diff --git a/CHANGES b/CHANGES
index ce3b1f4de7..fa65dff0a2 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,4 +1,36 @@
 
+2.2-91 | 2014-01-13 01:33:28 -0800
+
+  * Improve GeoIP City database support. When trying to open a city
+    database, it now considers both the "REV0" and "REV1" versions of
+    the city database instead of just the former. (Jon Siwek)
+
+  * Broxygen init fixes. Addresses BIT-1110. (Jon Siwek)
+    
+    - Don't check mtime of bro binary if BRO_DISABLE_BROXYGEN env var set.
+
+    - Fix failure to locate bro binary if invoking from a relative
+      path and '.' isn't in PATH.
+
+  * Fix for packet writing to make it use the global snap length.
+    (Seth Hall)
+
+  * Fix for traffic with TCP segmentation offloading with IP header
+    len field being set to zero. (Seth Hall)
+
+  * Canonify output of a unit test. (Jon Siwek)
+    
+  * A set of documentation updates. (Daniel Thayer)
+
+      - Fix typo in Bro 2.2 NEWS on string indexing.
+      - Fix typo in the Quick Start Guide, and clarified the
+        instructions about modifying crontab.
+      - Add/fix documentation for missing/misnamed event parameters.
+      - Fix typos in BIF documentation of hexstr_to_bytestring.
+      - Update the documentation of types and attributes.
+      - Documented the new substring extraction functionality.
+      - Clarified the description of "&priority" and "void".
+
 2.2-75 | 2013-12-18 08:36:50 -0800
 
   * Fixing segfault with mismatching set &default in record fields.
diff --git a/VERSION b/VERSION
index 9ee1a5bf6c..99a02e4a0e 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-2.2-75
+2.2-91
diff --git a/src/PktSrc.cc b/src/PktSrc.cc
index 9d6bce6fe9..941c4acd83 100644
--- a/src/PktSrc.cc
+++ b/src/PktSrc.cc
@@ -661,7 +661,7 @@ PktDumper::PktDumper(const char* arg_filename, bool arg_append)
 	if ( linktype < 0 )
 		linktype = DLT_EN10MB;
 
-	pd = pcap_open_dead(linktype, 8192);
+	pd = pcap_open_dead(linktype, snaplen);
 	if ( ! pd )
 		{
 		Error("error for pcap_open_dead");
diff --git a/src/Sessions.cc b/src/Sessions.cc
index acc306d277..7d497adf77 100644
--- a/src/Sessions.cc
+++ b/src/Sessions.cc
@@ -384,6 +384,15 @@ void NetSessions::DoNextPacket(double t, const struct pcap_pkthdr* hdr,
 	const struct ip* ip4 = ip_hdr->IP4_Hdr();
 
 	uint32 len = ip_hdr->TotalLen();
+	if ( len == 0 )
+		{
+		// TCP segmentation offloading can zero out the ip_len field.
+		Weird("ip_hdr_len_zero", hdr, pkt, encapsulation);
+
+		// Cope with the zero'd out ip_len field by using the caplen.
+		len = hdr->caplen - hdr_size;
+		}
+
 	if ( hdr->len < len + hdr_size )
 		{
 		Weird("truncated_IP", hdr, pkt, encapsulation);
diff --git a/src/bro.bif b/src/bro.bif
index d789ef9f4e..e772b6eadf 100644
--- a/src/bro.bif
+++ b/src/bro.bif
@@ -3443,9 +3443,59 @@ static GeoIP* open_geoip_db(GeoIPDBTypes type)
 	if ( GeoIP_db_avail(type) )
 		geoip = GeoIP_open_type(type, GEOIP_MEMORY_CACHE);
 
