Use a 4n indent for code blocks instead of the default 6n.

docs/cvtsudoers.man.in

@@ -16,7 +16,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.TH "CVTSUDOERS" "1" "January 19, 2022" "Sudo @PACKAGE_VERSION@" "General Commands Manual"
+.TH "CVTSUDOERS" "1" "February 10, 2022" "Sudo @PACKAGE_VERSION@" "General Commands Manual"
 .nh
 .if n .ad l
 .SH "NAME"
@@ -537,7 +537,7 @@ of my-domain,dc=com, storing the result in
 \fIsudoers.ldif\fR:
 .nf
 .sp
-.RS 6n
+.RS 4n
 $ cvtsudoers -b ou=SUDOers,dc=my-domain,dc=com -o sudoers.ldif \e
              /etc/sudoers
 .RE
@@ -549,7 +549,7 @@ to JSON format, storing the result in
 \fIsudoers.json\fR:
 .nf
 .sp
-.RS 6n
+.RS 4n
 $ cvtsudoers -f json -o sudoers.json /etc/sudoers
 .RE
 .fi
@@ -562,7 +562,7 @@ on host
 \fIhastur\fR:
 .nf
 .sp
-.RS 6n
+.RS 4n
 $ cvtsudoers -f sudoers -m user=ambrose,host=hastur /etc/sudoers
 .RE
 .fi
@@ -571,7 +571,7 @@ Same as above, but expand aliases and prune out any non-matching
 users and hosts from the expanded entries.
 .nf
 .sp
-.RS 6n
+.RS 4n
 $ cvtsudoers -ep -f sudoers -m user=ambrose,host=hastur /etc/sudoers
 .RE
 .fi
@@ -583,7 +583,7 @@ from LDIF to traditional
 format:
 .nf
 .sp
-.RS 6n
+.RS 4n
 $ cvtsudoers -i ldif -f sudoers -o sudoers.new sudoers.ldif
 .RE
 .fi
@@ -596,7 +596,7 @@ and
 \(lqplugh\(rq:
 .nf
 .sp
-.RS 6n
+.RS 4n
 $ cvtsudoers -f sudoers -o sudoers.merged sudoers \e
     xyzzy:sudoers.xyzzy plugh:sudoers.plugh
 .RE

docs/cvtsudoers.mdoc.in

@@ -15,7 +15,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd January 19, 2022
+.Dd February 10, 2022
 .Dt CVTSUDOERS 1
 .Os Sudo @PACKAGE_VERSION@
 .Sh NAME
@@ -468,7 +468,7 @@ file uses a
 .Em sudoers_base
 of my-domain,dc=com, storing the result in
 .Pa sudoers.ldif :
-.Bd -literal -offset indent
+.Bd -literal -offset 4n
 $ cvtsudoers -b ou=SUDOers,dc=my-domain,dc=com -o sudoers.ldif \e
              /etc/sudoers
 .Ed
@@ -477,7 +477,7 @@ Convert
 .Pa /etc/sudoers
 to JSON format, storing the result in
 .Pa sudoers.json :
-.Bd -literal -offset indent
+.Bd -literal -offset 4n
 $ cvtsudoers -f json -o sudoers.json /etc/sudoers
 .Ed
 .Pp
@@ -487,13 +487,13 @@ and display only rules that match user
 .Em ambrose
 on host
 .Em hastur :
-.Bd -literal -offset indent
+.Bd -literal -offset 4n
 $ cvtsudoers -f sudoers -m user=ambrose,host=hastur /etc/sudoers
 .Ed
 .Pp
 Same as above, but expand aliases and prune out any non-matching
 users and hosts from the expanded entries.
-.Bd -literal -offset indent
+.Bd -literal -offset 4n
 $ cvtsudoers -ep -f sudoers -m user=ambrose,host=hastur /etc/sudoers
 .Ed
 .Pp
@@ -502,7 +502,7 @@ Convert
 from LDIF to traditional
 .Em sudoers
 format:
-.Bd -literal -offset indent
+.Bd -literal -offset 4n
 $ cvtsudoers -i ldif -f sudoers -o sudoers.new sudoers.ldif
 .Ed
 .Pp
@@ -512,7 +512,7 @@ file with two host-specific policy files from the hosts
 .Dq xyzzy
 and
 .Dq plugh :
-.Bd -literal -offset indent
+.Bd -literal -offset 4n
 $ cvtsudoers -f sudoers -o sudoers.merged sudoers \e
     xyzzy:sudoers.xyzzy plugh:sudoers.plugh
 .Ed

