doc: Fix spelling errors found by lintian.

--

Reported-by: Andreas Metzler <ametzler@debian.org>

NEWS

@@ -1398,7 +1398,7 @@ Noteworthy changes in version 2.3.0 (2021-04-07)
   Changes also found in 2.2.12:
 
   * tools: New commands --install-key and --remove-key for
-    gpg-wks-client.  This allows to prepare a Web Key Directory on a
+    gpg-wks-client.  This allows one to prepare a Web Key Directory on a
     local file system for later upload to a web server.
 
   * gpg: New --list-option "show-only-fpr-mbox".  This makes the use
@@ -1442,7 +1442,7 @@ Noteworthy changes in version 2.3.0 (2021-04-07)
     query.
 
   * gpg: Do not store the TOFU trust model in the trustdb.  This
-    allows to enable or disable a TOFO model without triggering a
+    allows one to enable or disable a TOFO model without triggering a
     trustdb rebuild.  [#4134]
 
   * scd: Fix cases of "Bad PIN" after using "forcesig".  [#4177]
@@ -1861,7 +1861,7 @@ Noteworthy changes in version 2.1.23 (2017-08-09)
     to your gpg.conf.
 
   * agent: Option --no-grab is now the default.  The new option --grab
-    allows to revert this.
+    allows one to revert this.
 
   * gpg: New import option "show-only".
 
@@ -2991,7 +2991,7 @@ Noteworthy changes in version 2.1.0 (2014-11-06)
  * gpg: Allow use of Brainpool curves.
 
  * gpg: Accepts a space separated fingerprint as user ID.  This
-   allows to copy and paste the fingerprint from the key listing.
+   allows one to copy and paste the fingerprint from the key listing.
 
  * gpg: The hash algorithm is now printed for signature records in key
    listings.
@@ -3771,7 +3771,7 @@ Noteworthy changes in version 1.9.10 (2004-07-22)
 
  * Fixed a serious bug in the checking of trusted root certificates.
 
- * New configure option --enable-agent-pnly allows to build and
+ * New configure option --enable-agent-only allows one to build and
    install just the agent.
 
  * Fixed a problem with the log file handling.
@@ -4166,7 +4166,7 @@ Noteworthy changes in version 1.1.92 (2002-09-11)
       extension specified with --load-extension are checked, along
       with their enclosing directories.
 
-    * The configure option --with-static-rnd=auto allows to build gpg
+    * The configure option --with-static-rnd=auto allows one to build gpg
       with all available entropy gathering modules included.  At
       runtime the best usable one will be selected from the list
       linux, egd, unix.  This is also the default for systems lacking
@@ -4549,7 +4549,7 @@ Noteworthy changes in version 1.0.2 (2000-07-12)
     * New command --export-secret-subkeys which outputs the
       the _primary_ key with it's secret parts deleted.  This is
       useful for automated decryption/signature creation as it
-      allows to keep the real secret primary key offline and
+      allows one to keep the real secret primary key offline and
       thereby protecting the key certificates and allowing to
       create revocations for the subkeys.  See the FAQ for a
       procedure to install such secret keys.

common/compliance.c

@@ -41,7 +41,7 @@ static int initialized;
 static int module;
 
 /* This value is used by DSA and RSA checks in addition to the hard
- * coded length checks.  It allows to increase the required key length
+ * coded length checks.  It allows one to increase the required key length
  * using a confue file.  */
 static unsigned int min_compliant_rsa_length;
 

common/tlv.c

@@ -152,7 +152,7 @@ find_tlv_unchecked (const unsigned char *buffer, size_t length,
 /* ASN.1 BER parser: Parse BUFFER of length SIZE and return the tag
  * and the length part from the TLV triplet.  Update BUFFER and SIZE
  * on success.  Note that this function does not check that the value
- * fits into the provided buffer; this allows to work on the TL part
+ * fits into the provided buffer; this allows one to work on the TL part
  * of a TLV. */
 gpg_error_t
 parse_ber_header (unsigned char const **buffer, size_t *size,

