Regen .man.in files with hacked mandoc to avoid issues with historic

nroff.
2012-07-20 14:28:41 -04:00
parent 05e7cac89b
commit a06f7540f7
6 changed files with 304 additions and 251 deletions
--- a/doc/sudo.man.in
+++ b/doc/sudo.man.in
@@ -22,6 +22,8 @@
 .\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
 .\"
 .TH "SUDO" "@mansectsu@" "July 10, 2012" "1.8.6" "System Manager's Manual"
 .nh
 .if n .ad l
 .SH "NAME"
 \fBsudo\fR,
 \fBsudoedit\fR
@@ -29,53 +31,54 @@
 .SH "SYNOPSIS"
 .HP 5n
 \fBsudo\fR
-\fB-h\fR | \fB-K\fR | \fB-k\fR | \fB-V\fR
+\fB\-h\fR | \fB\-K\fR | \fB\-k\fR | \fB\-V\fR
-.sp -1v
+.PD 0
 .HP 5n
 \fBsudo\fR
-\fB-v\fR
+\fB\-v\fR
-[\fB-AknS\fR]
+[\fB\-AknS\fR]
-[\fB-a\fR\~\fIauth_type\fR]
+[\fB\-a\fR\ \fIauth_type\fR]
-[\fB-g\fR\~\fIgroup\~name\fR\~|\~\fI#gid\fR]
+[\fB\-g\fR\ \fIgroup\ name\fR\ |\ \fI#gid\fR]
-[\fB-p\fR\~\fIprompt\fR]
+[\fB\-p\fR\ \fIprompt\fR]
-[\fB-u\fR\~\fIuser\~name\fR\~|\~\fI#uid\fR]
+[\fB\-u\fR\ \fIuser\ name\fR\ |\ \fI#uid\fR]
-.sp -1v
+.br
 .HP 5n
 \fBsudo\fR
-\fB-l\fR[\fIl\fR]
+\fB\-l\fR[\fIl\fR]
-[\fB-AknS\fR]
+[\fB\-AknS\fR]
-[\fB-a\fR\~\fIauth_type\fR]
+[\fB\-a\fR\ \fIauth_type\fR]
-[\fB-g\fR\~\fIgroup\~name\fR\~|\~\fI#gid\fR]
+[\fB\-g\fR\ \fIgroup\ name\fR\ |\ \fI#gid\fR]
-[\fB-p\fR\~\fIprompt\fR]
+[\fB\-p\fR\ \fIprompt\fR]
-[\fB-U\fR\~\fIuser\~name\fR]
+[\fB\-U\fR\ \fIuser\ name\fR]
-[\fB-u\fR\~\fIuser\~name\fR\~|\~\fI#uid\fR]
+[\fB\-u\fR\ \fIuser\ name\fR\ |\ \fI#uid\fR]
 [\fIcommand\fR]
-.sp -1v
+.br
 .HP 5n
 \fBsudo\fR
-[\fB-AbEHnPS\fR]
+[\fB\-AbEHnPS\fR]
-[\fB-a\fR\~\fIauth_type\fR]
+[\fB\-a\fR\ \fIauth_type\fR]
-[\fB-C\fR\~\fIfd\fR]
+[\fB\-C\fR\ \fIfd\fR]
-[\fB-c\fR\~\fIclass\fR\~|\~\fI-\fR]
+[\fB\-c\fR\ \fIclass\fR\ |\ \fI-\fR]
-[\fB-g\fR\~\fIgroup\~name\fR\~|\~\fI#gid\fR]
+[\fB\-g\fR\ \fIgroup\ name\fR\ |\ \fI#gid\fR]
-[\fB-p\fR\~\fIprompt\fR]
+[\fB\-p\fR\ \fIprompt\fR]
-[\fB-r\fR\~\fIrole\fR]
+[\fB\-r\fR\ \fIrole\fR]
-[\fB-t\fR\~\fItype\fR]
+[\fB\-t\fR\ \fItype\fR]
-[\fB-u\fR\~\fIuser\~name\fR\~|\~\fI#uid\fR]
+[\fB\-u\fR\ \fIuser\ name\fR\ |\ \fI#uid\fR]
 [\fBVAR\fR=\fIvalue\fR]
-\fB-i\fR\~|\~\fB-s\fR
+\fB\-i\fR\ |\ \fB\-s\fR
 [\fIcommand\fR]
-.sp -1v
+.br
 .HP 9n
 \fBsudoedit\fR
-[\fB-AnS\fR]
+[\fB\-AnS\fR]
-[\fB-a\fR\~\fIauth_type\fR]
+[\fB\-a\fR\ \fIauth_type\fR]
-[\fB-C\fR\~\fIfd\fR]
+[\fB\-C\fR\ \fIfd\fR]
-[\fB-c\fR\~\fIclass\fR\~|\~\fI-\fR]
+[\fB\-c\fR\ \fIclass\fR\ |\ \fI-\fR]
-[\fB-g\fR\~\fIgroup\~name\fR\~|\~\fI#gid\fR]
+[\fB\-g\fR\ \fIgroup\ name\fR\ |\ \fI#gid\fR]
-[\fB-p\fR\~\fIprompt\fR]
+[\fB\-p\fR\ \fIprompt\fR]
-[\fB-u\fR\~\fIuser\~name\fR\~|\~\fI#uid\fR]
+[\fB\-u\fR\ \fIuser\ name\fR\ |\ \fI#uid\fR]
 file ...
 .PD
 .SH "DESCRIPTION"
 \fBsudo\fR
 allows a permitted user to execute a
@@ -85,7 +88,7 @@ policy.
 The real and effective uid and gid are set to match those of the
 target user, as specified in the password database, and the group
 vector is initialized based on the group database (unless the
-\fB-P\fR
+\fB\-P\fR
 option was specified).
 .PP
 \fBsudo\fR
@@ -133,14 +136,14 @@ sudoers(@mansectform@).
 By running
 \fBsudo\fR
 with the
-\fB-v\fR
+\fB\-v\fR
 option, a user can update the cached credentials without running a
 \fIcommand\fR.
 .PP
 When invoked as
 \fBsudoedit\fR,
 the
-\fB-e\fR
+\fB\-e\fR
 option (described below), is implied.
 .PP
 Security policies may log successful and failed attempts to use
@@ -151,12 +154,12 @@ output may be logged as well.
 \fBsudo\fR
 accepts the following command line options:
 .TP 12n
-\fB-A\fR
+\fB\-A\fR
 Normally, if
 \fBsudo\fR
 requires a password, it will read it from the user's terminal.
 If the
-\fB-A\fR (\fIaskpass\fR)
+\fB\-A\fR (\fIaskpass\fR)
 option is specified, a (possibly graphical) helper program is
 executed to read the user's password and output the password to the
 standard output.
@@ -183,11 +186,11 @@ If no askpass program is available,
 will exit with an error.