+	return geoip;
+	}
+
+static GeoIP* open_geoip_city_db()
+	{
+	GeoIP* geoip = open_geoip_db(GEOIP_CITY_EDITION_REV0);
+
 	if ( ! geoip )
-		reporter->Info("Failed to open GeoIP database: %s",
-		                  GeoIPDBFileName[type]);
+		geoip = open_geoip_db(GEOIP_CITY_EDITION_REV1);
+
+	if ( ! geoip )
+		{
+		string rev0_path = GeoIPDBFileName[GEOIP_CITY_EDITION_REV0];
+		string rev1_path = GeoIPDBFileName[GEOIP_CITY_EDITION_REV1];
+		string db_path = rev0_path;
+
+		// Maybe in the future the revisions won't share a common default path.
+		if ( rev0_path != rev1_path )
+			db_path = rev0_path + " or " + rev1_path;
+
+		reporter->Info("Failed to open GeoIP City database: %s",
+		               db_path.c_str());
+		}
+
+	return geoip;
+	}
+
+static GeoIP* open_geoip_city_db_v6()
+	{
+	GeoIP* geoip = 0;
+
+	// Both city edition revisions for IPv6 show up in libGeoIP 1.4.7.
+#ifdef HAVE_GEOIP_CITY_EDITION_REV0_V6
+	geoip = open_geoip_db(GEOIP_CITY_EDITION_REV0_V6);
+
+	if ( ! geoip )
+		geoip = open_geoip_db(GEOIP_CITY_EDITION_REV1_V6);
+
+	if ( ! geoip )
+		{
+		string rev0_path = GeoIPDBFileName[GEOIP_CITY_EDITION_REV0_V6];
+		string rev1_path = GeoIPDBFileName[GEOIP_CITY_EDITION_REV1_V6];
+		string db_path = rev0_path;
+
+		// Maybe in the future the revisions won't share a common default path.
+		if ( rev0_path != rev1_path )
+			db_path = rev0_path + " or " + rev1_path;
+
+		reporter->Info("Failed to open GeoIP Cityv6 database: %s",
+		               db_path.c_str());
+		}
+#endif
+
 	return geoip;
 	}
 
@@ -3476,31 +3526,41 @@ function lookup_location%(a: addr%) : geo_location
 	if ( ! geoip_initialized )
 		{
 		geoip_initialized = true;
-		geoip = open_geoip_db(GEOIP_CITY_EDITION_REV0);
+		geoip = open_geoip_city_db();
 
 		if ( ! geoip )
 			{
 			geoip = open_geoip_db(GEOIP_COUNTRY_EDITION);
+			string db_path = GeoIPDBFileName[GEOIP_COUNTRY_EDITION];
+
 			if ( ! geoip )
-				builtin_error("Can't initialize GeoIP City/Country database");
+				builtin_error(fmt("Failed fall back to GeoIP Country "
+				                  "database: %s",
+				                  GeoIPDBFileName[GEOIP_COUNTRY_EDITION]));
 			else
 				reporter->Info("Fell back to GeoIP Country database");
 			}
 		else
 			have_city_db = true;
 
-#ifdef HAVE_GEOIP_CITY_EDITION_REV0_V6
-		geoip_v6 = open_geoip_db(GEOIP_CITY_EDITION_REV0_V6);
+		geoip_v6 = open_geoip_city_db_v6();
+
 		if ( geoip_v6 )
 			have_cityv6_db = true;
-#endif
 
 #ifdef HAVE_GEOIP_COUNTRY_EDITION_V6
 		if ( ! geoip_v6 )
+			{
 			geoip_v6 = open_geoip_db(GEOIP_COUNTRY_EDITION_V6);
+
+			if ( ! geoip_v6 )
+				reporter->Info("Failed to open GeoIPv6 Country database: %s",
+				               GeoIPDBFileName[GEOIP_COUNTRY_EDITION_V6]);
+			}
 #endif
+
 		if ( ! geoip_v6 )
-			builtin_error("Can't initialize GeoIPv6 City/Country database");
+			builtin_error("Can't open GeoIPv6 City/Country database");
 		}
 
 #ifdef HAVE_GEOIP_COUNTRY_EDITION_V6
@@ -3592,8 +3652,10 @@ function lookup_asn%(a: addr%) : count
 		{
 		geoip_asn_initialized = true;
 		geoip_asn = open_geoip_db(GEOIP_ASNUM_EDITION);
+
 		if ( ! geoip_asn )
-			builtin_error("Can't initialize GeoIP ASNUM database");
+			builtin_error(fmt("Can't open GeoIP ASNUM database: %s",
+			                  GeoIPDBFileName[GEOIP_ASNUM_EDITION]));
 		}
 
 	if ( geoip_asn )
diff --git a/src/broxygen/Manager.cc b/src/broxygen/Manager.cc
index 405a1019f9..51985a1e5c 100644
--- a/src/broxygen/Manager.cc
+++ b/src/broxygen/Manager.cc
@@ -35,8 +35,12 @@ Manager::Manager(const string& arg_config, const string& bro_command)
 	if ( getenv("BRO_DISABLE_BROXYGEN") )
 		disabled = true;
 
-	const char* path = getenv("PATH");
-	string path_to_bro = path ? find_file(bro_command, path): "";
+	if ( disabled )
+		return;
+
+	const char* env_path = getenv("PATH");
+	string path = env_path ? string(env_path) + ":." : ".";
+	string path_to_bro = find_file(bro_command, path);
 	struct stat s;
 
 	if ( path_to_bro.empty() || stat(path_to_bro.c_str(), &s) < 0 )