dirmngr/dirmngr_ldap.c

@@ -107,7 +107,7 @@ static gpgrt_opt_t opts[] = {
                                " a record oriented format"},
   { oProxy,    "proxy",     2,
                 "|NAME|ignore host part and connect through NAME"},
-  { oStartTLS, "starttls",  0, "use STARTLS for the conenction"},
+  { oStartTLS, "starttls",  0, "use STARTLS for the connection"},
   { oLdapTLS,  "ldaptls",   0, "use a TLS for the connection"},
   { oNtds,     "ntds",      0, "authenticate using AD"},
   { oARecOnly, "areconly",  0, "do only an A record lookup"},

dirmngr/http.c

@@ -2882,7 +2882,7 @@ send_request (ctrl_t ctrl,
 
   if (proxy && proxy->is_http_proxy)
     {
-      use_http_proxy = 1;  /* We want to use a proxy for the conenction.  */
+      use_http_proxy = 1;  /* We want to use a proxy for the connection.  */
       err = connect_server (ctrl,
                             *proxy->uri->host ? proxy->uri->host : "localhost",
                             proxy->uri->port ? proxy->uri->port : 80,
@@ -4411,7 +4411,7 @@ same_host_p (parsed_uri_t a, parsed_uri_t b)
     }
 
   /* Also consider hosts the same if they differ only in a subdomain;
-   * in both direction.  This allows to have redirection between the
+   * in both direction.  This allows one to have redirection between the
    * WKD advanced and direct lookup methods. */
   for (i=0; i < DIM (subdomains); i++)
     {

dirmngr/ks-engine-ldap.c

@@ -605,7 +605,7 @@ interrogate_ldap_dn (LDAP *ldap_conn, const char *basedn_search,
  * including whether to use TLS and the username and password (see
  * ldap_parse_uri for a description of the various fields).  Be
  * default a PGP keyserver is assumed; if GENERIC is true a generic
- * ldap conenction is instead established.
+ * ldap connection is instead established.
  *
  * Returns: The ldap connection handle in *LDAP_CONNP, R_BASEDN is set
  * to the base DN for the PGP key space, several flags will be stored

dirmngr/server.c

@@ -3325,7 +3325,7 @@ dirmngr_status_help (ctrl_t ctrl, const char *text)
 
 
 /* Print a help status line using a printf like format.  The function
- * splits text at LFs.  With CTRL beeing NULL, the function behaves
+ * splits text at LFs.  With CTRL being NULL, the function behaves
  * like log_info.  */
 gpg_error_t
 dirmngr_status_helpf (ctrl_t ctrl, const char *format, ...)

doc/dirmngr.texi

@@ -172,7 +172,7 @@ socket.
 Set compatibility flags to work around certain problems or to emulate
 bugs.  The @var{flags} are given as a comma separated list of flag
 names and are OR-ed together.  The special flag "none" clears the list
-and allows to start over with an empty list.  To get a list of
+and allows one to start over with an empty list.  To get a list of
 available flags the sole word "help" can be used.
 
 @item --faked-system-time @var{epoch}

doc/gpg-agent.texi

@@ -302,7 +302,7 @@ debugging.
 @item --steal-socket
 @opindex steal-socket
 In @option{--daemon} mode, gpg-agent detects an already running
-gpg-agent and does not allow to start a new instance. This option can
+gpg-agent and does not allow one to start a new instance. This option can
 be used to override this check: the new gpg-agent process will try to
 take over the communication sockets from the already running process
 and start anyway.  This option should in general not be used.
@@ -643,7 +643,7 @@ gpg-agent as a replacement for PuTTY's Pageant, the option
 In this mode of operation, the agent does not only implement the
 gpg-agent protocol, but also the agent protocol used by OpenSSH
 (through a separate socket or via Named Pipes) or the protocol used by
-PuTTY.  Consequently, this allows to use the gpg-agent as a drop-in
+PuTTY.  Consequently, this allows one to use the gpg-agent as a drop-in
 replacement for the ssh-agent.
 