 .PP
 .RE
-.sp -1v
+.PD 0
 .TP 12n
-\fB-a\fR \fItype\fR
+\fB\-a\fR \fItype\fR
 The
-\fB-a\fR (\fIauthentication type\fR)
+\fB\-a\fR (\fIauthentication type\fR)
 option causes
 \fBsudo\fR
 to use the specified authentication type when validating the user,
@@ -199,43 +202,44 @@ authentication methods by adding an
 entry in
 \fI/etc/login.conf\fR.
 This option is only available on systems that support BSD authentication.
 .PD
 .TP 12n
-\fB-b\fR
+\fB\-b\fR
 The
-\fB-b\fR (\fIbackground\fR)
+\fB\-b\fR (\fIbackground\fR)
 option tells
 \fBsudo\fR
 to run the given command in the background.
 Note that if you use the
-\fB-b\fR
+\fB\-b\fR
 option you cannot use shell job control to manipulate the process.
 Most interactive commands will fail to work properly in background
 mode.
 .TP 12n
-\fB-C\fR \fIfd\fR
+\fB\-C\fR \fIfd\fR
 Normally,
 \fBsudo\fR
 will close all open file descriptors other than standard input,
 standard output and standard error.
 The
-\fB-C\fR (\fIclose from\fR)
+\fB\-C\fR (\fIclose from\fR)
 option allows the user to specify a starting point above the standard
 error (file descriptor three).
 Values less than three are not permitted.
 The security policy may restrict the user's ability to use the
-\fB-C\fR
+\fB\-C\fR
 option.
 The
 \fIsudoers\fR
 policy only permits use of the
-\fB-C\fR
+\fB\-C\fR
 option when the administrator has enabled the
 \fIclosefrom_override\fR
 option.
 .TP 12n
-\fB-c\fR \fIclass\fR
+\fB\-c\fR \fIclass\fR
 The
-\fB-c\fR (\fIclass\fR)
+\fB\-c\fR (\fIclass\fR)
 option causes
 \fBsudo\fR
 to run the specified command with resources limited by the specified
@@ -261,19 +265,19 @@ as root, or the
 command must be run from a shell that is already root.
 This option is only available on systems with BSD login classes.
 .TP 12n
-\fB-E\fR
+\fB\-E\fR
 The
-\fB-E\fR (\fIpreserve environment\fR)
+\fB\-E\fR (\fIpreserve environment\fR)
 option indicates to the security policy that the user wishes to
 preserve their existing environment variables.
 The security policy may return an error if the
-\fB-E\fR
+\fB\-E\fR
 option is specified and the user does not have permission to preserve
 the environment.
 .TP 12n
-\fB-e\fR
+\fB\-e\fR
 The
-\fB-e\fR (\fIedit\fR)
+\fB\-e\fR (\fIedit\fR)
 option indicates that, instead of running a command, the user wishes
 to edit one or more files.
 In lieu of a command, the string "sudoedit" is used when consulting
@@ -324,16 +328,16 @@ receive a warning and the edited copy will remain in a temporary
 file.
 .PP
 .RE
-.sp -1v
+.PD 0
 .TP 12n
-\fB-g\fR \fIgroup\fR
+\fB\-g\fR \fIgroup\fR
 Normally,
 \fBsudo\fR
 runs a command with the primary group set to the one specified by
 the password database for the user the command is being run as (by
 default, root).
 The
-\fB-g\fR (\fIgroup\fR)
+\fB\-g\fR (\fIgroup\fR)
 option causes
 \fBsudo\fR
 to run the command with the primary group set to
@@ -352,31 +356,32 @@ many shells require that the
 be escaped with a backslash
 (`\e').
 If no
-\fB-u\fR
+\fB\-u\fR
 option is specified, the command will be run as the invoking user
 (not root).
 In either case, the primary group will be set to
 \fIgroup\fR.
 .PD
 .TP 12n
-\fB-H\fR
+\fB\-H\fR
 The
-\fB-H\fR (\fIHOME\fR)
+\fB\-H\fR (\fIHOME\fR)
 option requests that the security policy set the
 \fRHOME\fR
 environment variable to the home directory of the target user (root
 by default) as specified by the password database.
 Depending on the policy, this may be the default behavior.
 .TP 12n
-\fB-h\fR
+\fB\-h\fR
 The
-\fB-h\fR (\fIhelp\fR)
+\fB\-h\fR (\fIhelp\fR)
 option causes
 \fBsudo\fR
 to print a short help message to the standard output and exit.
 .TP 12n
-\fB-i\fR [\fIcommand\fR]
+\fB\-i\fR [\fIcommand\fR]
 The
-\fB-i\fR (\fIsimulate initial login\fR)
+\fB\-i\fR (\fIsimulate initial login\fR)
 option runs the shell specified by the password database entry of
 the target user as a login shell.
 This means that login-specific resource files such as
@@ -386,7 +391,7 @@ or
 will be read by the shell.
 If a command is specified, it is passed to the shell for execution
 via the shell's
-\fB-c\fR
+\fB\-c\fR
 option.
 If no command is specified, an interactive shell is executed.
 \fBsudo\fR
@@ -399,24 +404,24 @@ The
 section in the
 sudoers(@mansectform@)
 manual documents how the
-\fB-i\fR
+\fB\-i\fR
 option affects the environment in which a command is run when the
 \fIsudoers\fR
 policy is in use.
 .TP 12n
-\fB-K\fR
+\fB\-K\fR
 The
-\fB-K\fR (sure \fIkill\fR)
+\fB\-K\fR (sure \fIkill\fR)
 option is like
-\fB-k\fR
+\fB\-k\fR
 except that it removes the user's cached credentials entirely and
 may not be used in conjunction with a command or other option.
 This option does not require a password.
 Not all security policies support credential caching.
 .TP 12n
-\fB-k\fR [\fIcommand\fR]
+\fB\-k\fR [\fIcommand\fR]
 When used alone, the
-\fB-k\fR (\fIkill\fR)
+\fB\-k\fR (\fIkill\fR)
 option to
 \fBsudo\fR
 invalidates the user's cached credentials.
@@ -433,7 +438,7 @@ Not all security policies support credential caching.
 .sp
 When used in conjunction with a command or an option that may require
 a password, the
-\fB-k\fR
+\fB\-k\fR
 option will cause
 \fBsudo\fR
 to ignore the user's cached credentials.
@@ -442,14 +447,14 @@ As a result,
 will prompt for a password (if one is required by the security
 policy) and will not update the user's cached credentials.
 .TP 12n
-\fB-l\fR[\fBl\fR] [\fIcommand\fR]
+\fB\-l\fR[\fBl\fR] [\fIcommand\fR]
 If no
 \fIcommand\fR
 is specified, the
-\fB-l\fR (\fIlist\fR)
+\fB\-l\fR (\fIlist\fR)
 option will list the allowed (and forbidden) commands for the
 invoking user (or the user specified by the
-\fB-U\fR
+\fB\-U\fR
 option) on the current host.
 If a
 \fIcommand\fR
@@ -462,18 +467,18 @@ is specified but not allowed,
 \fBsudo\fR
 will exit with a status value of 1.
