fix: enhance build security hardening#328
Merged
deepin-bot[bot] merged 1 commit intolinuxdeepin:masterfrom Jul 3, 2025
Merged
Conversation
deepin-ci-robot
added a commit
to linuxdeepin/dtk6gui
that referenced
this pull request
Jul 3, 2025
Synchronize source files from linuxdeepin/dtkgui. Source-pull-request: linuxdeepin/dtkgui#328
Contributor
|
Warning
详情 {
"export": {
"debian/rules": {
"b": [
"export DEB_BUILD_MAINT_OPTIONS = hardening=+all",
"export DEB_CFLAGS_MAINT_APPEND = -fstack-protector-all -Wall",
"export DEB_CXXFLAGS_MAINT_APPEND = -fstack-protector-all -Wall",
"export DEB_LDFLAGS_MAINT_APPEND = -Wl,--as-needed -Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack -Wl,-E"
]
}
}
} |
1. Added security hardening compiler flags in debian/rules including stack protection and RELRO 2. Removed redundant linker flag from dtkgui.cmake that was already set in debian/rules 3. Consolidated security-related build flags in debian/rules for better maintainability 4. The changes improve binary security against common exploits while maintaining compatibility fix: 增强构建安全加固 1. 在debian/rules中添加了安全加固编译标志,包括栈保护和RELRO 2. 从dtkgui.cmake中移除了已在debian/rules中设置的冗余链接器标志 3. 将安全相关的构建标志整合到debian/rules中以提高可维护性 4. 这些改动提高了二进制文件对常见漏洞攻击的防护能力,同时保持兼容性
Contributor
|
Warning
详情 {
"export": {
"debian/rules": {
"b": [
"export DEB_BUILD_MAINT_OPTIONS = hardening=+all",
"export DEB_CFLAGS_MAINT_APPEND = -Wall",
"export DEB_CXXFLAGS_MAINT_APPEND = -Wall",
"export DEB_LDFLAGS_MAINT_APPEND = -Wl,--as-needed -Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack -Wl,-E"
]
}
}
} |
deepin-ci-robot
added a commit
to linuxdeepin/dtk6gui
that referenced
this pull request
Jul 3, 2025
Synchronize source files from linuxdeepin/dtkgui. Source-pull-request: linuxdeepin/dtkgui#328
Contributor
deepin pr auto review关键摘要:
是否建议立即修改:
|
mhduiy
approved these changes
Jul 3, 2025
Contributor
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: 18202781743, mhduiy The full list of commands accepted by this bot can be found here. DetailsNeeds approval from an approver in each of these files:Approvers can indicate their approval by writing |
Contributor
Author
|
/forcemerge |
Contributor
|
This pr force merged! (status: blocked) |
18202781743
pushed a commit
to linuxdeepin/dtk6gui
that referenced
this pull request
Jul 3, 2025
Synchronize source files from linuxdeepin/dtkgui. Source-pull-request: linuxdeepin/dtkgui#328
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
stack protection and RELRO
in debian/rules
maintainability
maintaining compatibility
fix: 增强构建安全加固