[rdiff-backup-users] Change to librsync

[Frank Crawford]

Folks,

By the looks of it, the following security change to librsync will have
some effect on rdiff-backup:

====
Changes in librsync 1.0.0 (2015-01-23)

* SECURITY: CVE-2014-8242: librsync previously used a truncated MD4
"strong" check sum to match blocks. However, MD4 is not
cryptographically strong. It's possible that an attacker who can control
the contents of one part of a file could use it to control other regions
of the file, if it's transferred using librsync/rdiff. For example this
might occur in a database, mailbox, or VM image containing some
attacker-controlled data.

To mitigate this issue, signatures will by default be computed with a
256-bit BLAKE2 hash. Old versions of librsync will complain about a bad
magic number when given these signature files.

Backward compatibility can be obtained using the new
`rdiff sig --hash=md4`
option or through specifying the "signature magic" in the API, but this
should not be used when either the old or new file contain untrusted
data.

Deltas generated from those signatures will also use BLAKE2 during
generation, but produce output that can be read by old versions.

See https://github.com/librsync/librsync/issues/5

Thanks to Michael Samuel <miknet.net> for reporting this and offering an
initial patch.
====

So, does anyone know what the effect will be on rdiff-backup?

Regards
Frank