 If the
-\fB-l\fR
+\fB\-l\fR
 option is specified with an
 \fIl\fR
 argument
-(i.e.\& \fB-ll\fR),
+(i.e.\& \fB\-ll\fR),
 or if
-\fB-l\fR
+\fB\-l\fR
 is specified multiple times, a longer list format is used.
 .TP 12n
-\fB-n\fR
+\fB\-n\fR
 The
-\fB-n\fR (\fInon-interactive\fR)
+\fB\-n\fR (\fInon-interactive\fR)
 option prevents
 \fBsudo\fR
 from prompting the user for a password.
@@ -481,9 +486,9 @@ If a password is required for the command to run,
 \fBsudo\fR
 will display an error message and exit.
 .TP 12n
-\fB-P\fR
+\fB\-P\fR
 The
-\fB-P\fR (\fIpreserve group vector\fR)
+\fB\-P\fR (\fIpreserve group vector\fR)
 option causes
 \fBsudo\fR
 to preserve the invoking user's group vector unaltered.
@@ -494,9 +499,9 @@ target user is in.
 The real and effective group IDs, however, are still set to match
 the target user.
 .TP 12n
-\fB-p\fR \fIprompt\fR
+\fB\-p\fR \fIprompt\fR
 The
-\fB-p\fR (\fIprompt\fR)
+\fB\-p\fR (\fIprompt\fR)
 option allows you to override the default password prompt and use
 a custom one.
 The following percent
@@ -526,10 +531,10 @@ and
 flags in
 sudoers(@mansectform@))
 .TP 4n
-\fR%U\fR
+\fR\&%U\fR
 expanded to the login name of the user the command will be run as
 (defaults to root unless the
-\fB-u\fR
+\fB\-u\fR
 option is also specified)
 .TP 4n
 \fR%u\fR
@@ -545,7 +550,7 @@ character
 .RS
 .PP
 The prompt specified by the
-\fB-p\fR
+\fB\-p\fR
 option will override the system password prompt on systems that
 support PAM unless the
 \fIpassprompt_override\fR
@@ -553,51 +558,52 @@ flag is disabled in
 \fIsudoers\fR.
 .PP
 .RE
-.sp -1v
+.PD 0
 .TP 12n
-\fB-r\fR \fIrole\fR
+\fB\-r\fR \fIrole\fR
 The
-\fB-r\fR (\fIrole\fR)
+\fB\-r\fR (\fIrole\fR)
 option causes the new (SELinux) security context to have the role
 specified by
 \fIrole\fR.
 .PD
 .TP 12n
-\fB-S\fR
+\fB\-S\fR
 The
-\fB-S\fR (\fIstdin\fR)
+\fB\-S\fR (\fIstdin\fR)
 option causes
 \fBsudo\fR
 to read the password from the standard input instead of the terminal
 device.
 The password must be followed by a newline character.
 .TP 12n
-\fB-s\fR [\fIcommand\fR]
+\fB\-s\fR [\fIcommand\fR]
 The
-\fB-s\fR (\fIshell\fR)
+\fB\-s\fR (\fIshell\fR)
 option runs the shell specified by the
 \fRSHELL\fR
 environment variable if it is set or the shell as specified in the
 password database.
 If a command is specified, it is passed to the shell for execution
 via the shell's
-\fB-c\fR
+\fB\-c\fR
 option.
 If no command is specified, an interactive shell is executed.
 .TP 12n
-\fB-t\fR \fItype\fR
+\fB\-t\fR \fItype\fR
 The
-\fB-t\fR (\fItype\fR)
+\fB\-t\fR (\fItype\fR)
 option causes the new (SELinux) security context to have the type
 specified by
 \fItype\fR.
 If no type is specified, the default type is derived from the
 specified role.
 .TP 12n
-\fB-U\fR \fIuser\fR
+\fB\-U\fR \fIuser\fR
 The
-\fB-U\fR (\fIother user\fR)
+\fB\-U\fR (\fIother user\fR)
 option is used in conjunction with the
-\fB-l\fR
+\fB\-l\fR
 option to specify the user whose privileges should be listed.
 The security policy may restrict listing other users' privileges.
 The
@@ -606,9 +612,9 @@ policy only allows root or a user with the
 \fRALL\fR
 privilege on the current host to use this option.
 .TP 12n
-\fB-u\fR \fIuser\fR
+\fB\-u\fR \fIuser\fR
 The
-\fB-u\fR (\fIuser\fR)
+\fB\-u\fR (\fIuser\fR)
 option causes
 \fBsudo\fR
 to run the specified command as a user other than
@@ -636,23 +642,23 @@ that are not in the password database as long as the
 option is not set.
 Other security policies may not support this.
 .TP 12n
-\fB-V\fR
+\fB\-V\fR
 The
-\fB-V\fR (\fIversion\fR)
+\fB\-V\fR (\fIversion\fR)
 option causes
 \fBsudo\fR
 to print its version string and the version string of the security
 policy plugin and any I/O plugins.
 If the invoking user is already root the
-\fB-V\fR
+\fB\-V\fR
 option will display the arguments passed to configure when
 \fBsudo\fR
 was built and plugins may display more verbose information such as
 default options.
 .TP 12n
-\fB-v\fR
+\fB\-v\fR
 When given the
-\fB-v\fR (\fIvalidate\fR)
+\fB\-v\fR (\fIvalidate\fR)
 option,
 \fBsudo\fR
 will update the user's cached credentials, authenticating the user's
@@ -667,9 +673,9 @@ minutes (or whatever the timeout is set to by the security policy)
 but does not run a command.
 Not all security policies support cached credentials.
 .TP 12n
-\fB--\fR
+\fB\--\fR
 The
-\fB--\fR
+\fB\--\fR
 option indicates that
 \fBsudo\fR
 should stop processing command line arguments.
@@ -1037,7 +1043,7 @@ environment.
 .TP 17n
 \fREDITOR\fR
 Default editor to use in
-\fB-e\fR
+\fB\-e\fR
 (sudoedit) mode if neither
 \fRSUDO_EDITOR\fR
 nor
@@ -1046,7 +1052,7 @@ is set.
 .TP 17n
 \fRMAIL\fR
 In
-\fB-i\fR
+\fB\-i\fR
 mode or when
 \fIenv_reset\fR
 is enabled in
@@ -1055,9 +1061,9 @@ set to the mail spool of the target user.
 .TP 17n
 \fRHOME\fR
 Set to the home directory of the target user if
-\fB-i\fR
+\fB\-i\fR
 or
-\fB-H\fR
+\fB\-H\fR
 are specified,
 \fIenv_reset\fR
 or
@@ -1065,7 +1071,7 @@ or
 are set in
 \fIsudoers\fR,
 or when the
-\fB-s\fR
+\fB\-s\fR
 option is specified and
 \fIset_home\fR
 is set in
@@ -1076,13 +1082,13 @@ May be overridden by the security policy.
