fix: enhance build security hardening

1. Added security hardening compiler flags in debian/rules including
stack protection and RELRO
2. Removed redundant linker flag from dtkgui.cmake that was already set
in debian/rules
3. Consolidated security-related build flags in debian/rules for better
maintainability
4. The changes improve binary security against common exploits while
maintaining compatibility

fix: 增强构建安全加固

1. 在debian/rules中添加了安全加固编译标志，包括栈保护和RELRO
2. 从dtkgui.cmake中移除了已在debian/rules中设置的冗余链接器标志
3. 将安全相关的构建标志整合到debian/rules中以提高可维护性
4. 这些改动提高了二进制文件对常见漏洞攻击的防护能力，同时保持兼容性

Author: 18202781743

debian/rules

@@ -3,6 +3,12 @@ DPKG_EXPORT_BUILDFLAGS = 1
 include /usr/share/dpkg/default.mk
 export QT_SELECT = qt5
 
+# 安全编译参数
+export DEB_BUILD_MAINT_OPTIONS = hardening=+all
+export DEB_CFLAGS_MAINT_APPEND = -Wall
+export DEB_CXXFLAGS_MAINT_APPEND = -Wall
+export DEB_LDFLAGS_MAINT_APPEND = -Wl,--as-needed -Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack -Wl,-E
+
 DEB_HOST_MULTIARCH ?= $(shell dpkg-architecture -qDEB_HOST_MULTIARCH)
 
 VERSION = $(DEB_VERSION_UPSTREAM)

dtkgui.cmake

@@ -43,7 +43,6 @@ set(CONFIG_INSTALL_DIR "${CMAKE_INSTALL_LIBDIR}/cmake/Dtk${DTK_VERSION_MAJOR}Gui
 set(PKGCONFIG_INSTALL_DIR "${CMAKE_INSTALL_LIBDIR}/pkgconfig")
 
 set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fPIC -Wall -Wextra -fopenmp")
-set(CMAKE_SHARED_LINKER_FLAGS "${CMAKE_SHARED_LINKER_FLAGS} -Wl,--as-needed")
 set(CMAKE_EXE_LINKER_FLAGS  "${CMAKE_EXE_LINKER_FLAGS} -pie")
 if (CMAKE_BUILD_TYPE STREQUAL "Debug")
     set(BUILD_TESTING ON)