docs/sudo.conf.man.in

@@ -17,7 +17,7 @@
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
 .nr SL @SEMAN@
-.TH "SUDO.CONF" "@mansectform@" "January 20, 2022" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
+.TH "SUDO.CONF" "@mansectform@" "February 10, 2022" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
 .nh
 .if n .ad l
 .SH "NAME"
@@ -126,7 +126,7 @@ setting, which defaults to
 In other words:
 .nf
 .sp
-.RS 6n
+.RS 4n
 Plugin sudoers_policy sudoers.so
 .RE
 .fi
@@ -134,7 +134,7 @@ Plugin sudoers_policy sudoers.so
 is equivalent to:
 .nf
 .sp
-.RS 6n
+.RS 4n
 Plugin sudoers_policy @plugindir@/sudoers.so
 .RE
 .fi
@@ -148,7 +148,7 @@ as it does not actually exist in the file system.
 For example:
 .nf
 .sp
-.RS 6n
+.RS 4n
 Plugin sudoers_policy sudoers.so
 .RE
 .fi
@@ -163,7 +163,7 @@ function.
 For example, to override the compile-time default sudoers file mode:
 .nf
 .sp
-.RS 6n
+.RS 4n
 Plugin sudoers_policy sudoers.so sudoers_mode=0440
 .RE
 .fi
@@ -190,7 +190,7 @@ plugin will be used as the default security policy, for I/O logging
 This is equivalent to the following:
 .nf
 .sp
-.RS 6n
+.RS 4n
 Plugin sudoers_policy sudoers.so
 Plugin sudoers_io sudoers.so
 Plugin sudoers_audit sudoers.so
@@ -228,7 +228,7 @@ keyword, followed by the name of the path to set and its value.
 For example:
 .nf
 .sp
-.RS 6n
+.RS 4n
 Path intercept @intercept_file@
 Path noexec @noexec_file@
 Path askpass /usr/X11R6/bin/ssh-askpass
@@ -373,7 +373,7 @@ to false in
 as follows:
 .nf
 .sp
-.RS 16n
+.RS 14n
 Set disable_coredump false
 .RE
 .fi
@@ -416,7 +416,7 @@ option to true in
 as follows:
 .nf
 .sp
-.RS 16n
+.RS 14n
 Set developer_mode true
 .RE
 .fi
@@ -510,7 +510,7 @@ For example, to cause
 to only use the kernel's static list of groups for the user:
 .nf
 .sp
-.RS 16n
+.RS 14n
 Set group_source static
 .RE
 .fi
@@ -551,7 +551,7 @@ If IP-based matching is not required, network interface probing
 can be disabled as follows:
 .nf
 .sp
-.RS 16n
+.RS 14n
 Set probe_interfaces false
 .RE
 .fi
@@ -587,7 +587,7 @@ as it does not include a comma
 Examples:
 .nf
 .sp
-.RS 6n
+.RS 4n
 Debug sudo /var/log/sudo_debug all@warn,plugin@info
 .RE
 .fi
@@ -599,7 +599,7 @@ level and higher in addition to those at the
 level for the plugin subsystem.
 .nf
 .sp
-.RS 6n
+.RS 4n
 Debug sudo_intercept.so /var/log/intercept_debug all@debug
 .RE
 .fi
@@ -659,7 +659,7 @@ For example, the following trace is for the
 function located in src/sudo.c:
 .nf
 .sp
-.RS 6n
+.RS 4n
 sudo[123] -> get_user_groups @ src/sudo.c:385
 sudo[123] <- get_user_groups @ src/sudo.c:429 := groups=10,0,5
 .RE

docs/sudo.conf.mdoc.in

@@ -16,7 +16,7 @@
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
 .nr SL @SEMAN@
-.Dd January 20, 2022
+.Dd February 10, 2022
 .Dt SUDO.CONF @mansectform@
 .Os Sudo @PACKAGE_VERSION@
 .Sh NAME
@@ -121,12 +121,12 @@ specified by the
 setting, which defaults to
 .Pa @plugindir@ .
 In other words:
-.Bd -literal -offset indent
+.Bd -literal -offset 4n
 Plugin sudoers_policy sudoers.so
 .Ed
 .Pp
 is equivalent to:
-.Bd -literal -offset indent
+.Bd -literal -offset 4n
 Plugin sudoers_policy @plugindir@/sudoers.so
 .Ed
 .Pp
@@ -137,7 +137,7 @@ binary instead of being installed as a dynamic shared object, the
 should be specified without a leading directory,
 as it does not actually exist in the file system.
 For example:
-.Bd -literal -offset indent
+.Bd -literal -offset 4n
 Plugin sudoers_policy sudoers.so
 .Ed
 .Pp
@@ -149,7 +149,7 @@ are passed as arguments to the plugin's
 .Em open
 function.
 For example, to override the compile-time default sudoers file mode:
-.Bd -literal -offset indent
+.Bd -literal -offset 4n
 Plugin sudoers_policy sudoers.so sudoers_mode=0440
 .Ed
 .Pp
@@ -173,7 +173,7 @@ lines, the
 plugin will be used as the default security policy, for I/O logging
 (if enabled by the policy), and for auditing.
 This is equivalent to the following:
-.Bd -literal -offset indent
+.Bd -literal -offset 4n
 Plugin sudoers_policy sudoers.so
 Plugin sudoers_io sudoers.so
 Plugin sudoers_audit sudoers.so
@@ -208,7 +208,7 @@ line consists of the
 .Li Path
 keyword, followed by the name of the path to set and its value.
 For example:
-.Bd -literal -offset indent
+.Bd -literal -offset 4n
 Path intercept @intercept_file@
 Path noexec @noexec_file@
 Path askpass /usr/X11R6/bin/ssh-askpass
@@ -344,7 +344,7 @@ crashes, you may wish to re-enable core dumps by setting
 to false in
 .Nm
 as follows:
-.Bd -literal -offset indent
+.Bd -literal -offset 4n
 Set disable_coredump false
 .Ed
 .Pp
@@ -384,7 +384,7 @@ To make development of a plugin easier, you can disable that by setting
 option to true in
 .Nm sudo.conf
 as follows:
-.Bd -literal -offset indent
+.Bd -literal -offset 4n
 Set developer_mode true
 .Ed
 .Pp
@@ -468,7 +468,7 @@ This is the default behavior on systems other than macOS in
 For example, to cause
 .Nm sudo
 to only use the kernel's static list of groups for the user:
-.Bd -literal -offset indent
+.Bd -literal -offset 4n
 Set group_source static
 .Ed
 .Pp
@@ -503,7 +503,7 @@ On Linux systems with a large number of virtual interfaces, this may
 take a non-negligible amount of time.
 If IP-based matching is not required, network interface probing
 can be disabled as follows:
-.Bd -literal -offset indent
+.Bd -literal -offset 4n
 Set probe_interfaces false
 .Ed
 .Pp
@@ -535,7 +535,7 @@ as it does not include a comma
 .Pq Ql \&, .
 .Pp
 Examples:
-.Bd -literal -offset indent
+.Bd -literal -offset 4n
 Debug sudo /var/log/sudo_debug all@warn,plugin@info
 .Ed
 .Pp
@@ -544,7 +544,7 @@ would log all debugging statements at the
 level and higher in addition to those at the
 .Em info
 level for the plugin subsystem.
-.Bd -literal -offset indent
+.Bd -literal -offset 4n
 Debug sudo_intercept.so /var/log/intercept_debug all@debug
 .Ed
 .Pp
@@ -601,7 +601,7 @@ entered and when it returns.
 For example, the following trace is for the
 .Fn get_user_groups
 function located in src/sudo.c:
-.Bd -literal -offset indent
+.Bd -literal -offset 4n
 sudo[123] -> get_user_groups @ src/sudo.c:385
 sudo[123] <- get_user_groups @ src/sudo.c:429 := groups=10,0,5
 .Ed