 .TP 17n
 \fRSHELL\fR
 Used to determine shell to run with
-\fB-s\fR
+\fB\-s\fR
 option.
 .TP 17n
 \fRSUDO_ASKPASS\fR
 Specifies the path to a helper program used to read the password
 if no terminal is available or if the
-\fB-A\fR
+\fB\-A\fR
 option is specified.
 .TP 17n
 \fRSUDO_COMMAND\fR
@@ -1090,7 +1096,7 @@ Set to the command run by sudo.
 .TP 17n
 \fRSUDO_EDITOR\fR
 Default editor to use in
-\fB-e\fR
+\fB\-e\fR
 (sudoedit) mode.
 .TP 17n
 \fRSUDO_GID\fR
@@ -1112,12 +1118,12 @@ Set to the login name of the user who invoked sudo.
 .TP 17n
 \fRUSER\fR
 Set to the target user (root unless the
-\fB-u\fR
+\fB\-u\fR
 option is specified).
 .TP 17n
 \fRVISUAL\fR
 Default editor to use in
-\fB-e\fR
+\fB\-e\fR
 (sudoedit) mode if
 \fRSUDO_EDITOR\fR
 is not set.
--- a/doc/sudo_plugin.man.in
+++ b/doc/sudo_plugin.man.in
@@ -17,6 +17,8 @@
 .\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
 .TH "SUDO_PLUGIN" "5" "July 16, 2012" "1.8.6" "OpenBSD Programmer's Manual"
 .nh
 .if n .ad l
 .SH "NAME"
 \fBsudo_plugin\fR
 \- Sudo Plugin API
@@ -204,7 +206,7 @@ The function arguments are as follows:
 .RS
 .PP
 .RE
-.sp -1v
+.PD 0
 .TP 6n
 version
 The version passed in by
@@ -212,6 +214,7 @@ The version passed in by
 allows the plugin to determine the
 major and minor version number of the plugin API supported by
 \fBsudo\fR.
 .PD
 .TP 6n
 conversation
 A pointer to the
@@ -330,24 +333,24 @@ This setting has been deprecated in favor of
 .TP 6n
 runas_user=string
 The user name or uid to to run the command as, if specified via the
-\fB-u\fR
+\fB\-u\fR
 flag.
 .TP 6n
 runas_group=string
 The group name or gid to to run the command as, if specified via
 the
-\fB-g\fR
+\fB\-g\fR
 flag.
 .TP 6n
 prompt=string
 The prompt to use when requesting a password, if specified via
 the
-\fB-p\fR
+\fB\-p\fR
 flag.
 .TP 6n
 set_home=bool
 Set to true if the user specified the
-\fB-H\fR
+\fB\-H\fR
 flag.
 If true, set the
 \fRHOME\fR
@@ -355,19 +358,19 @@ environment variable to the target user's home directory.
 .TP 6n
 preserve_environment=bool
 Set to true if the user specified the
-\fB-E\fR
+\fB\-E\fR
 flag, indicating that
 the user wishes to preserve the environment.
 .TP 6n
 run_shell=bool
 Set to true if the user specified the
-\fB-s\fR
+\fB\-s\fR
 flag, indicating that
 the user wishes to run a shell.
 .TP 6n
 login_shell=bool
 Set to true if the user specified the
-\fB-i\fR
+\fB\-i\fR
 flag, indicating that
 the user wishes to run a login shell.
 .TP 6n
@@ -392,21 +395,21 @@ exit.
 .TP 6n
 preserve_groups=bool
 Set to true if the user specified the
-\fB-P\fR
+\fB\-P\fR
 flag, indicating that
 the user wishes to preserve the group vector instead of setting it
 based on the runas user.
 .TP 6n
 ignore_ticket=bool
 Set to true if the user specified the
-\fB-k\fR
+\fB\-k\fR
 flag along with a
 command, indicating that the user wishes to ignore any cached
 authentication credentials.
 .TP 6n
 noninteractive=bool
 Set to true if the user specified the
-\fB-n\fR
+\fB\-n\fR
 flag, indicating that
 \fBsudo\fR
 should operate in non-interactive mode.
@@ -416,24 +419,24 @@ interaction is required.
 login_class=string
 BSD login class to use when setting resource limits and nice value,
 if specified by the
-\fB-c\fR
+\fB\-c\fR
 flag.
 .TP 6n
 selinux_role=string
 SELinux role to use when executing the command, if specified by
 the
-\fB-r\fR
+\fB\-r\fR
 flag.
 .TP 6n
 selinux_type=string
 SELinux type to use when executing the command, if specified by
 the
-\fB-t\fR
+\fB\-t\fR
 flag.
 .TP 6n
 bsdauth_type=string
 Authentication type, if specified by the
-\fB-a\fR
+\fB\-a\fR
 flag, to use on
 systems where BSD authentication is supported.
 .TP 6n
@@ -457,7 +460,7 @@ or
 .TP 6n
 sudoedit=bool
 Set to true when the
-\fB-e\fR
+\fB\-e\fR
 flag is is specified or if invoked as
 \fBsudoedit\fR.
 The plugin shall substitute an editor into
@@ -473,7 +476,7 @@ section.
 .TP 6n
 closefrom=number
 If specified, the user has requested via the
-\fB-C\fR
+\fB\-C\fR
 flag that
 \fBsudo\fR
 close all files descriptors with a value of
@@ -489,7 +492,7 @@ Additional settings may be added in the future so the plugin should
 silently ignore settings that it does not recognize.
 .PP
 .RE
-.sp -1v
+.PD 0
 .TP 6n
 user_info
 A vector of information about the user running the command in the form of
@@ -512,6 +515,7 @@ itself but the
 \fIvalue\fR
 might.
 .RS
 .PD
 .TP 6n
 pid=int
 The process ID of the running
@@ -663,7 +667,7 @@ The function arguments are as follows:
 .RS
 .PP
 .RE
-.sp -1v
+.PD 0
 .TP 6n
 exit_status
 The command's exit status, as returned by the
@@ -674,6 +678,7 @@ The value of
 is undefined if
 \fRerror\fR
 is non-zero.
 .PD
 .TP 6n
 error
 .br
@@ -706,7 +711,7 @@ function is called by
 \fBsudo\fR
 when the user specifies
 the
-\fB-V\fR
+\fB\-V\fR
 option.
 The plugin may display its version information to the user via the
 \fBconversation\fR()
@@ -717,7 +722,7 @@ function using
 If the user requests detailed version information, the verbose flag will be set.
 .PP
 .RE
-.sp -1v
+.PD 0
 .TP 6n
 check_policy
 .nf
@@ -804,9 +809,10 @@ to present additional error information to the user.
 .sp
 The function arguments are as follows:
 .RS
 .PD
 .PP
 .RE
-.sp -1v
+.PD 0
 .TP 6n
 argc
 The number of elements in
@@ -814,6 +820,7 @@ The number of elements in
 not counting the final
 \fRNULL\fR
 pointer.
 .PD
 .TP 6n
 argv
 The argument vector describing the command the user wishes to run,
@@ -1022,7 +1029,7 @@ the invoking user's existing entry.