 SSH keys, which are to be used through the agent, need to be added to
@@ -693,7 +693,7 @@ The order in which keys are presented to ssh are:
 @item Negative Use-for-ssh values
       If a key file has the attribute "Use-for-ssh" and its value is
       negative, these keys are presented first to ssh.  The negative
-      values are capped at -999 with -999 beeing lower ranked than -1.
+      values are capped at -999 with -999 being lower ranked than -1.
       These values can be used to prefer on-disk keys over keys taken
       from active cards.
 

doc/gpg-card.texi

@@ -226,7 +226,7 @@ OpenPGP or X.509 keys.
 @item LOGIN [--clear] [< @var{file}]
 @opindex login
 Set the login data object of OpenPGP cards.  If @var{file} is given
-the data is is read from that file.  This allows to store binary data
+the data is is read from that file.  This allows one to store binary data
 in the login field.  The option @option{--clear} deletes the login
 data object.
 

doc/gpg.texi

@@ -716,7 +716,7 @@ inserted smartcard, the special string ``card'' can be used for
 will figure them out and creates an OpenPGP key consisting of the
 usual primary key and one subkey.  This works only with certain
 smartcards.  Note that the interactive @option{--full-gen-key} command
-allows to do the same but with greater flexibility in the selection of
+allows one to do the same but with greater flexibility in the selection of
 the smartcard keys.
 
 Note that it is possible to create a primary key and a subkey using
@@ -1947,20 +1947,20 @@ list.  The default is "local,wkd".
 
   @item ntds
   Locate the key using the Active Directory (Windows only).  This
-  method also allows to search by fingerprint using the command
+  method also allows one to search by fingerprint using the command
   @option{--locate-external-key}.  Note that this mechanism is
   actually a shortcut for the mechanism @samp{keyserver} but using
   "ldap:///" as the keyserver.
 
   @item keyserver
-  Locate a key using a keyserver.  This method also allows to search
+  Locate a key using a keyserver.  This method also allows one to search
   by fingerprint using the command @option{--locate-external-key} if
   any of the configured keyservers is an LDAP server.
 
   @item keyserver-URL
   In addition, a keyserver URL as used in the @command{dirmngr}
   configuration may be used here to query that particular keyserver.
-  This method also allows to search by fingerprint using the command
+  This method also allows one to search by fingerprint using the command
   @option{--locate-external-key} if the URL specifies an LDAP server.
 
   @item local
@@ -3151,7 +3151,7 @@ Prompt before overwriting any files.
 Set compatibility flags to work around problems due to non-compliant
 keys or data.  The @var{flags} are given as a comma separated
 list of flag names and are OR-ed together.  The special flag "none"
-clears the list and allows to start over with an empty list.  To get a
+clears the list and allows one to start over with an empty list.  To get a
 list of available flags the sole word "help" can be used.
 
 @item --debug-level @var{level}
@@ -3207,7 +3207,7 @@ and may thus be changed or removed at any time without notice.
 
 @item --debug-allow-large-chunks
 @opindex debug-allow-large-chunks
-To facilitate software tests and experiments this option allows to
+To facilitate software tests and experiments this option allows one to
 specify a limit of up to 4 EiB (@code{--chunk-size 62}).
 
 @item --debug-ignore-expiration
@@ -3646,7 +3646,7 @@ not need to be listed explicitly.
 @opindex allow-weak-key-signatures
 To avoid a minor risk of collision attacks on third-party key
 signatures made using SHA-1, those key signatures are considered
-invalid.  This options allows to override this restriction.
+invalid.  This options allows one to override this restriction.
 
 @item --override-compliance-check
 This was a temporary introduced option and has no more effect.
@@ -4111,7 +4111,7 @@ Operation is further controlled by a few environment variables:
 
   @item GNUPG_EXEC_DEBUG_FLAGS
   @efindex GNUPG_EXEC_DEBUG_FLAGS
-  This variable allows to enable diagnostics for process management.
+  This variable allows one to enable diagnostics for process management.
   A numeric decimal value is expected.  Bit 0 enables general
   diagnostics, bit 1 enables certain warnings on Windows.
 

doc/gpgsm.texi

@@ -767,7 +767,7 @@ is given as fingerprint or keygrip.
 Set compatibility flags to work around problems due to non-compliant
 certificates or data.  The @var{flags} are given as a comma separated
 list of flag names and are OR-ed together.  The special flag "none"
-clears the list and allows to start over with an empty list.  To get a
+clears the list and allows one to start over with an empty list.  To get a
 list of available flags the sole word "help" can be used.
 
