4241,19 +4243,20 @@ PHP_FUNCTION(pg_send_execute)
 				RETURN_FALSE;
 			}
 
-			otype = (*tmp)->type;
-			convert_to_string(*tmp);
-			if (Z_TYPE_PP(tmp) != IS_STRING) {
-				php_error_docref(NULL TSRMLS_CC, E_WARNING,"Error converting parameter");
-				_php_pgsql_free_params(params, num_params);
-				RETURN_FALSE;
-			}
-
-			if (otype == IS_NULL) {
+			if (Z_TYPE_PP(tmp) == IS_NULL) {
 				params[i] = NULL;
-			}
-			else {
-				params[i] = Z_STRVAL_PP(tmp);
+			} else {
+				zval tmp_val = **tmp;
+				zval_copy_ctor(&tmp_val);
+				convert_to_string(&tmp_val);
+				if (Z_TYPE(tmp_val) != IS_STRING) {
+					php_error_docref(NULL TSRMLS_CC, E_WARNING,"Error converting parameter");
+					zval_dtor(&tmp_val);
+					_php_pgsql_free_params(params, num_params);
+					RETURN_FALSE;
+				}
+				params[i] = estrndup(Z_STRVAL(tmp_val), Z_STRLEN(tmp_val));
+				zval_dtor(&tmp_val);
 			}
 
 			zend_hash_move_forward(Z_ARRVAL_PP(pv_param_arr));
diff --git a/ext/xmlwriter/php_xmlwriter.c b/ext/xmlwriter/php_xmlwriter.c
index 29ec8ce1eb9ab..fbffcaece7860 100644
--- a/ext/xmlwriter/php_xmlwriter.c
+++ b/ext/xmlwriter/php_xmlwriter.c
@@ -1483,6 +1483,9 @@ static PHP_FUNCTION(xmlwriter_open_uri)
 	intern->uri_output = out_buffer;
 #else
 	if (this) {
+		if (ze_obj->xmlwriter_ptr) {
+			xmlwriter_free_resource_ptr(ze_obj->xmlwriter_ptr TSRMLS_CC);
+		}
 		ze_obj->xmlwriter_ptr = intern;
 		RETURN_TRUE;
 	} else
@@ -1533,6 +1536,9 @@ static PHP_FUNCTION(xmlwriter_open_memory)
 	intern->uri_output = NULL;
 #else
 	if (this) {
+		if (ze_obj->xmlwriter_ptr) {
+			xmlwriter_free_resource_ptr(ze_obj->xmlwriter_ptr TSRMLS_CC);
+		}
 		ze_obj->xmlwriter_ptr = intern;
 		RETURN_TRUE;
 	} else