[AUTOPATCHER-CORE] Upgrade opensc to 0.26.1 for fixing multiple CVEs

[CBL-Mariner-Bot]

[AUTOPATCHER-CORE] Upgrade opensc to 0.26.1 for fixing Multiple CVEs
Upgrade pipeline run -> https://dev.azure.com/mariner-org/mariner/_build/results?buildId=832115&view=results

buddy build -> https://dev.azure.com/mariner-org/mariner/_build/results?buildId=832116&view=results

CVEs

CVE-2024-45615: Usage of uninitialized values in libopensc and pkcs15init (#3225)
CVE-2024-45616: Uninitialized values after incorrect check or usage of APDU response values in libopensc (#3225)
CVE-2024-45617: Uninitialized values after incorrect or missing checking return values of functions in libopensc (#3225)
CVE-2024-45618: Uninitialized values after incorrect or missing checking return values of functions in pkcs15init (#3225)
CVE-2024-45619: Incorrect handling length of buffers or files in libopensc (#3225)
CVE-2024-45620: Incorrect handling of the length of buffers or files in pkcs15init (#3225)
CVE-2024-8443: Heap buffer overflow in OpenPGP driver when generating key (#3219)

[kgodara912]

PR checks are failing because access issues.
There are multiple CVEs/bugs fixed as part of upgrade to 0.26.1. Each CVE has multiple fuzz checker PRs which makes porting time consuming process. Hence upgrading version of OpenSC to address all the CVEs.
Release notes: OpenSC 0.26.0 and OpenSC 0.26.1. License file issue will try to fix.

Buddy build

[Kanishk-Bansal]

Upon re ran, all checks passed

Buddy Build

[LeoMar4]

PR checks are failing because access issues. There are multiple CVEs/bugs fixed as part of upgrade to 0.26.1. Each CVE has multiple fuzz checker PRs which makes porting time consuming process. Hence upgrading version of OpenSC to address all the CVEs. Release notes: OpenSC 0.26.0 and OpenSC 0.26.1. License file issue will try to fix.

Buddy build

@kgodara912 As per 0.26.0 version up release notes, can you confirm if any ABI breaks as it looks like many changes related to security areas depending on openssl, pkcs-tool and others.

[Kanishk-Bansal]

I have initiated a Full Build

[0xba1a]

@LeoMar4 will take the stable-maintainer review as he already started reviewing this PR.

[kgodara912]

@LeoMar4, As per the release notes descriptions, following are the changes which may seem like breaking compatibility. As per the documentation of the bugs, they don't seem to break backward compatibility.

1. Extend the p11test to support kryoptic OpenSC/OpenSC#3141 -> "This mostly fixes some corner case of the p11test"
2. Normalize logging of OpenSSL errors  OpenSC/OpenSC#2922 -> Logging unification
3. feat(pkcs11-tool): don't limit object size to 5000 bytes OpenSC/OpenSC#3174 -> Removing limitation so should enhance the compatibility
4. pkcs15-jpki.c - minidriver problem with reading public key OpenSC/OpenSC#3182 -> Bug fix.

The following two changes may break ABI
OpenSC/OpenSC#3109

The V1.8 applet has a few differences to the older applets. This causes the OpenSC PKCS#11 module to not be able to sign anything with the Belpic driver on this card.

While the best solution is to implement the required changes to make this work correctly, for the time being it's better to not confuse users by claiming we support the card when in reality we don't.

OpenSC/OpenSC#3152 -> If previously someone was using this CARD, then it may break for them, but these cards seem obsolete and no reference I could get for purchasing them.

This PR deactivates card-mcrd driver due to no recent user or developer activity.
The only recent changes in the driver concerns EstEID card, which support was removed in https://github.com/OpenSC/OpenSC/commit/7c19a920d7c94efa3695967b61d6981900503218. For further usage, the driver can be enabled via card_drivers in configuration file.

From the documentation, I think it can be merged and if any historical issue comes, we can address them by reverting.

PR checks and full build has no failures, and all the packages built fine.