docs/sudo.man.in

@@ -25,7 +25,7 @@
 .nr BA @BAMAN@
 .nr LC @LCMAN@
 .nr PS @PSMAN@
-.TH "SUDO" "@mansectsu@" "January 19, 2022" "Sudo @PACKAGE_VERSION@" "System Manager's Manual"
+.TH "SUDO" "@mansectsu@" "February 10, 2022" "Sudo @PACKAGE_VERSION@" "System Manager's Manual"
 .nh
 .if n .ad l
 .SH "NAME"
@@ -1103,7 +1103,7 @@ sudo.conf(@mansectform@)
 file as follows:
 .nf
 .sp
-.RS 6n
+.RS 4n
 Set disable_coredump false
 .RE
 .fi
@@ -1248,7 +1248,7 @@ policy.
 To get a file listing of an unreadable directory:
 .nf
 .sp
-.RS 6n
+.RS 4n
 $ sudo ls /usr/local/protected
 .RE
 .fi
@@ -1257,7 +1257,7 @@ To list the home directory of user yaz on a machine where the file
 system holding ~yaz is not exported as root:
 .nf
 .sp
-.RS 6n
+.RS 4n
 $ sudo -u yaz ls ~yaz
 .RE
 .fi
@@ -1267,7 +1267,7 @@ To edit the
 file as user www:
 .nf
 .sp
-.RS 6n
+.RS 4n
 $ sudoedit -u www ~www/htdocs/index.html
 .RE
 .fi
@@ -1276,7 +1276,7 @@ To view system logs only accessible to root and users in the adm
 group:
 .nf
 .sp
-.RS 6n
+.RS 4n
 $ sudo -g adm more /var/log/syslog
 .RE
 .fi
@@ -1284,7 +1284,7 @@ $ sudo -g adm more /var/log/syslog
 To run an editor as jim with a different primary group:
 .nf
 .sp
-.RS 6n
+.RS 4n
 $ sudoedit -u jim -g audio ~jim/sound.txt
 .RE
 .fi
@@ -1292,7 +1292,7 @@ $ sudoedit -u jim -g audio ~jim/sound.txt
 To shut down a machine:
 .nf
 .sp
-.RS 6n
+.RS 4n
 $ sudo shutdown -r +15 "quick reboot"
 .RE
 .fi
@@ -1303,7 +1303,7 @@ Note that this runs the commands in a sub-shell to make the
 and file redirection work.
 .nf
 .sp
-.RS 6n
+.RS 4n
 $ sudo sh -c "cd /home ; du -s * | sort -rn > USAGE"
 .RE
 .fi
@@ -1488,7 +1488,7 @@ It is not meaningful to run the
 command directly via sudo, e.g.,
 .nf
 .sp
-.RS 6n
+.RS 4n
 $ sudo cd /usr/local/protected
 .RE
 .fi

docs/sudo.mdoc.in

@@ -24,7 +24,7 @@
 .nr BA @BAMAN@
 .nr LC @LCMAN@
 .nr PS @PSMAN@
-.Dd January 19, 2022
+.Dd February 10, 2022
 .Dt SUDO @mansectsu@
 .Os Sudo @PACKAGE_VERSION@
 .Sh NAME
@@ -1042,7 +1042,7 @@ crashes, you may wish to re-enable core dumps by setting
 to false in the
 .Xr sudo.conf @mansectform@
 file as follows:
-.Bd -literal -offset indent
+.Bd -literal -offset 4n
 Set disable_coredump false
 .Ed
 .Pp
@@ -1171,36 +1171,36 @@ Note: the following examples assume a properly configured security
 policy.
 .Pp
 To get a file listing of an unreadable directory:
-.Bd -literal -offset indent
+.Bd -literal -offset 4n
 $ sudo ls /usr/local/protected
 .Ed
 .Pp
 To list the home directory of user yaz on a machine where the file
 system holding ~yaz is not exported as root:
-.Bd -literal -offset indent
+.Bd -literal -offset 4n
 $ sudo -u yaz ls ~yaz
 .Ed
 .Pp
 To edit the
 .Pa index.html
 file as user www:
-.Bd -literal -offset indent
+.Bd -literal -offset 4n
 $ sudoedit -u www ~www/htdocs/index.html
 .Ed
 .Pp
 To view system logs only accessible to root and users in the adm
 group:
-.Bd -literal -offset indent
+.Bd -literal -offset 4n
 $ sudo -g adm more /var/log/syslog
 .Ed
 .Pp
 To run an editor as jim with a different primary group:
-.Bd -literal -offset indent
+.Bd -literal -offset 4n
 $ sudoedit -u jim -g audio ~jim/sound.txt
 .Ed
 .Pp
 To shut down a machine:
-.Bd -literal -offset indent
+.Bd -literal -offset 4n
 $ sudo shutdown -r +15 "quick reboot"
 .Ed
 .Pp
@@ -1208,7 +1208,7 @@ To make a usage listing of the directories in the /home partition.
 Note that this runs the commands in a sub-shell to make the
 .Li cd
 and file redirection work.
-.Bd -literal -offset indent
+.Bd -literal -offset 4n
 $ sudo sh -c "cd /home ; du -s * | sort -rn > USAGE"
 .Ed
 .Sh DIAGNOSTICS
@@ -1376,7 +1376,7 @@ functionality.
 It is not meaningful to run the
 .Li cd
 command directly via sudo, e.g.,
-.Bd -literal -offset indent
+.Bd -literal -offset 4n
 $ sudo cd /usr/local/protected
 .Ed
 .Pp

