From 7b6dd54977ce61d6e03dac73a0af949f88a9e50d Mon Sep 17 00:00:00 2001
From: akwizgran <michael@briarproject.org>
Date: Mon, 27 Oct 2025 12:23:37 +0000
Subject: [PATCH] Update Tor, Lyrebird and Bouncy Castle.

The Bouncy Castle update fixes a CVE in Ed25519 signature verification:
https://www.bouncycastle.org/resources/java-release-1-78-1-is-now-available-for-download/
---
 bramble-android/witness.gradle |  2 ++
 bramble-core/witness.gradle    |  2 +-
 briar-headless/witness.gradle  | 14 +++++++-------
 build.gradle                   |  6 +++---
 4 files changed, 13 insertions(+), 11 deletions(-)

diff --git a/bramble-android/witness.gradle b/bramble-android/witness.gradle
index c1f6d3031..790d3dd64 100644
--- a/bramble-android/witness.gradle
+++ b/bramble-android/witness.gradle
@@ -125,9 +125,11 @@ dependencyVerification {
 		'org.apache-extras.beanshell:bsh:2.0b6:bsh-2.0b6.jar:a17955976070c0573235ee662f2794a78082758b61accffce8d3f8aedcd91047',
 		'org.briarproject:dont-kill-me-lib:0.2.8:dont-kill-me-lib-0.2.8.aar:e21173e480ee3f2364c142cc14db8dc6447be91bde9e62e4985c485ea0af9126',
 		'org.briarproject:jtorctl:0.5:jtorctl-0.5.jar:43f8c7d390169772b9a2c82ab806c8414c136a2a8636c555e22754bb7260793b',
+		'org.briarproject:lyrebird-android:0.6.2:lyrebird-android-0.6.2.jar:2d70a38393ee6f1760a65a33dd971210efa06b5a355ebea829196b61fd9fd11a',
 		'org.briarproject:null-safety:0.1:null-safety-0.1.jar:161760de5e838cb982bafa973df820675d4397098e9a91637a36a306d43ba011',
 		'org.briarproject:onionwrapper-android:0.1.3:onionwrapper-android-0.1.3.aar:15231f0b2ad44df8eb1dd362a989ba3f88ebdc9b02a9128daa72a8da83651bf0',
 		'org.briarproject:onionwrapper-core:0.1.3:onionwrapper-core-0.1.3.jar:32d08c9d81a9591e08d7e64e3569334fee21f503b00514006f2e6cbbd409d0df',
+		'org.briarproject:tor-android:0.4.8.19:tor-android-0.4.8.19.jar:14b52a8b798ba7bd91ce508da39a380de65db5ec79aacec79b05b221d42a116c',
 		'org.checkerframework:checker-compat-qual:2.5.5:checker-compat-qual-2.5.5.jar:11d134b245e9cacc474514d2d66b5b8618f8039a1465cdc55bbc0b34e0008b7a',
 		'org.checkerframework:checker-qual:3.33.0:checker-qual-3.33.0.jar:e316255bbfcd9fe50d165314b85abb2b33cb2a66a93c491db648e498a82c2de1',
 		'org.checkerframework:checker-qual:3.41.0:checker-qual-3.41.0.jar:2f9f245bf68e4259d610894f2406dc1f6363dc639302bd566e8272e4f4541172',
diff --git a/bramble-core/witness.gradle b/bramble-core/witness.gradle
index 90ea85c1d..fc938110f 100644
--- a/bramble-core/witness.gradle
+++ b/bramble-core/witness.gradle
@@ -31,7 +31,7 @@ dependencyVerification {
 		'net.ltgt.gradle.incap:incap:0.2:incap-0.2.jar:b625b9806b0f1e4bc7a2e3457119488de3cd57ea20feedd513db070a573a4ffd',
 		'org.apache-extras.beanshell:bsh:2.0b6:bsh-2.0b6.jar:a17955976070c0573235ee662f2794a78082758b61accffce8d3f8aedcd91047',
 		'org.bitlet:weupnp:0.1.4:weupnp-0.1.4.jar:88df7e6504929d00bdb832863761385c68ab92af945b04f0770b126270a444fb',
-		'org.bouncycastle:bcprov-jdk15to18:1.71:bcprov-jdk15to18-1.71.jar:143aaa4a40edd5fc2a18db7900059f6c16f4d931b94b94b20f7e2238e6662886',
+		'org.bouncycastle:bcprov-jdk15to18:1.82:bcprov-jdk15to18-1.82.jar:9c9ccecb08a0b00bd2a74afa6567d81d61a02bba1364f24e33fa0c4c1e929821',
 		'org.briarproject:jtorctl:0.5:jtorctl-0.5.jar:43f8c7d390169772b9a2c82ab806c8414c136a2a8636c555e22754bb7260793b',
 		'org.briarproject:null-safety:0.1:null-safety-0.1.jar:161760de5e838cb982bafa973df820675d4397098e9a91637a36a306d43ba011',
 		'org.briarproject:onionwrapper-core:0.1.3:onionwrapper-core-0.1.3.jar:32d08c9d81a9591e08d7e64e3569334fee21f503b00514006f2e6cbbd409d0df',
diff --git a/briar-headless/witness.gradle b/briar-headless/witness.gradle
index fa9b4660e..35dff9ce4 100644
--- a/briar-headless/witness.gradle
+++ b/briar-headless/witness.gradle
@@ -37,17 +37,17 @@ dependencyVerification {
