fix(opensc): CVE-2026-10275

[deepin-ci-robot]

CVE 修复

CVE ID: CVE-2026-10275

漏洞描述: OpenSC pkcs11-tool 中的 test_kpgen_certwrite 函数在处理 PKCS#11 模块或智能卡返回的 CKA_ID 属性时，未进行边界检查即将数据复制到固定的 100 字节全局缓冲区 opt_object_id，导致全局缓冲区溢出。

修复方案: 在 memcpy 前添加长度校验，如果返回的 CKA_ID 长度超过目标缓冲区大小（100字节），则报错退出。

受影响版本: OpenSC <= 0.26.1

当前版本: 0.25.1-1deepin5

验证状态: patch 已验证

---

Fix-Approach: patch
Generated by: CVE-Fixer Agent
Co-Authored-By: hudeng hudeng@deepin.org

[deepin-ci-robot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign zccrs for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• https:/raw.githubusercontent.com/deepin-community/template-repository/master/debian/deepin/OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[github-actions]

TAG Bot

TAG: 0.25.1-1deepin6
EXISTED: no
DISTRIBUTION: unstable

[hudeng-go]

patch内容和标注的上游不一致，原因为上游版本与当前差异比较大，是正常的。

[hudeng-go]

/integrate

[github-actions]

AutoIntegrationPr Bot
auto integrate with pr url: deepin-community/Repository-Integration#4162
PrNumber: 4162
PrBranch: auto-integration-27731047231