docs/sudo_logsrvd.man.in

@@ -2,7 +2,7 @@
 .\"
 .\" SPDX-License-Identifier: ISC
 .\"
-.\" Copyright (c) 2019-2021 Todd C. Miller <Todd.Miller@sudo.ws>
+.\" Copyright (c) 2019-2022 Todd C. Miller <Todd.Miller@sudo.ws>
 .\"
 .\" Permission to use, copy, modify, and distribute this software for any
 .\" purpose with or without fee is hereby granted, provided that the above
@@ -16,7 +16,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.TH "SUDO_LOGSRVD" "@mansectsu@" "September 17, 2021" "Sudo @PACKAGE_VERSION@" "System Manager's Manual"
+.TH "SUDO_LOGSRVD" "@mansectsu@" "February 10, 2022" "Sudo @PACKAGE_VERSION@" "System Manager's Manual"
 .nh
 .if n .ad l
 .SH "NAME"
@@ -171,7 +171,7 @@ We'll create a new directory hierarchy in
 for this purpose.
 .nf
 .sp
-.RS 6n
+.RS 4n
 # mkdir /etc/ssl/sudo
 # cd /etc/ssl/sudo
 # mkdir certs csr newcerts private
@@ -192,7 +192,7 @@ You will need to adjust the example below if it has a different location on
 your system.
 .nf
 .sp
-.RS 6n
+.RS 4n
 # cp /etc/ssl/openssl.cnf .
 .RE
 .fi
@@ -207,7 +207,7 @@ sections.
 Those sections should include the following settings:
 .nf
 .sp
-.RS 6n
+.RS 4n
 [ ca ]
 default_ca      = CA_default
 
@@ -233,7 +233,7 @@ a private key and a certificate for the root of the CA.
 First, create the private key and protect it with a pass phrase:
 .nf
 .sp
-.RS 6n
+.RS 4n
 # openssl genrsa -aes256 -out private/cakey.pem 4096
 # chmod 400 private/cakey.pem
 .RE
@@ -243,7 +243,7 @@ Next, generate the root certificate, using appropriate values for
 the site-specific fields:
 .nf
 .sp
-.RS 6n
+.RS 4n
 # openssl req -config openssl.cnf -key private/cakey.pem \e
     -new -x509 -days 7300 -sha256 -extensions v3_ca \e
     -out cacert.pem
@@ -272,7 +272,7 @@ Email Address []:
 Finally, verify the root certificate:
 .nf
 .sp
-.RS 6n
+.RS 4n
 # openssl x509 -noout -text -in cacert.pem
 .RE
 .fi
@@ -290,7 +290,7 @@ CSRs with the root CA.
 First, generate the private key without a pass phrase.
 .nf
 .sp
-.RS 6n
+.RS 4n
 # openssl genrsa -out private/logsrvd_key.pem 2048
 # chmod 400 private/logsrvd_key.pem
 .RE
@@ -302,7 +302,7 @@ The common name should be either the server's IP address or a fully
 qualified domain name.
 .nf
 .sp
-.RS 6n
+.RS 4n
 # openssl req -config openssl.cnf -key private/logsrvd_key.pem -new \e
     -sha256 -out csr/logsrvd_csr.pem
 
@@ -333,7 +333,7 @@ An optional company name []:
 Now sign the CSR that was just created:
 .nf
 .sp
-.RS 6n
+.RS 4n
 # openssl ca -config openssl.cnf -days 375 -notext -md sha256 \e
     -in csr/logsrvd_csr.pem -out certs/logsrvd_cert.pem
 
@@ -374,7 +374,7 @@ Data Base Updated
 Finally, verify the new certificate:
 .nf
 .sp
-.RS 6n
+.RS 4n
 # openssl verify -CAfile cacert.pem certs/logsrvd_cert.pem
 certs/logsrvd_cert.pem: OK
 .RE
@@ -399,7 +399,7 @@ for TLS requires the following settings, assuming the same path
 names used earlier:
 .nf
 .sp
-.RS 6n
+.RS 4n
 # Listen on port 30344 for TLS connections to any address.
 listen_address = *:30344(tls)
 

docs/sudo_logsrvd.mdoc.in

@@ -1,7 +1,7 @@
 .\"
 .\" SPDX-License-Identifier: ISC
 .\"
-.\" Copyright (c) 2019-2021 Todd C. Miller <Todd.Miller@sudo.ws>
+.\" Copyright (c) 2019-2022 Todd C. Miller <Todd.Miller@sudo.ws>
 .\"
 .\" Permission to use, copy, modify, and distribute this software for any
 .\" purpose with or without fee is hereby granted, provided that the above
@@ -15,7 +15,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd September 17, 2021
+.Dd February 10, 2022
 .Dt SUDO_LOGSRVD @mansectsu@
 .Os Sudo @PACKAGE_VERSION@
 .Sh NAME
@@ -159,7 +159,7 @@ files for the CA.
 We'll create a new directory hierarchy in
 .Pa /etc/ssl/sudo
 for this purpose.
-.Bd -literal -offset indent
+.Bd -literal -offset 4n
 # mkdir /etc/ssl/sudo
 # cd /etc/ssl/sudo
 # mkdir certs csr newcerts private
@@ -177,7 +177,7 @@ The path to openssl.cnf is system-dependent but
 is the most common location.
 You will need to adjust the example below if it has a different location on
 your system.
-.Bd -literal -offset indent
+.Bd -literal -offset 4n
 # cp /etc/ssl/openssl.cnf .
 .Ed
 .Pp
@@ -189,7 +189,7 @@ and
 .Dq CA_default
 sections.
 Those sections should include the following settings:
-.Bd -literal -offset indent
+.Bd -literal -offset 4n
 [ ca ]
 default_ca      = CA_default
 
