Merge tag 'misc-next-pull-request' of https://gitlab.com/berrange/qemu into staging

 * Document 'password-secret' option for -iscsi
 * Deprecate iSCSI 'password' in favour of 'password-secret'
 * Remove deprecated 'password' option for SPICE
 * Fix handling of cached read buffers with TLS

# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCAAdFiEE2vOm/bJrYpEtDo4/vobrtBUQT98FAmPtGoUACgkQvobrtBUQ
# T99RsA/7BQqQCyZcpTxYXYnGace4qnVx/VQLX7gESjnbsXlA0qUAtxepg2YdsU3W
# GxyZHflP48TesSAsxsA9sBwoFaJZvsq+fZnq62clNNiZTIRynSi65KVUdbqQ/a3F
# 3A9XZlqLzXJMPpwyowzcjMCx+/4+cIr9DA0hKUzQJtNder1I17ySXFGGsO98iM24
# KR/Pulk2NogWLez1Tr7qF01+OK8/cBPpD/QEHzKXsyVcbgnFLFnBIpbpLtlK4BEb
# g6csk665kbWZXud25YXdyG9pUPOrNM4l+7fQcDhjy3IoS2P6/bCTp1jsn3txTbEj
# yTKFJEEM18UWNQCvn4wyHiRCK6+KrFigocdj0jdsyG5DtNUTxqNkdscJa8V/d0hR
# 4y56Z33yK5JQIPaHE28f5vy/w2014hUoqpoYHt4JOeUuUJq9tvMqY6TCThc3ZvvP
# 08DF/0MwIj0NzP5hiEtNxUwFNjwmVRZCSzmNX+22SXOlICwZeQpejwtpEz8YMgDo
# S4vEUjhcNYXoTkL6qZFfBuwn1Gkqqg1DRx8amh3WTB7JDiFA9YwefmBiblAqEK0D
# AG1vPo53uHFytoYqMtsEI/JVE7wfZCBHGBXz2euOOKzUqWS0OGL0h71s5D0yDY+U
# /8YBy86qj7Vm7QuUz+Z2OaWH+miXYy8/kMjdfEcGgqbORReZWrI=
# =sAEk
# -----END PGP SIGNATURE-----
# gpg: Signature made Wed 15 Feb 2023 17:46:45 GMT
# gpg:                using RSA key DAF3A6FDB26B62912D0E8E3FBE86EBB415104FDF
# gpg: Good signature from "Daniel P. Berrange <dan@berrange.com>" [full]
# gpg:                 aka "Daniel P. Berrange <berrange@redhat.com>" [full]
# Primary key fingerprint: DAF3 A6FD B26B 6291 2D0E  8E3F BE86 EBB4 1510 4FDF

* tag 'misc-next-pull-request' of https://gitlab.com/berrange/qemu:
  ui: remove deprecated 'password' option for SPICE
  block: deprecate iSCSI 'password' in favour of 'password-secret'
  block: mention 'password-secret' option for -iscsi
  io/channel-tls: fix handling of bigger read buffers
  crypto: TLS: introduce `check_pending`

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

2 files changed, 15 insertions, 8 deletions

diff --git a/docs/about/deprecated.rst b/docs/about/deprecated.rst
index cb1ec72..2827b0c 100644
--- a/docs/about/deprecated.rst
+++ b/docs/about/deprecated.rst
@@ -66,14 +66,6 @@ and will cause a warning.
 The replacement for the ``nodelay`` short-form boolean option is ``nodelay=on``
 rather than ``delay=off``.
 
-``-spice password=string`` (since 6.0)
-''''''''''''''''''''''''''''''''''''''
-
-This option is insecure because the SPICE password remains visible in
-the process listing. This is replaced by the new ``password-secret``
-option which lets the password be securely provided on the command
-line using a ``secret`` object instance.
-
 ``-smp`` ("parameter=0" SMP configurations) (since 6.2)
 '''''''''''''''''''''''''''''''''''''''''''''''''''''''
 
@@ -301,6 +293,14 @@ The above, converted to the current supported format::
 
   json:{"file.driver":"rbd", "file.pool":"rbd", "file.image":"name"}
 
+``iscsi,password=xxx`` (since 8.0)
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+Specifying the iSCSI password in plain text on the command line using the
+``password`` option is insecure. The ``password-secret`` option should be
+used instead, to refer to a ``--object secret...`` instance that provides
+a password via a file, or encrypted.
+
 Backwards compatibility
 -----------------------
 
diff --git a/docs/about/removed-features.rst b/docs/about/removed-features.rst
index 4a84e61..e901637 100644
--- a/docs/about/removed-features.rst
+++ b/docs/about/removed-features.rst
@@ -428,6 +428,13 @@ respectively. The actual backend names should be used instead.
 Use ``-drive if=pflash`` to configure the OTP device of the sifive_u
 RISC-V machine instead.
 
+``-spice password=string`` (removed in 8.0)
+'''''''''''''''''''''''''''''''''''''''''''
+
+This option was insecure because the SPICE password remained visible in
+the process listing. This was replaced by the new ``password-secret``
+option which lets the password be securely provided on the command
+line using a ``secret`` object instance.
 
 QEMU Machine Protocol (QMP) commands
 ------------------------------------