 Unsupported values will be ignored.
 .PP
 .RE
-.sp -1v
+.PD 0
 .TP 6n
 argv_out
 The
@@ -1031,6 +1038,7 @@ argument vector to pass to the
 execve(2)
 system call when executing the command.
 The plugin is responsible for allocating and populating the vector.
 .PD
 .TP 6n
 user_env_out
 The
@@ -1068,10 +1076,11 @@ function using
 .RS
 .PP
 .RE
-.sp -1v
+.PD 0
 .TP 6n
 verbose
 Flag indicating whether to list in verbose mode or not.
 .PD
 .TP 6n
 list_user
 The name of a different user to list privileges for if the policy
@@ -1112,7 +1121,7 @@ The
 function is called when
 \fBsudo\fR
 is run with the
-\fB-v\fR
+\fB\-v\fR
 flag.
 For policy plugins such as
 \fIsudoers\fR
@@ -1137,7 +1146,7 @@ to present additional
 error information to the user.
 .PP
 .RE
-.sp -1v
+.PD 0
 .TP 6n
 invalidate
 .nf
@@ -1153,9 +1162,9 @@ function is called when
 \fBsudo\fR
 is called with
 the
-\fB-k\fR
+\fB\-k\fR
 or
-\fB-K\fR
+\fB\-K\fR
 flag.
 For policy plugins such as
 \fIsudoers\fR
@@ -1172,9 +1181,10 @@ The
 function should be
 \fRNULL\fR
 if the plugin does not support credential caching.
 .PD
 .PP
 .RE
-.sp -1v
+.PD 0
 .TP 6n
 init_session
 .nf
@@ -1251,9 +1261,10 @@ function with
 \fRSUDO_CONF_ERROR_MSG\fR
 to present additional
 error information to the user.
 .PD
 .PP
 .RE
-.sp -1v
+.PD 0
 .TP 6n
 register_hooks
 .nf
@@ -1305,9 +1316,10 @@ front end doesn't support API
 version 1.2 or higher,
 \fRregister_hooks\fR
 will not be called.
 .PD
 .PP
 .RE
-.sp -1v
+.PD 0
 .TP 6n
 deregister_hooks
 .nf
@@ -1361,6 +1373,7 @@ version 1.2 or higher,
 \fRderegister_hooks\fR
 will not be called.
 .RE
 .PD
 .PP
 \fIPolicy Plugin Version Macros\fR
 .nf
@@ -1500,7 +1513,7 @@ The function arguments are as follows:
 .RS
 .PP
 .RE
-.sp -1v
+.PD 0
 .TP 6n
 version
 The version passed in by
@@ -1508,6 +1521,7 @@ The version passed in by
 allows the plugin to determine the
 major and minor version number of the plugin API supported by
 \fBsudo\fR.
 .PD
 .TP 6n
 conversation
 A pointer to the
@@ -1675,7 +1689,7 @@ The function arguments are as follows:
 .RS
 .PP
 .RE
-.sp -1v
+.PD 0
 .TP 6n
 exit_status
 The command's exit status, as returned by the
@@ -1686,6 +1700,7 @@ The value of
 is undefined if
 \fRerror\fR
 is non-zero.
 .PD
 .TP 6n
 error
 .br
@@ -1713,7 +1728,7 @@ function is called by
 \fBsudo\fR
 when the user specifies
 the
-\fB-V\fR
+\fB\-V\fR
 option.
 The plugin may display its version information to the user via the
 \fBconversation\fR()
@@ -1724,7 +1739,7 @@ function using
 If the user requests detailed version information, the verbose flag will be set.
 .PP
 .RE
-.sp -1v
+.PD 0
 .TP 6n
 log_ttyin
 .nf
@@ -1745,12 +1760,14 @@ is rejected (which will terminate the command) or \-1 if an error occurred.
 .sp
 The function arguments are as follows:
 .RS
 .PD
 .PP
 .RE
-.sp -1v
+.PD 0
 .TP 6n
 buf
 The buffer containing user input.
 .PD
 .TP 6n
 len
 The length of
@@ -1779,10 +1796,11 @@ The function arguments are as follows:
 .RS
 .PP
 .RE
-.sp -1v
+.PD 0
 .TP 6n
 buf
 The buffer containing command output.
 .PD
 .TP 6n
 len
 The length of
@@ -1813,10 +1831,11 @@ The function arguments are as follows:
 .RS
 .PP
 .RE
-.sp -1v
+.PD 0
 .TP 6n
 buf
 The buffer containing user input.
 .PD
 .TP 6n
 len
 The length of
@@ -1847,10 +1866,11 @@ The function arguments are as follows:
 .RS
 .PP
 .RE
-.sp -1v
+.PD 0
 .TP 6n
 buf
 The buffer containing command output.
 .PD
 .TP 6n
 len
 The length of
@@ -1881,10 +1901,11 @@ The function arguments are as follows:
 .RS
 .PP
 .RE
-.sp -1v
+.PD 0
 .TP 6n
 buf
 The buffer containing command output.
 .PD
 .TP 6n
 len
 The length of
@@ -1980,7 +2001,7 @@ If the registered hook does not match the typedef the results are
 unspecified.
 .PP
 .RE
-.sp -1v
+.PD 0
 .TP 6n
 \fRSUDO_HOOK_UNSETENV\fR
 The C library
@@ -1999,9 +2020,10 @@ typedef int (*sudo_hook_fn_unsetenv_t)(const char *name,
 .RE
 .fi
 .RS
 .PD
 .PP
 .RE
-.sp -1v
+.PD 0
 .TP 6n
 \fRSUDO_HOOK_GETENV\fR
 The C library
@@ -2023,9 +2045,10 @@ typedef int (*sudo_hook_fn_getenv_t)(const char *name,
 .sp
 If the registered hook does not match the typedef the results are
 unspecified.
 .PD
 .PP
 .RE
-.sp -1v
+.PD 0
 .TP 6n
 \fRSUDO_HOOK_PUTENV\fR
 The C library
@@ -2048,9 +2071,10 @@ typedef int (*sudo_hook_fn_putenv_t)(char *string,
 If the registered hook does not match the typedef the results are
 unspecified.
 .RE
 .PD
 .PP
 .RE
-.sp -1v
+.PD 0
 .TP 6n
 hook_fn
 sudo_hook_fn_t hook_fn;
@@ -2072,6 +2096,7 @@ This can be used to pass arbitrary data to the plugin's hook implementation.
 .sp
 The function return value may be one of the following:
 .RS
 .PD
 .TP 6n
 \fRSUDO_HOOK_RET_ERROR\fR
 The hook function encountered an error.
@@ -2329,7 +2354,7 @@ The function arguments are as follows:
 .RS
 .PP
 .RE
-.sp -1v
+.PD 0
 .TP 6n
 version
 The version passed in by
@@ -2337,6 +2362,7 @@ The version passed in by
 allows the plugin to determine the
 major and minor version number of the group plugin API supported by
 \fIsudoers\fR.