@@ -212,14 +212,14 @@ setting.
 In order to create and sign our own certificates, we need to create
 a private key and a certificate for the root of the CA.
 First, create the private key and protect it with a pass phrase:
-.Bd -literal -offset indent
+.Bd -literal -offset 4n
 # openssl genrsa -aes256 -out private/cakey.pem 4096
 # chmod 400 private/cakey.pem
 .Ed
 .Pp
 Next, generate the root certificate, using appropriate values for
 the site-specific fields:
-.Bd -literal -offset indent
+.Bd -literal -offset 4n
 # openssl req -config openssl.cnf -key private/cakey.pem \e
     -new -x509 -days 7300 -sha256 -extensions v3_ca \e
     -out cacert.pem
@@ -245,7 +245,7 @@ Email Address []:
 .Ed
 .Pp
 Finally, verify the root certificate:
-.Bd -literal -offset indent
+.Bd -literal -offset 4n
 # openssl x509 -noout -text -in cacert.pem
 .Ed
 .Ss Creating and signing certificates
@@ -260,7 +260,7 @@ In this example we'll skip this part for simplicity's sake and sign the
 CSRs with the root CA.
 .Pp
 First, generate the private key without a pass phrase.
-.Bd -literal -offset indent
+.Bd -literal -offset 4n
 # openssl genrsa -out private/logsrvd_key.pem 2048
 # chmod 400 private/logsrvd_key.pem
 .Ed
@@ -269,7 +269,7 @@ Next, create a certificate signing request (CSR) for the server's certificate.
 The organization name must match the name given in the root certificate.
 The common name should be either the server's IP address or a fully
 qualified domain name.
-.Bd -literal -offset indent
+.Bd -literal -offset 4n
 # openssl req -config openssl.cnf -key private/logsrvd_key.pem -new \e
     -sha256 -out csr/logsrvd_csr.pem
 
@@ -297,7 +297,7 @@ An optional company name []:
 .Ed
 .Pp
 Now sign the CSR that was just created:
-.Bd -literal -offset indent
+.Bd -literal -offset 4n
 # openssl ca -config openssl.cnf -days 375 -notext -md sha256 \e
     -in csr/logsrvd_csr.pem -out certs/logsrvd_cert.pem
 
@@ -335,7 +335,7 @@ Data Base Updated
 .Ed
 .Pp
 Finally, verify the new certificate:
-.Bd -literal -offset indent
+.Bd -literal -offset 4n
 # openssl verify -CAfile cacert.pem certs/logsrvd_cert.pem
 certs/logsrvd_cert.pem: OK
 .Ed
@@ -357,7 +357,7 @@ Configuring
 .Nm
 for TLS requires the following settings, assuming the same path
 names used earlier:
-.Bd -literal -offset indent
+.Bd -literal -offset 4n
 # Listen on port 30344 for TLS connections to any address.
 listen_address = *:30344(tls)
 

docs/sudo_plugin_python.man.in

@@ -17,7 +17,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.TH "SUDO_PLUGIN_PYTHON" "5" "January 20, 2022" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
+.TH "SUDO_PLUGIN_PYTHON" "5" "February 10, 2022" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
 .nh
 .if n .ad l
 .SH "NAME"
@@ -74,7 +74,7 @@ constructor yourself.
 For example:
 .nf
 .sp
-.RS 6n
+.RS 4n
 import sudo
 
 class MySudoPlugin(sudo.Plugin):
@@ -137,7 +137,7 @@ result code the plugin can also provide a message describing the problem.
 This can be done by raising one of the special exceptions:
 .nf
 .sp
-.RS 6n
+.RS 4n
 raise sudo.PluginError("Message")
 raise sudo.PluginReject("Message")
 .RE
@@ -161,7 +161,7 @@ Example usage in
 sudo.conf(@mansectform@):
 .nf
 .sp
-.RS 6n
+.RS 4n
 Plugin python_policy python_plugin.so ModulePath=<path> ClassName=<class>
 Plugin python_io python_plugin.so ModulePath=<path> ClassName=<class>
 Plugin python_audit python_plugin.so ModulePath=<path> ClassName=<class>
@@ -174,7 +174,7 @@ Example group provider plugin usage in the
 file:
 .nf
 .sp
-.RS 6n
+.RS 4n
 Defaults group_plugin="python_plugin.so ModulePath=<path> ClassName=<class>"
 .RE
 .fi
@@ -198,7 +198,7 @@ sudo.conf(@mansectform@).
 For example:
 .nf
 .sp
-.RS 6n
+.RS 4n
 Plugin python_policy python_plugin.so ModulePath=<path> ClassName=<class>
 .RE
 .fi
@@ -300,7 +300,7 @@ convenience function can be used to convert them to a dictionary.
 This function should return a result code or a tuple in the following format:
 .nf
 .sp
-.RS 12n
+.RS 10n
 return (rc, command_info_out, argv_out, user_env_out)
 .RE
 .fi
@@ -567,7 +567,7 @@ sudo.conf(@mansectform@).
 For example:
 .nf
 .sp
-.RS 6n
+.RS 4n
 Plugin python_io python_plugin.so ModulePath=<path> ClassName=<class>
 .RE
 .fi
@@ -843,7 +843,7 @@ To try it, register it by adding the following lines to
 \fI@sysconfdir@/sudo.conf\fR:
 .nf
 .sp
-.RS 6n
+.RS 4n
 Plugin python_io python_plugin.so \e
     ModulePath=@prefix@/share/doc/sudo/examples/example_io_plugin.py \e
     ClassName=SudoIOPlugin
@@ -855,7 +855,7 @@ sudo.conf(@mansectform@).
 For example:
 .nf
 .sp
-.RS 6n
+.RS 4n
 Plugin python_audit python_plugin.so ModulePath=<path> ClassName=<class>
 .RE
 .fi
@@ -1159,7 +1159,7 @@ To try it, register it by adding the following lines to
 \fI@sysconfdir@/sudo.conf\fR:
 .nf
 .sp
-.RS 6n
+.RS 4n
 Plugin python_audit python_plugin.so \e
     ModulePath=@prefix@/share/doc/sudo/examples/example_audit_plugin.py \e
     ClassName=SudoAuditPlugin
@@ -1173,7 +1173,7 @@ sudo.conf(@mansectform@).
 For example:
 .nf
 .sp
-.RS 6n
+.RS 4n
 Plugin python_approval python_plugin.so ModulePath=<path> ClassName=<class>
 .RE
 .fi
@@ -1269,7 +1269,7 @@ It can reject execution of the command by returning sudo.RC.REJECT or
 raising the special exception:
 .nf
 .sp
-.RS 12n
+.RS 10n
 raise sudo.PluginReject("some message")
 .RE
 .fi
@@ -1300,7 +1300,7 @@ To try it, register it by adding the following lines to
 \fI@sysconfdir@/sudo.conf\fR:
 .nf
 .sp
-.RS 6n
+.RS 4n
 Plugin python_approval python_plugin.so \e
     ModulePath=@prefix@/share/doc/sudo/examples/example_approval_plugin.py \e
     ClassName=BusinessHoursApprovalPlugin
@@ -1316,7 +1316,7 @@ file.
 For example:
 .nf
 .sp
-.RS 6n
+.RS 4n
 Defaults group_plugin="python_plugin.so ModulePath=<path> ClassName=<class>"
 .RE
 .fi
@@ -1397,7 +1397,7 @@ To try it, register it in the
 file by adding the following lines:
 .nf
 .sp
-.RS 6n
+.RS 4n
 Defaults group_plugin="python_plugin.so \e
     ModulePath=@prefix@/share/doc/sudo/examples/example_group_plugin.py \e
     ClassName=SudoGroupPlugin"
@@ -1416,7 +1416,7 @@ user.
 For example:
 .nf
 .sp
-.RS 6n
+.RS 4n
 %:mygroup ALL=(ALL) NOPASSWD: ALL
 .RE
 .fi
@@ -1556,7 +1556,7 @@ To try it, register it by adding the following lines to
 \fI@sysconfdir@/sudo.conf\fR:
 .nf
 .sp
-.RS 6n
+.RS 4n
 Plugin python_io python_plugin.so \e
     ModulePath=@prefix@/share/doc/sudo/examples/example_conversation.py \e
     ClassName=ReasonLoggerIOPlugin
@@ -1617,7 +1617,7 @@ For example, to store debug output in
 use a line like the following:
 .nf
 .sp
-.RS 6n
+.RS 4n
 Debug python_plugin.so /var/log/sudo_python_debug \e
     plugin@trace,c_calls@trace
 .RE
@@ -1632,7 +1632,7 @@ For example to just see the debug output of
 calls, use:
 .nf
 .sp
-.RS 6n
+.RS 4n
 Debug python_plugin.so /var/log/sudo_python_debug plugin@trace
 .RE
 .fi
@@ -1735,7 +1735,7 @@ To try it, register it by adding the following lines to
 \fI@sysconfdir@/sudo.conf\fR:
 .nf
 .sp
-.RS 6n
+.RS 4n
 Plugin python_io python_plugin.so \e
     ModulePath=@prefix@/share/doc/sudo/examples/example_debugging.py \e
     ClassName=DebugDemoPlugin