 		'net.java.dev.jna:jna:5.13.0:jna-5.13.0.jar:66d4f819a062a51a1d5627bffc23fac55d1677f0e0a1feba144aabdd670a64bb',
 		'net.ltgt.gradle.incap:incap:0.2:incap-0.2.jar:b625b9806b0f1e4bc7a2e3457119488de3cd57ea20feedd513db070a573a4ffd',
 		'org.apiguardian:apiguardian-api:1.1.0:apiguardian-api-1.1.0.jar:a9aae9ff8ae3e17a2a18f79175e82b16267c246fbbd3ca9dfbbb290b08dcfdd4',
-		'org.bouncycastle:bcprov-jdk15to18:1.71:bcprov-jdk15to18-1.71.jar:143aaa4a40edd5fc2a18db7900059f6c16f4d931b94b94b20f7e2238e6662886',
+		'org.bouncycastle:bcprov-jdk15to18:1.82:bcprov-jdk15to18-1.82.jar:9c9ccecb08a0b00bd2a74afa6567d81d61a02bba1364f24e33fa0c4c1e929821',
 		'org.briarproject:jtorctl:0.5:jtorctl-0.5.jar:43f8c7d390169772b9a2c82ab806c8414c136a2a8636c555e22754bb7260793b',
-		'org.briarproject:lyrebird-linux:0.5.0-3:lyrebird-linux-0.5.0-3.jar:a89534474556a64c1c965a1816332a6c8bb9f2cffc0d9b533467b9e93d35804f',
-		'org.briarproject:lyrebird-macos:0.5.0-3:lyrebird-macos-0.5.0-3.jar:f9696261bd17c8d8b4080dca955576390376aac3a0601b3776c6da63199303a0',
-		'org.briarproject:lyrebird-windows:0.5.0-3:lyrebird-windows-0.5.0-3.jar:ef2fa77b00b6deeeb30ab7b261ed488cb9463ca3ab83e4cca4f7e26a30eca1b5',
+		'org.briarproject:lyrebird-linux:0.6.2:lyrebird-linux-0.6.2.jar:22afb88d967fe198821fc19859227552e00eee40c361acbb35bf44dfaa4bebcf',
+		'org.briarproject:lyrebird-macos:0.6.2:lyrebird-macos-0.6.2.jar:b56427b8a88de6c5eed153f890e87225ee4f33748a0359350248f0c9e32a73e0',
+		'org.briarproject:lyrebird-windows:0.6.2:lyrebird-windows-0.6.2.jar:13ba4d1a5f709aa4007dc16523515d528c01b86ad0c77a059657416f8ed2fbef',
 		'org.briarproject:null-safety:0.1:null-safety-0.1.jar:161760de5e838cb982bafa973df820675d4397098e9a91637a36a306d43ba011',
 		'org.briarproject:onionwrapper-core:0.1.3:onionwrapper-core-0.1.3.jar:32d08c9d81a9591e08d7e64e3569334fee21f503b00514006f2e6cbbd409d0df',
 		'org.briarproject:onionwrapper-java:0.1.3:onionwrapper-java-0.1.3.jar:a6bc535e8ea55e567c932f23123eabd10ad53251d3a1e5648960b177e7ab209b',
-		'org.briarproject:tor-linux:0.4.8.14:tor-linux-0.4.8.14.jar:53f44e6719a01689f0980055bef5ffa3ee8148215dafab2a592ee693e9c2e335',
-		'org.briarproject:tor-macos:0.4.8.14:tor-macos-0.4.8.14.jar:db2a9ce7581c8d4723aa23ac13a0a2628ad37e0d638b34ff1bbf3d1cb91cdd41',
-		'org.briarproject:tor-windows:0.4.8.14:tor-windows-0.4.8.14.jar:3fc480854850d48f58c957242fdd3124501bd65806d54a339672ae67015f0677',
+		'org.briarproject:tor-linux:0.4.8.19:tor-linux-0.4.8.19.jar:a79b992d4810bfc224c14fe0bcf0b581cd2cc4d9215781c607748a39b88c8f45',
+		'org.briarproject:tor-macos:0.4.8.19:tor-macos-0.4.8.19.jar:86396e70fc2469afd7f26efee68fe0c60e974145ad54637ba181017a86c5b23f',
+		'org.briarproject:tor-windows:0.4.8.19:tor-windows-0.4.8.19.jar:f4fbcc8038badb4f71e2aba7dc289664f23c0836ee71775359ca093f77e2a266',
 		'org.checkerframework:checker-compat-qual:2.5.5:checker-compat-qual-2.5.5.jar:11d134b245e9cacc474514d2d66b5b8618f8039a1465cdc55bbc0b34e0008b7a',
 		'org.checkerframework:checker-qual:3.41.0:checker-qual-3.41.0.jar:2f9f245bf68e4259d610894f2406dc1f6363dc639302bd566e8272e4f4541172',
 		'org.eclipse.jetty.websocket:websocket-api:9.4.20.v20190813:websocket-api-9.4.20.v20190813.jar:779a29060cc17bdeeeba147efc884ebff972cfff93dad2d37b11c93f95d4f67b',
diff --git a/build.gradle b/build.gradle
index 99563ad84..8bcce6581 100644
--- a/build.gradle
+++ b/build.gradle
@@ -29,10 +29,10 @@ buildscript {
 		dagger_version = "2.51.1"
 		okhttp_version = "4.12.0"
 		jackson_version = "2.13.4"
-		tor_version = "0.4.8.14"
-		lyrebird_version = "0.5.0-3"
+		tor_version = "0.4.8.19"
+		lyrebird_version = "0.6.2"
 		jsoup_version = '1.15.3'
-		bouncy_castle_version = '1.71' // 1.72 accidentally depends on Java 7
+		bouncy_castle_version = '1.82'
 		junit_version = "4.13.2"
 		jmock_version = '2.12.0'
 		mockwebserver_version = '4.10.0'