diff --git a/changes/bug3898a b/changes/bug3898a
new file mode 100644
index 000000000..d40445e34
--- /dev/null
+++ b/changes/bug3898a
@@ -0,0 +1,6 @@
+  o Minor bugfixes:
+    - Correct the man page to explain that HashedControlPassword and
+      CookieAuthentication can both be set, in which case either method
+      is sufficient to authenticate to Tor. Bugfix on 0.2.0.7-alpha,
+      when we decided to allow these config options to both be set. Issue
+      raised by bug 3898.
diff --git a/changes/bug3923 b/changes/bug3923
new file mode 100644
index 000000000..9c0e13882
--- /dev/null
+++ b/changes/bug3923
@@ -0,0 +1,5 @@
+  o Major bugfies:
+    - Avoid an assertion failure when reloading a configuration with
+      TrackExitHosts changes.  Found and fixed by 'laruldan'. Fixes
+      bug 3923; bugfix on 0.2.2.25-alpha.
+
diff --git a/changes/msvc_lround b/changes/msvc_lround
new file mode 100644
index 000000000..e4aea9535
--- /dev/null
+++ b/changes/msvc_lround
@@ -0,0 +1,4 @@
+  o Build fixes:
+    - Provide a substitute implementation of lround() for MSVC, which
+      apparently lacks it.  Patch from Gisle Vanem.
+      
diff --git a/doc/tor.1.txt b/doc/tor.1.txt
index 8f80c9fde..823a6f533 100644
--- a/doc/tor.1.txt
+++ b/doc/tor.1.txt
@@ -148,10 +148,11 @@ Other options can be specified either on the command-line (--option
 **ControlPort** __PORT__|**auto**::
     If set, Tor will accept connections on this port and allow those
     connections to control the Tor process using the Tor Control Protocol
-    (described in control-spec.txt). Note: unless you also specify one of
-    **HashedControlPassword** or **CookieAuthentication**, setting this
-    option will
-    cause Tor to allow any process on the local host to control it. This
+    (described in control-spec.txt). Note: unless you also specify one or
+    more of **HashedControlPassword** or **CookieAuthentication**,
+    setting this option will cause Tor to allow any process on the local
+    host to control it. (Setting both authentication methods means either
+    method is sufficient to authenticate to Tor.) This
     option is required for many Tor controllers; most use the value of 9051.
     Set it to "auto" to have Tor pick a port for you. (Default: 0).
 
@@ -173,15 +174,15 @@ Other options can be specified either on the command-line (--option
     the control socket readable and writable by the default GID. (Default: 0)
 
 **HashedControlPassword** __hashed_password__::
-    Don't allow any connections on the control port except when the other
-    process knows the password whose one-way hash is __hashed_password__. You
+    Allow connections on the control port if they present
+    the password whose one-way hash is __hashed_password__. You
     can compute the hash of a password by running "tor --hash-password
     __password__". You can provide several acceptable passwords by using more
     than one HashedControlPassword line.
 
 **CookieAuthentication** **0**|**1**::
-    If this option is set to 1, don't allow any connections on the control port
-    except when the connecting process knows the contents of a file named
+    If this option is set to 1, allow connections on the control port
+    when the connecting process knows the contents of a file named
     "control_auth_cookie", which Tor will create in its data directory. This
     authentication method should only be used on systems with good filesystem
     security. (Default: 0)
@@ -1339,7 +1340,7 @@ The following options are used to configure a hidden service.
 **HiddenServiceDir** __DIRECTORY__::
     Store data files for a hidden service in DIRECTORY. Every hidden service
     must have a separate directory. You may use this option  multiple times to
-    specify multiple services.
+    specify multiple services. DIRECTORY must be an existing directory.
 
 **HiddenServicePort** __VIRTPORT__ [__TARGET__]::
     Configure a virtual port VIRTPORT for a hidden service. You may use this
diff --git a/src/common/util.c b/src/common/util.c
index b47b9c5fa..ee0acbbb0 100644
--- a/src/common/util.c
+++ b/src/common/util.c
@@ -334,7 +334,11 @@ tor_mathlog(double d)
 long
 tor_lround(double d)
 {
+#ifdef _MSC_VER
+  return (long)(d > 0 ? d + 0.5 : ceil(d - 0.5));
+#else
   return lround(d);
+#endif
 }
 
 /** Returns floor(log2(u64)).  If u64 is 0, (incorrectly) returns 0. */
diff --git a/src/or/connection_edge.c b/src/or/connection_edge.c
index d4d7e1c73..8609b023d 100644
--- a/src/or/connection_edge.c
+++ b/src/or/connection_edge.c
@@ -842,12 +842,10 @@ addressmap_clear_excluded_trackexithosts(or_options_t *options)
     if (len < 6)
       continue; /* malformed. */
     dot = target + len - 6; /* dot now points to just before .exit */
-    dot = strrchr(dot, '.'); /* dot now points to the . before .exit or NULL */
-    if (!dot) {
-      nodename = tor_strndup(target, len-5);
-    } else {
-      nodename = tor_strndup(dot+1, strlen(dot+1)-5);
-    }
+    while(dot > target && *dot != '.')
+	dot--;
+    if (*dot == '.') dot++;
+    nodename = tor_strndup(dot, len-5-(dot-target));;
     ri = router_get_by_nickname(nodename, 0);
     tor_free(nodename);
     if (!ri ||