docs/sudo_plugin_python.mdoc.in

@@ -16,7 +16,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd January 20, 2022
+.Dd February 10, 2022
 .Dt SUDO_PLUGIN_PYTHON @mansectform@
 .Os Sudo @PACKAGE_VERSION@
 .Sh NAME
@@ -64,7 +64,7 @@ This is intended as a convenience to allow you to avoid writing the
 constructor yourself.
 .Pp
 For example:
-.Bd -literal -offset indent
+.Bd -literal -offset 4n
 import sudo
 
 class MySudoPlugin(sudo.Plugin):
@@ -115,7 +115,7 @@ or
 .Dv sudo.RC.REJECT
 result code the plugin can also provide a message describing the problem.
 This can be done by raising one of the special exceptions:
-.Bd -literal -offset indent
+.Bd -literal -offset 4n
 raise sudo.PluginError("Message")
 raise sudo.PluginReject("Message")
 .Ed
@@ -136,7 +136,7 @@ plugin it is loading as arguments.
 .Pp
 Example usage in
 .Xr sudo.conf @mansectform@ :
-.Bd -literal -offset indent
+.Bd -literal -offset 4n
 Plugin python_policy python_plugin.so ModulePath=<path> ClassName=<class>
 Plugin python_io python_plugin.so ModulePath=<path> ClassName=<class>
 Plugin python_audit python_plugin.so ModulePath=<path> ClassName=<class>
@@ -146,7 +146,7 @@ Plugin python_approval python_plugin.so ModulePath=<path> ClassName=<class>
 Example group provider plugin usage in the
 .Em sudoers
 file:
-.Bd -literal -offset indent
+.Bd -literal -offset 4n
 Defaults group_plugin="python_plugin.so ModulePath=<path> ClassName=<class>"
 .Ed
 .Pp
@@ -167,7 +167,7 @@ will result in an error.
 Policy plugins must be registered in
 .Xr sudo.conf @mansectform@ .
 For example:
-.Bd -literal -offset indent
+.Bd -literal -offset 4n
 Plugin python_policy python_plugin.so ModulePath=<path> ClassName=<class>
 .Ed
 .Pp
@@ -255,7 +255,7 @@ convenience function can be used to convert them to a dictionary.
 .El
 .Pp
 This function should return a result code or a tuple in the following format:
-.Bd -literal -offset indent
+.Bd -literal -offset 4n
 return (rc, command_info_out, argv_out, user_env_out)
 .Ed
 .Pp
@@ -460,7 +460,7 @@ in addition to another policy plugin, such as
 I/O plugins must be registered in
 .Xr sudo.conf @mansectform@ .
 For example:
-.Bd -literal -offset indent
+.Bd -literal -offset 4n
 Plugin python_io python_plugin.so ModulePath=<path> ClassName=<class>
 .Ed
 .Pp
@@ -681,7 +681,7 @@ system call, otherwise 0.
 Sudo ships a Python I/O plugin example.
 To try it, register it by adding the following lines to
 .Pa @sysconfdir@/sudo.conf :
-.Bd -literal -offset indent
+.Bd -literal -offset 4n
 Plugin python_io python_plugin.so \e
     ModulePath=@prefix@/share/doc/sudo/examples/example_io_plugin.py \e
     ClassName=SudoIOPlugin
@@ -690,7 +690,7 @@ Plugin python_io python_plugin.so \e
 Audit plugins must be registered in
 .Xr sudo.conf @mansectform@ .
 For example:
-.Bd -literal -offset indent
+.Bd -literal -offset 4n
 Plugin python_audit python_plugin.so ModulePath=<path> ClassName=<class>
 .Ed
 .Pp
@@ -928,7 +928,7 @@ manual for possible values.
 Sudo ships a Python Audit plugin example.
 To try it, register it by adding the following lines to
 .Pa @sysconfdir@/sudo.conf :
-.Bd -literal -offset indent
+.Bd -literal -offset 4n
 Plugin python_audit python_plugin.so \e
     ModulePath=@prefix@/share/doc/sudo/examples/example_audit_plugin.py \e
     ClassName=SudoAuditPlugin
@@ -939,7 +939,7 @@ It will log the plugin accept / reject / error results to the output.
 Approval plugins must be registered in
 .Xr sudo.conf @mansectform@ .
 For example:
-.Bd -literal -offset indent
+.Bd -literal -offset 4n
 Plugin python_approval python_plugin.so ModulePath=<path> ClassName=<class>
 .Ed
 .Pp
@@ -1010,7 +1010,7 @@ check(self, command_info: Tuple[str, ...], run_argv: Tuple[str, ...],
 This function is called after policy plugin's check_policy has succeeded.