 .PD
 .TP 6n
 plugin_printf
 A pointer to a
@@ -2374,7 +2400,7 @@ group checks.
 The plugin should free any memory it has allocated and close open file handles.
 .PP
 .RE
-.sp -1v
+.PD 0
 .TP 6n
 query
 .br
@@ -2395,12 +2421,14 @@ is a member of
 .sp
 The function arguments are as follows:
 .RS
 .PD
 .PP
 .RE
-.sp -1v
+.PD 0
 .TP 6n
 user
 The name of the user being looked up in the external group database.
 .PD
 .TP 6n
 group
 .br
--- a/doc/sudoers.ldap.man.in
+++ b/doc/sudoers.ldap.man.in
@@ -17,6 +17,8 @@
 .\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
 .TH "SUDOERS.LDAP" "8" "July 12, 2012" "1.8.6" "OpenBSD System Manager's Manual"
 .nh
 .if n .ad l
 .SH "NAME"
 \fBsudoers.ldap\fR
 \- sudo LDAP configuration
@@ -727,14 +729,15 @@ Netscape-derived:
 Tivoli Directory Server:
 \fRtls_cert /usr/ldap/ldapkey.kdb\fR
 .RE
 .sp -1v
 .RS
 .PD 0
 .PP
 .PD
 When using Tivoli LDAP libraries, this file may also contain
 Certificate Authority and client certificates and may be encrypted.
 .PP
 .RE
-.sp -1v
+.PD 0
 .TP 6n
 \fBTLS_KEYPW\fR \fIsecret\fR
 The
@@ -761,6 +764,7 @@ The default
 that ships with Tivoli Directory Server is encrypted with the password
 \fRssl_password\fR.
 This option is only supported by the Tivoli LDAP libraries.
 .PD
 .TP 6n
 \fBTLS_RANDFILE\fR \fIfile name\fR
 The
@@ -847,10 +851,11 @@ The following sources are recognized:
 files
 read sudoers from
 \fI@sysconfdir@/sudoers\fR
-.sp -1v
+.PD 0
 .TP 10n
 ldap
 read sudoers from LDAP
 .PD
 .PP
 In addition, the entry
 \fR[NOTFOUND=return]\fR
--- a/doc/sudoers.man.in
+++ b/doc/sudoers.man.in
@@ -22,6 +22,8 @@
 .\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
 .\"
 .TH "SUDOERS" "@mansectsu@" "July 16, 2012" "1.8.6" "Programmer's Manual"
 .nh
 .if n .ad l
 .SH "NAME"
 \fBsudoers\fR
 \- default sudo security policy module
@@ -86,9 +88,9 @@ Note that mail will not be sent if an unauthorized user tries to
 run
 \fBsudo\fR
 with the
-\fB-l\fR
+\fB\-l\fR
 or
-\fB-v\fR
+\fB\-v\fR
 option.
 This allows users to
 determine for themselves whether or not they are allowed to use
@@ -107,7 +109,7 @@ This can be used by a user to log commands
 through sudo even when a root shell has been invoked.
 It also
 allows the
-\fB-e\fR
+\fB\-e\fR
 option to remain useful even when invoked via a
 sudo-run script or program.
 Note, however, that the
@@ -266,7 +268,7 @@ to preserve them.
 .PP
 As a special case, if
 \fBsudo\fR's
-\fB-i\fR
+\fB\-i\fR
 option (initial login) is
 specified,
 \fIsudoers\fR
@@ -658,7 +660,7 @@ The special command
 is used to permit a user to run
 \fBsudo\fR
 with the
-\fB-e\fR
+\fB\-e\fR
 option (or as
 \fBsudoedit\fR).
 It may take command line arguments just as a normal command does.
@@ -781,11 +783,11 @@ The first
 indicates
 which users the command may be run as via
 \fBsudo\fR's
-\fB-u\fR
+\fB\-u\fR
 option.
 The second defines a list of groups that can be specified via
 \fBsudo\fR's
-\fB-g\fR
+\fB\-g\fR
 option.
 If both
 \fRRunas_List\fRs
@@ -794,7 +796,7 @@ and groups listed in their respective
 \fRRunas_List\fRs.
 If only the first is specified, the command may be run as any user
 in the list but no
-\fB-g\fR
+\fB\-g\fR
 option
 may be specified.
 If the first
@@ -921,9 +923,9 @@ $ sudo -g dialer /usr/bin/cu
 Multiple users and groups may be present in a
 \fRRunas_Spec\fR,
 in which case the user may select any combination of users and groups via the
-\fB-u\fR
+\fB\-u\fR
 and
-\fB-g\fR
+\fB\-g\fR
 options.
 In this example:
 .nf
@@ -1089,7 +1091,7 @@ Note that if
 has been set for a command, the user may disable the
 \fIenv_reset\fR
 option from the command line via the
-\fB-E\fR
+\fB\-E\fR
 option.
 Additionally, environment variables set on the command
 line are not subject to the restrictions imposed by
@@ -1357,7 +1359,7 @@ directory unless one of them contains a syntax error.
 It is still possible to run
 \fBvisudo\fR
 with the
-\fB-f\fR
+\fB\-f\fR
 flag to edit the files directly.
 .SS "Other special characters and reserved words"
 The pound sign
@@ -1449,10 +1451,10 @@ will set the
 \fRHOME\fR
 environment variable to the home directory of the target user
 (which is root unless the
-\fB-u\fR
+\fB\-u\fR
 option is used).
 This effectively means that the
-\fB-H\fR
+\fB\-H\fR
 option is always implied.
 Note that
 \fRHOME\fR
@@ -1486,7 +1488,7 @@ by default.
 closefrom_override
 If set, the user may use
 \fBsudo\fR's
-\fB-C\fR
+\fB\-C\fR
 option which overrides the default starting point at which
 \fBsudo\fR
 begins closing open file descriptors.
@@ -1565,7 +1567,7 @@ and
 lists are displayed when
 \fBsudo\fR
 is run by root with the
-\fB-V\fR
+\fB\-V\fR
 option.
 If the
 \fIsecure_path\fR
@@ -1968,17 +1970,17 @@ set_home
 If enabled and
 \fBsudo\fR
 is invoked with the
-\fB-s\fR
+\fB\-s\fR
 option the
 \fRHOME\fR
 environment variable will be set to the home directory of the target
 user (which is root unless the
-\fB-u\fR
+\fB\-u\fR
 option is used).
 This effectively makes the
-\fB-s\fR
+\fB\-s\fR
 option imply
-\fB-H\fR.
+\fB\-H\fR.
 Note that
 \fRHOME\fR
 is already set when the the
@@ -2006,7 +2008,7 @@ will set the
 and
 \fRUSERNAME\fR
 environment variables to the name of the target user (usually root unless the
-\fB-u\fR
+\fB\-u\fR
 option is given).
