From 1fab5892b5c07ad56c2d2fd7b6f28b2755b3d9e6 Mon Sep 17 00:00:00 2001
From: Michael Eischer <michael.eischer@fau.de>
Date: Mon, 16 Aug 2021 17:42:16 +0200
Subject: [PATCH 1/2] Add changelog for #3429

---
 changelog/unreleased/pull-3429 | 12 ++++++++++++
 1 file changed, 12 insertions(+)
 create mode 100644 changelog/unreleased/pull-3429

diff --git a/changelog/unreleased/pull-3429 b/changelog/unreleased/pull-3429
new file mode 100644
index 000000000..6c2d4abaf
--- /dev/null
+++ b/changelog/unreleased/pull-3429
@@ -0,0 +1,12 @@
+Enhancement: Verify that new or modified keys were stored correctly
+
+When adding a new key or changing the password of a key, restic just created the
+new key (and removed the old one, when changing the password). There was no
+verification that the new key was stored correctly and that it work. As the
+repository cannot be decrypted without a valid key file, this could in rare
+cases cause the repository to become inaccessible.
+
+We have added a check that the new key actually works before continuing. This
+can protect against some (rare) cases of hardware or storage problems.
+
+https://github.com/restic/restic/pull/3429

From 5e84f38f3122ac327801bb7df04fc2091697e7c8 Mon Sep 17 00:00:00 2001
From: Michael Eischer <michael.eischer@fau.de>
Date: Mon, 16 Aug 2021 18:01:02 +0200
Subject: [PATCH 2/2] Add changelog for #3246

---
 changelog/unreleased/issue-2202 | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)
 create mode 100644 changelog/unreleased/issue-2202

diff --git a/changelog/unreleased/issue-2202 b/changelog/unreleased/issue-2202
new file mode 100644
index 000000000..6e7543e83
--- /dev/null
+++ b/changelog/unreleased/issue-2202
@@ -0,0 +1,17 @@
+Enhancement: Add upload checksum for azure, gs, s3 and swift backends
+
+Up to now only the B2 backend and partially the Swift backend verified the
+integrity of uploaded (encrypted) files. The verification works by informing
+the backend about the expected hash of the uploaded file. This allows the
+backend to verify the upload and thereby rules out any data corruption during
+upload.
+
+We have added upload checksums for the azure, gs, s3 and swift backends.
+
+Restic can now be used to store backups in S3 buckets which have Object Lock
+enabled.
+
+https://github.com/restic/restic/issues/2202
+https://github.com/restic/restic/issues/2700
+https://github.com/restic/restic/issues/3023
+https://github.com/restic/restic/pull/3246