From 0b33c56ef0d810c1e7c7b98c40192caf7f0c726b Mon Sep 17 00:00:00 2001 From: dengzhongyuan Date: Thu, 19 Jun 2025 16:42:42 +0800 Subject: [PATCH 1/2] chore: Update compiler flags for security enhancements - Added -fPIE to QMAKE_CFLAGS and QMAKE_CXXFLAGS for position-independent code. - Ensured consistent security compilation flags across all project files. Log: Update compiler flags for improved security --- src/app/app.pro | 6 +++--- src/libdbm/libdbm.pro | 6 +++--- src/service/service.pro | 6 +++--- src/vendor/src/libxsys/libxsys.pro | 6 +++--- 4 files changed, 12 insertions(+), 12 deletions(-) diff --git a/src/app/app.pro b/src/app/app.pro index d5f43c01..58e6af35 100644 --- a/src/app/app.pro +++ b/src/app/app.pro @@ -4,9 +4,9 @@ TEMPLATE = app TARGET = deepin-boot-maker #添加安全编译参数 -QMAKE_LFLAGS += -z noexecstack -pie -fPIC -z relro -z now -QMAKE_CFLAGS += -fstack-protector-all -QMAKE_CXXFLAGS += -fstack-protector-all +QMAKE_LFLAGS += -z noexecstack -pie -z relro -z now +QMAKE_CFLAGS += -fstack-protector-all -fPIE +QMAKE_CXXFLAGS += -fstack-protector-all -fPIE ## 添加内存泄露检测 #CONFIG(debug, debug|release) { diff --git a/src/libdbm/libdbm.pro b/src/libdbm/libdbm.pro index a7464d03..7e3c7a5f 100644 --- a/src/libdbm/libdbm.pro +++ b/src/libdbm/libdbm.pro @@ -8,9 +8,9 @@ TEMPLATE = lib CONFIG += staticlib c++11 link_pkgconfig #添加安全编译参数 -QMAKE_LFLAGS += -z noexecstack -pie -fPIC -z relro -z now -QMAKE_CFLAGS += -fstack-protector-all -QMAKE_CXXFLAGS += -fstack-protector-all +QMAKE_LFLAGS += -z noexecstack -pie -z relro -z now +QMAKE_CFLAGS += -fstack-protector-all -fPIE +QMAKE_CXXFLAGS += -fstack-protector-all -fPIE diff --git a/src/service/service.pro b/src/service/service.pro index 39528548..ed4361be 100644 --- a/src/service/service.pro +++ b/src/service/service.pro @@ -9,9 +9,9 @@ CONFIG += console link_pkgconfig CONFIG -= app_bundle #添加安全编译参数 -QMAKE_LFLAGS += -z noexecstack -pie -fPIC -z relro -z now -QMAKE_CFLAGS += -fstack-protector-all -QMAKE_CXXFLAGS += -fstack-protector-all +QMAKE_LFLAGS += -z noexecstack -pie -z relro -z now +QMAKE_CFLAGS += -fstack-protector-all -fPIE +QMAKE_CXXFLAGS += -fstack-protector-all -fPIE TEMPLATE = app diff --git a/src/vendor/src/libxsys/libxsys.pro b/src/vendor/src/libxsys/libxsys.pro index 9afb1e83..e1de3620 100644 --- a/src/vendor/src/libxsys/libxsys.pro +++ b/src/vendor/src/libxsys/libxsys.pro @@ -11,9 +11,9 @@ TEMPLATE = lib CONFIG += staticlib #添加安全编译参数 -QMAKE_LFLAGS += -z noexecstack -pie -fPIC -z relro -z now -QMAKE_CFLAGS += -fstack-protector-all -QMAKE_CXXFLAGS += -fstack-protector-all +QMAKE_LFLAGS += -z noexecstack -pie -z relro -z now +QMAKE_CFLAGS += -fstack-protector-all -fPIC +QMAKE_CXXFLAGS += -fstack-protector-all -fPIC DEFINES += QT_MESSAGELOGCONTEXT From c052ecb90e53398ef192968679732f24607d8700 Mon Sep 17 00:00:00 2001 From: dengzhongyuan Date: Thu, 19 Jun 2025 16:44:24 +0800 Subject: [PATCH 2/2] chore(version): bump debian version to 6.0.5 --- debian/changelog | 6 ++++++ src/libdbm/libdbm.pro | 4 ++-- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/debian/changelog b/debian/changelog index 9d68f5af..26718d62 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +deepin-boot-maker (6.0.5) unstable; urgency=medium + + * chore: Update compiler flags for security enhancements + + -- dengzhongyuan Thu, 19 Jun 2025 16:44:18 +0800 + deepin-boot-maker (6.0.4) unstable; urgency=medium * chore: Update dman's resource diff --git a/src/libdbm/libdbm.pro b/src/libdbm/libdbm.pro index 7e3c7a5f..a3f011f6 100644 --- a/src/libdbm/libdbm.pro +++ b/src/libdbm/libdbm.pro @@ -9,8 +9,8 @@ CONFIG += staticlib c++11 link_pkgconfig #添加安全编译参数 QMAKE_LFLAGS += -z noexecstack -pie -z relro -z now -QMAKE_CFLAGS += -fstack-protector-all -fPIE -QMAKE_CXXFLAGS += -fstack-protector-all -fPIE +QMAKE_CFLAGS += -fstack-protector-all -fPIC +QMAKE_CXXFLAGS += -fstack-protector-all -fPIC