 However, since some programs (including the RCS revision control system) use
 \fRLOGNAME\fR
@@ -2046,7 +2048,7 @@ setenv
 Allow the user to disable the
 \fIenv_reset\fR
 option from the command line via the
-\fB-E\fR
+\fB\-E\fR
 option.
 Additionally, environment variables set via the command line are
 not subject to the restrictions imposed by
@@ -2063,7 +2065,7 @@ shell_noargs
 If set and
 \fBsudo\fR
 is invoked with no arguments it acts as if the
-\fB-s\fR
+\fB\-s\fR
 option had been given.
 That is, it runs a shell as root (the shell is determined by the
 \fRSHELL\fR
@@ -2099,14 +2101,14 @@ If set,
 \fBsudo\fR
 will prompt for the password of the user specified
 by the
-\fB-u\fR
+\fB\-u\fR
 option (defaults to
 \fRroot\fR)
 instead of the password of the invoking user.
 In addition, the timestamp file name will include the target user's name.
 Note that this flag precludes the use of a uid not listed in the passwd
 database as an argument to the
-\fB-u\fR
+\fB\-u\fR
 option.
 This flag is
 \fIoff\fR
@@ -2362,7 +2364,7 @@ character, the string
 should be used.
 .PP
 .RE
-.sp -1v
+.PD 0
 .TP 18n
 iolog_file
 The path name, relative to
@@ -2396,6 +2398,7 @@ will have the
 replaced with a unique combination of digits and letters, similar to the
 mktemp(3)
 function.
 .PD
 .TP 18n
 mailsub
 Subject of the mail sent to the
@@ -2415,7 +2418,7 @@ file.
 .TP 18n
 passprompt
 The default prompt to use when asking for a password; can be overridden via the
-\fB-p\fR
+\fB\-p\fR
 option or the
 \fRSUDO_PROMPT\fR
 environment variable.
@@ -2442,7 +2445,7 @@ and
 flags in
 \fIsudoers\fR)
 .TP 6n
-\fR%U\fR
+\fR\&%U\fR
 expanded to the login name of the user the command will
 be run as (defaults to root)
 .TP 6n
@@ -2462,7 +2465,7 @@ The default value is
 ``\fR@passprompt@\fR''.
 .PP
 .RE
-.sp -1v
+.PD 0
 .TP 18n
 role
 The default SELinux role to use when constructing a new security
@@ -2473,10 +2476,11 @@ or via command line options.
 This option is only available whe
 \fBsudo\fR
 is built with SELinux support.
 .PD
 .TP 18n
 runas_default
 The default user to run commands as if the
-\fB-u\fR
+\fB\-u\fR
 option is not specified on the command line.
 This defaults to
 \fR@runas_default@\fR.
@@ -2591,13 +2595,14 @@ For more information see
 sudo_plugin(@mansectform@).
 .PP
 .RE
-.sp -1v
+.PD 0
 .TP 14n
 lecture
 This option controls when a short lecture will be printed along with
 the password prompt.
 It has the following possible values:
 .RS
 .PD
 .TP 8n
 always
 Always lecture the user.
@@ -2621,7 +2626,7 @@ The default value is
 \fI@lecture@\fR.
 .PP
 .RE
-.sp -1v
+.PD 0
 .TP 14n
 lecture_file
 Path to a file containing an alternate
@@ -2631,12 +2636,13 @@ file exists.
 By default,
 \fBsudo\fR
 uses a built-in lecture.
 .PD
 .TP 14n
 listpw
 This option controls when a password will be required when a user runs
 \fBsudo\fR
 with the
-\fB-l\fR
+\fB\-l\fR
 option.
 It has the following possible values:
 .RS
@@ -2651,7 +2657,7 @@ flag set to avoid entering a password.
 .TP 10n
 always
 The user must always enter a password to use the
-\fB-l\fR
+\fB\-l\fR
 option.
 .TP 10n
 any
@@ -2664,7 +2670,7 @@ flag set to avoid entering a password.
 .TP 10n
 never
 The user need never enter a password to use the
-\fB-l\fR
+\fB\-l\fR
 option.
 .RE
 .RS
@@ -2679,7 +2685,7 @@ The default value is
 \fIany\fR.
 .PP
 .RE
-.sp -1v
+.PD 0
 .TP 14n
 logfile
 Path to the
@@ -2690,10 +2696,11 @@ negating this option turns it off.
 By default,
 \fBsudo\fR
 logs via syslog.
 .PD
 .TP 14n
 mailerflags
 Flags to use when invoking mailer. Defaults to
-\fB-t\fR.
+\fB\-t\fR.
 .TP 14n
 mailerpath
 Path to mail program used to send warning mail.
@@ -2771,7 +2778,7 @@ verifypw
 This option controls when a password will be required when a user runs
 \fBsudo\fR
 with the
-\fB-v\fR
+\fB\-v\fR
 option.
 It has the following possible values:
 .RS
@@ -2785,7 +2792,7 @@ flag set to avoid entering a password.
 .TP 8n
 always
 The user must always enter a password to use the
-\fB-v\fR
+\fB\-v\fR
 option.
 .TP 8n
 any
@@ -2797,7 +2804,7 @@ flag set to avoid entering a password.
 .TP 8n
 never
 The user need never enter a password to use the
-\fB-v\fR
+\fB\-v\fR
 option.
 .RE
 .RS
@@ -2842,7 +2849,7 @@ The default list of environment variables to check is displayed when
 \fBsudo\fR
 is run by root with
 the
-\fB-V\fR
+\fB\-V\fR
 option.
 .TP 18n
 env_delete
@@ -2861,7 +2868,7 @@ operators respectively.
 The default list of environment variables to remove is displayed when
 \fBsudo\fR
 is run by root with the
-\fB-V\fR
+\fB\-V\fR
 option.
 Note that many operating systems will remove potentially dangerous
 variables from the environment of any setuid process (such as
@@ -2887,7 +2894,7 @@ The default list of variables to keep
 is displayed when
 \fBsudo\fR
 is run by root with the
-\fB-V\fR
+\fB\-V\fR
 option.
 .SH "SUDO.CONF"
 The
@@ -3100,7 +3107,7 @@ security policy
 .TP 26n
 \fI/etc/environment\fR
 Initial environment for
-\fB-i\fR
+\fB\-i\fR
 mode on AIX and Linux systems
 .SH "EXAMPLES"
 Below are example
--- a/doc/sudoreplay.man.in
+++ b/doc/sudoreplay.man.in
@@ -17,23 +17,25 @@
 .\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
 .TH "SUDOREPLAY" "@mansectsu@" "July 12, 2012" "1.8.6" "System Manager's Manual"
 .nh
 .if n .ad l
 .SH "NAME"
 \fBsudoreplay\fR
 \- replay sudo session logs
 .SH "SYNOPSIS"
 .HP 11n
 \fBsudoreplay\fR
-[\fB-h\fR]
+[\fB\-h\fR]
-[\fB-d\fR\~\fIdirectory\fR]
+[\fB\-d\fR\ \fIdirectory\fR]
-[\fB-f\fR\~\fIfilter\fR]
+[\fB\-f\fR\ \fIfilter\fR]
-[\fB-m\fR\~\fImax_wait\fR]
+[\fB\-m\fR\ \fImax_wait\fR]
-[\fB-s\fR\~\fIspeed_factor\fR]
+[\fB\-s\fR\ \fIspeed_factor\fR]
 ID
 .HP 11n
 \fBsudoreplay\fR
-[\fB-h\fR]
+[\fB\-h\fR]
-[\fB-d\fR\~\fIdirectory\fR]
+[\fB\-d\fR\ \fIdirectory\fR]
-\fB-l\fR
+\fB\-l\fR
 [search expression]
 .SH "DESCRIPTION"
 \fBsudoreplay\fR
@@ -92,18 +94,19 @@ Double the playback speed.