 @item --debug-level @var{level}

doc/scdaemon.texi

@@ -309,7 +309,7 @@ with lower priority should be used by default.
 
 @item --application-priority @var{namelist}
 @opindex application-priority
-This option allows to change the order in which applications of a card
+This option allows one to change the order in which applications of a card
 a tried if no specific application was requested.  @var{namelist} is a
 space or comma delimited list of application names.  Unknown names are
 simply skipped.  Applications not mentioned in the list are put in the

doc/tools.texi

@@ -400,7 +400,7 @@ expected in the current GnuPG home directory.  This command is usually
 not required because GnuPG is able to detect and remove stale lock
 files.  Before using the command make sure that the file protected by
 the lock file is actually not in use.  The lock command may be used to
-lock an accidently removed lock file.  Note that the commands have no
+lock an accidentally removed lock file.  Note that the commands have no
 effect on Windows because the mere existence of a lock file does not
 mean that the lock is active.
 

g10/getkey.c

@@ -1921,7 +1921,7 @@ get_pubkey_byfprint_fast (ctrl_t ctrl, PKT_public_key * pk,
  * R_HD may be NULL.  If LOCK is set the handle has been opend in
  * locked mode and keydb_disable_caching () has been called.  On error
  * R_KEYBLOCK is set to NULL but R_HD must be released by the caller;
- * it may have a value of NULL, though.  This allows to do an insert
+ * it may have a value of NULL, though.  This allows one to do an insert
  * operation on a locked keydb handle.  */
 gpg_error_t
 get_keyblock_byfprint_fast (ctrl_t ctrl,

g10/mainproc.c

@@ -898,7 +898,7 @@ proc_encrypted (CTX c, PACKET *pkt)
    * encrypted packet.  */
   literals_seen++;
 
-  /* The --require-compliance option allows to simplify decryption in
+  /* The --require-compliance option allows one to simplify decryption in
    * de-vs compliance mode by just looking at the exit status.  */
   if (opt.flags.require_compliance
       && opt.compliance == CO_DE_VS

scd/app-nks.c

@@ -1613,7 +1613,7 @@ verify_pin (app_t app, int pwid, const char *desc,
   memset (&pininfo, 0, sizeof pininfo);
   pininfo.fixedlen = -1;
 
-  /* FIXME: TCOS allows to read the min. and max. values - do this.  */
+  /* FIXME: TCOS allows one to read the min. and max. values - do this.  */
   if (app->appversion == 15)
     {
       if (app->app_local->active_nks_app == NKS_APP_NKS && pwid == 0x03)

tests/openpgp/README

@@ -99,7 +99,7 @@ suite.
 This envvar gives the root directory of the build tree.  See
 tests/gpgconf.ctl.in for the way we tell the GnuPG components this
 location.  Note that we can't use that envvar directly because this
-would allow user scripts and other software to accidently mess up the
+would allow user scripts and other software to accidentally mess up the
 used components.
 **** argv[0]
 run-tests.scm depends on being able to re-exec gpgscm.  It uses

tools/gpg-card.c

@@ -402,7 +402,7 @@ nullnone (const char *s)
  * success returns 0 and stores the number of bytes read at R_BUFLEN
  * and the address of a newly allocated buffer at R_BUFFER.  A
  * complementary nul byte is always appended to the data but not
- * counted; this allows to pass NULL for R-BUFFER and consider the
+ * counted; this allows one to pass NULL for R-BUFFER and consider the
  * returned data as a string. */
 static gpg_error_t
 get_data_from_file (const char *fname, char **r_buffer, size_t *r_buflen)

tools/watchgnupg.c

@@ -461,7 +461,7 @@ main (int argc, char **argv)
   if (!tcp && argc == 1)
     ;
   else if (tcp && (argc == 1 || argc == 2))
-    ; /* Option --tcp optionally allows to also read from a socket. */
+    ; /* Option --tcp optionally allows one to also read from a socket. */
   else if (!tcp && !argc)
     {
       /* No args given - figure out the socket using gpgconf.  We also