 It can reject execution of the command by returning sudo.RC.REJECT or
 raising the special exception:
-.Bd -literal -offset indent
+.Bd -literal -offset 4n
 raise sudo.PluginReject("some message")
 .Ed
 .Pp
@@ -1034,7 +1034,7 @@ The environment the command will be run with.
 Sudo ships a Python Approval plugin example.
 To try it, register it by adding the following lines to
 .Pa @sysconfdir@/sudo.conf :
-.Bd -literal -offset indent
+.Bd -literal -offset 4n
 Plugin python_approval python_plugin.so \e
     ModulePath=@prefix@/share/doc/sudo/examples/example_approval_plugin.py \e
     ClassName=BusinessHoursApprovalPlugin
@@ -1047,7 +1047,7 @@ A group provider plugin is registered in the
 .Xr sudoers @mansectform@
 file.
 For example:
-.Bd -literal -offset indent
+.Bd -literal -offset 4n
 Defaults group_plugin="python_plugin.so ModulePath=<path> ClassName=<class>"
 .Ed
 .Pp
@@ -1111,7 +1111,7 @@ Sudo ships a Python group plugin example.
 To try it, register it in the
 .Em sudoers
 file by adding the following lines:
-.Bd -literal -offset indent
+.Bd -literal -offset 4n
 Defaults group_plugin="python_plugin.so \e
     ModulePath=@prefix@/share/doc/sudo/examples/example_group_plugin.py \e
     ClassName=SudoGroupPlugin"
@@ -1127,7 +1127,7 @@ If you add a rule that uses this group, it will affect the
 .Em test
 user.
 For example:
-.Bd -literal -offset indent
+.Bd -literal -offset 4n
 %:mygroup ALL=(ALL) NOPASSWD: ALL
 .Ed
 .Pp
@@ -1247,7 +1247,7 @@ or the user interrupted the conversation by pressing control-C.
 Sudo ships with an example plugin demonstrating the Python conversation API.
 To try it, register it by adding the following lines to
 .Pa @sysconfdir@/sudo.conf :
-.Bd -literal -offset indent
+.Bd -literal -offset 4n
 Plugin python_io python_plugin.so \e
     ModulePath=@prefix@/share/doc/sudo/examples/example_conversation.py \e
     ClassName=ReasonLoggerIOPlugin
@@ -1302,7 +1302,7 @@ with the program set to
 For example, to store debug output in
 .Pa /var/log/sudo_python_debug ,
 use a line like the following:
-.Bd -literal -offset indent
+.Bd -literal -offset 4n
 Debug python_plugin.so /var/log/sudo_python_debug \e
     plugin@trace,c_calls@trace
 .Ed
@@ -1314,7 +1314,7 @@ strings, separated by commas
 For example to just see the debug output of
 .Fn sudo.debug
 calls, use:
-.Bd -literal -offset indent
+.Bd -literal -offset 4n
 Debug python_plugin.so /var/log/sudo_python_debug plugin@trace
 .Ed
 .Pp
@@ -1396,7 +1396,7 @@ for the sudo debug system.
 Sudo ships an example debug plugin by default.
 To try it, register it by adding the following lines to
 .Pa @sysconfdir@/sudo.conf :
-.Bd -literal -offset indent
+.Bd -literal -offset 4n
 Plugin python_io python_plugin.so \e
     ModulePath=@prefix@/share/doc/sudo/examples/example_debugging.py \e
     ClassName=DebugDemoPlugin

docs/sudoers.man.in

@@ -25,7 +25,7 @@
 .nr BA @BAMAN@
 .nr LC @LCMAN@
 .nr PS @PSMAN@
-.TH "SUDOERS" "@mansectform@" "February 8, 2022" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
+.TH "SUDOERS" "@mansectform@" "February 10, 2022" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
 .nh
 .if n .ad l
 .SH "NAME"
@@ -71,7 +71,7 @@ to use the
 plugin, the following configuration can be used.
 .nf
 .sp
-.RS 6n
+.RS 4n
 Plugin sudoers_audit sudoers.so
 Plugin sudoers_policy sudoers.so
 Plugin sudoers_io sudoers.so
@@ -104,7 +104,7 @@ Multiple arguments may be specified, separated by white space.
 For example:
 .nf
 .sp
-.RS 6n
+.RS 4n
 Plugin sudoers_audit sudoers.so sudoers_mode=0400 error_recovery=false
 .RE
 .fi
@@ -6772,7 +6772,7 @@ For example, to allow user operator to edit the
 file on any machine:
 .nf
 .sp
-.RS 6n
+.RS 4n
 operator ALL = sudoedit /etc/motd
 .RE
 .fi
@@ -6782,7 +6782,7 @@ The operator user then runs
 as follows:
 .nf
 .sp
-.RS 6n
+.RS 4n
 $ sudoedit /etc/motd
 .RE
 .fi