 \fBsudoreplay\fR
 accepts the following command line options:
 .TP 14n
-\fB-d\fR \fIdirectory\fR
+\fB\-d\fR \fIdirectory\fR
 .br
 Use
 \fIdirectory\fR
 to for the session logs instead of the default,
 \fI@iolog_dir@\fR.
 .TP 14n
-\fB-f\fR \fIfilter\fR
+\fB\-f\fR \fIfilter\fR
 By default,
 \fBsudoreplay\fR
 will play back the command's standard output, standard error and tty output.
 The
-\fB-f\fR
+\fB\-f\fR
 option can be used to select which of these to output.
 The
 \fIfilter\fR
@@ -113,14 +116,14 @@ argument is a comma-separated list, consisting of one or more of following:
 and
 \fIttyout\fR.
 .TP 14n
-\fB-h\fR
+\fB\-h\fR
 The
-\fB-h\fR (\fIhelp\fR)
+\fB\-h\fR (\fIhelp\fR)
 option causes
 \fBsudoreplay\fR
 to print a short help message to the standard output and exit.
 .TP 14n
-\fB-l\fR [\fIsearch expression\fR]
+\fB\-l\fR [\fIsearch expression\fR]
 Enable
 ``list mode''.
 In this mode,
@@ -216,16 +219,16 @@ unless separated by an
 \fIor\fR.
 .PP
 .RE
-.sp -1v
+.PD 0
 .TP 14n
-\fB-m\fR \fImax_wait\fR
+\fB\-m\fR \fImax_wait\fR
 Specify an upper bound on how long to wait between key presses or output data.
 By default,
 \fBsudoreplay\fR
 will accurately reproduce the delays between key presses or program output.
 However, this can be tedious when the session includes long pauses.
 When the
-\fB-m\fR
+\fB\-m\fR
 option is specified,
 \fBsudoreplay\fR
 will limit these pauses to at most
@@ -233,8 +236,9 @@ will limit these pauses to at most
 seconds.
 The value may be specified as a floating point number, e.g.\&
 \fI2.5\fR.
 .PD
 .TP 14n
-\fB-s\fR \fIspeed_factor\fR
+\fB\-s\fR \fIspeed_factor\fR
 This option causes
 \fBsudoreplay\fR
 to adjust the number of seconds it will wait between key presses or
@@ -250,9 +254,9 @@ of
 \fI.5\fR
 would make the output twice as slow.
 .TP 14n
-\fB-V\fR
+\fB\-V\fR
 The
-\fB-V\fR (\fIversion\fR)
+\fB\-V\fR (\fIversion\fR)
 option causes
 \fBsudoreplay\fR
 to print its version number
--- a/doc/visudo.man.in
+++ b/doc/visudo.man.in
@@ -22,14 +22,16 @@
 .\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
 .\"
 .TH "VISUDO" "@mansectsu@" "July 12, 2012" "1.8.6" "System Manager's Manual"
 .nh
 .if n .ad l
 .SH "NAME"
 \fBvisudo\fR
 \- edit the sudoers file
 .SH "SYNOPSIS"
 .HP 7n
 \fBvisudo\fR
-[\fB-chqsV\fR]
+[\fB\-chqsV\fR]
-[\fB-f\fR\~\fIsudoers\fR]
+[\fB\-f\fR\ \fIsudoers\fR]
 .SH "DESCRIPTION"
 \fBvisudo\fR
 edits the
@@ -123,7 +125,7 @@ the line where the error occurred (if the editor supports this feature).
 accepts the following command line options:
 accepts the following command line options:
 .TP 12n
-\fB-c\fR
+\fB\-c\fR
 Enable
 \fIcheck-only\fR
 mode.
@@ -134,7 +136,7 @@ checked for syntax errors, owner and mode.
 A message will be printed to the standard output describing the status of
 \fIsudoers\fR
 unless the
-\fB-q\fR
+\fB\-q\fR
 option was specified.
 If the check completes successfully,
 \fBvisudo\fR
@@ -143,7 +145,8 @@ If an error is encountered,
 \fBvisudo\fR
 will exit with a value of 1.
 .TP 12n
-\fB-f\fR \fIsudoers\fR
+\fB\-f\fR \fIsudoers\fR
 .br
 Specify and alternate
 \fIsudoers\fR
 file location.
@@ -162,32 +165,32 @@ appended to it.
 In
 \fIcheck-only\fR
 mode only, the argument to
-\fB-f\fR
+\fB\-f\fR
 may be
 `-',
 indicating that
 \fIsudoers\fR
 will be read from the standard input.
 .TP 12n
-\fB-h\fR
+\fB\-h\fR
 The
-\fB-h\fR (\fIhelp\fR)
+\fB\-h\fR (\fIhelp\fR)
 option causes
 \fBvisudo\fR
 to print a short help message
 to the standard output and exit.
 .TP 12n
-\fB-q\fR
+\fB\-q\fR
 Enable
 \fIquiet\fR
 mode.
 In this mode details about syntax errors are not printed.
 This option is only useful when combined with
 the
-\fB-c\fR
+\fB\-c\fR
 option.
 .TP 12n
-\fB-s\fR
+\fB\-s\fR
 Enable
 \fIstrict\fR
 checking of the
@@ -202,9 +205,9 @@ letters, digits, and the underscore
 (`_')
 character.
 .TP 12n
-\fB-V\fR
+\fB\-V\fR
 The
-\fB-V\fR (\fIversion\fR)
+\fB\-V\fR (\fIversion\fR)
 option causes
 \fBvisudo\fR
 to print its version number
@@ -262,7 +265,7 @@ In the latter case, you can ignore the warnings
 will not complain)
 \&.
 In
-\fB-s\fR
+\fB\-s\fR
 (strict) mode these are errors, not warnings.
 .TP 6n
 \fRWarning: unused {User,Runas,Host,Cmnd}_Alias\fR
@@ -270,7 +273,7 @@ The specified {User,Runas,Host,Cmnd}_Alias was defined but never
 used.
 You may wish to comment out or remove the unused alias.
 In
-\fB-s\fR
+\fB\-s\fR
 (strict) mode this is an error, not a warning.
 .TP 6n
 \fRWarning: cycle in {User,Runas,Host,Cmnd}_Alias\fR