docs/sudoers.mdoc.in

@@ -24,7 +24,7 @@
 .nr BA @BAMAN@
 .nr LC @LCMAN@
 .nr PS @PSMAN@
-.Dd February 8, 2022
+.Dd February 10, 2022
 .Dt SUDOERS @mansectform@
 .Os Sudo @PACKAGE_VERSION@
 .Sh NAME
@@ -68,7 +68,7 @@ To explicitly configure
 to use the
 .Nm
 plugin, the following configuration can be used.
-.Bd -literal -offset indent
+.Bd -literal -offset 4n
 Plugin sudoers_audit sudoers.so
 Plugin sudoers_policy sudoers.so
 Plugin sudoers_io sudoers.so
@@ -98,7 +98,7 @@ For older versions, it is the
 plugin.
 Multiple arguments may be specified, separated by white space.
 For example:
-.Bd -literal -offset indent
+.Bd -literal -offset 4n
 Plugin sudoers_audit sudoers.so sudoers_mode=0400 error_recovery=false
 .Ed
 .Pp
@@ -6260,14 +6260,14 @@ option in
 For example, to allow user operator to edit the
 .Dq message of the day
 file on any machine:
-.Bd -literal -offset indent
+.Bd -literal -offset 4n
 operator ALL = sudoedit /etc/motd
 .Ed
 .Pp
 The operator user then runs
 .Nm sudoedit
 as follows:
-.Bd -literal -offset indent
+.Bd -literal -offset 4n
 $ sudoedit /etc/motd
 .Ed
 .Pp

docs/sudoreplay.man.in

@@ -16,7 +16,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.TH "SUDOREPLAY" "@mansectsu@" "January 19, 2022" "Sudo @PACKAGE_VERSION@" "System Manager's Manual"
+.TH "SUDOREPLAY" "@mansectsu@" "February 10, 2022" "Sudo @PACKAGE_VERSION@" "System Manager's Manual"
 .nh
 .if n .ad l
 .SH "NAME"
@@ -453,7 +453,7 @@ List sessions run by user
 \fImillert\fR:
 .nf
 .sp
-.RS 6n
+.RS 4n
 # sudoreplay -l user millert
 .RE
 .fi
@@ -463,7 +463,7 @@ List sessions run by user
 with a command containing the string vi:
 .nf
 .sp
-.RS 6n
+.RS 4n
 # sudoreplay -l user bob command vi
 .RE
 .fi
@@ -473,7 +473,7 @@ List sessions run by user
 that match a regular expression:
 .nf
 .sp
-.RS 6n
+.RS 4n
 # sudoreplay -l user jeff command '/bin/[a-z]*sh'
 .RE
 .fi
@@ -481,7 +481,7 @@ that match a regular expression:
 List sessions run by jeff or bob on the console:
 .nf
 .sp
-.RS 6n
+.RS 4n
 # sudoreplay -l ( user jeff or user bob ) tty console
 .RE
 .fi

docs/sudoreplay.mdoc.in

@@ -15,7 +15,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd January 19, 2022
+.Dd February 10, 2022
 .Dt SUDOREPLAY @mansectsu@
 .Os Sudo @PACKAGE_VERSION@
 .Sh NAME
@@ -406,26 +406,26 @@ was used as part of a pipeline for a particular command.
 .Sh EXAMPLES
 List sessions run by user
 .Em millert :
-.Bd -literal -offset indent
+.Bd -literal -offset 4n
 # sudoreplay -l user millert
 .Ed
 .Pp
 List sessions run by user
 .Em bob
 with a command containing the string vi:
-.Bd -literal -offset indent
+.Bd -literal -offset 4n
 # sudoreplay -l user bob command vi
 .Ed
 .Pp
 List sessions run by user
 .Em jeff
 that match a regular expression:
-.Bd -literal -offset indent
+.Bd -literal -offset 4n
 # sudoreplay -l user jeff command '/bin/[a-z]*sh'
 .Ed
 .Pp
 List sessions run by jeff or bob on the console:
-.Bd -literal -offset indent
+.Bd -literal -offset 4n
 # sudoreplay -l ( user jeff or user bob ) tty console
 .Ed
 .Sh SEE ALSO

docs/visudo.man.in

@@ -21,7 +21,7 @@
 .\" Agency (DARPA) and Air Force Research Laboratory, Air Force
 .\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
 .\"
-.TH "VISUDO" "@mansectsu@" "January 20, 2022" "Sudo @PACKAGE_VERSION@" "System Manager's Manual"
+.TH "VISUDO" "@mansectsu@" "February 10, 2022" "Sudo @PACKAGE_VERSION@" "System Manager's Manual"
 .nh
 .if n .ad l
 .SH "NAME"
@@ -312,7 +312,7 @@ Multiple arguments may be specified, separated by white space.
 For example:
 .nf
 .sp
-.RS 6n
+.RS 4n
 Plugin sudoers_policy sudoers.so sudoers_mode=0400
 .RE
 .fi

docs/visudo.mdoc.in

@@ -20,7 +20,7 @@
 .\" Agency (DARPA) and Air Force Research Laboratory, Air Force
 .\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
 .\"
-.Dd January 20, 2022
+.Dd February 10, 2022
 .Dt VISUDO @mansectsu@
 .Os Sudo @PACKAGE_VERSION@
 .Sh NAME
@@ -302,7 +302,7 @@ These arguments, if present, should be listed after the path to the plugin
 .Pa sudoers.so ) .
 Multiple arguments may be specified, separated by white space.
 For example:
-.Bd -literal -offset indent
+.Bd -literal -offset 4n
 Plugin sudoers_policy sudoers.so sudoers_mode=0400
 .Ed
 .Pp