fix: add security hardening flags to build configuration

[18202781743]

1. Added DEB_BUILD_MAINT_OPTIONS with hardening=+all for comprehensive
   security
2. Included -Wall flag for both C and C++ compilers to enable all
   warnings
3. Added multiple linker security flags (-Wl options) for RELRO,
   immediate binding, and noexecstack protection
4. Maintained existing -Ofast optimization while adding security
   enhancements

These changes improve the security of the built package by enabling
modern compiler and linker protections against common vulnerabilities
like buffer overflows and code injection attacks.

fix: 在构建配置中添加安全加固标志

1. 添加 DEB_BUILD_MAINT_OPTIONS 并设置 hardening=+all 以实现全面的安全
   保护
2. 为 C 和 C++ 编译器添加 -Wall 标志以启用所有警告
3. 添加多个链接器安全标志 (-Wl 选项) 用于 RELRO、立即绑定和 noexecstack
   保护
4. 在保持现有 -Ofast 优化的同时增加安全增强

这些更改通过启用现代编译器和链接器保护来防止常见漏洞（如缓冲区溢出和代码
注入攻击），从而提高了构建包的安全性。

Summary by Sourcery

Build:

• Add DEB_BUILD_MAINT_OPTIONS with hardening=+all, enable -Wall warnings, and include RELRO, immediate binding, and noexecstack linker protections while retaining -Ofast optimization

[sourcery-ai]

Reviewer's Guide

Build configuration updated to enable comprehensive security hardening by setting DEB_BUILD_MAINT_OPTIONS, augmenting compiler warning flags, and tightening linker protections while preserving existing optimizations.

File-Level Changes

Change	Details	Files
Enabled comprehensive hardening via DEB_BUILD_MAINT_OPTIONS	Added DEB_BUILD_MAINT_OPTIONS with hardening=+all	debian/rules
Activated all compiler warnings	Appended -Wall to CFLAGS Appended -Wall to CXXFLAGS	debian/rules
Tightened linker security settings	Included -Wl,-z,relro Included -Wl,-z,now Included -Wl,-z,noexecstack	debian/rules

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[sourcery-ai]

Hey @18202781743 - I've reviewed your changes and they look great!

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}

[deepin-ci-robot]

deepin pr auto review

关键摘要:

• 在debian/rules文件中添加了安全编译参数，这是一个好的实践，有助于提高软件的安全性。

是否建议立即修改:

• 否，当前提交的改动是合理的，没有发现需要立即修改的问题。但是，建议进行以下额外的检查和改进：

1. 代码注释：建议在添加的编译参数前添加注释，说明这些参数的目的和作用，以便其他开发者理解这些改动。

2. 编译参数验证：确保添加的编译参数与项目的其他部分兼容，并且不会引入任何编译错误或性能问题。

3. 文档更新：如果项目有相关的文档，建议更新文档以反映这些编译参数的添加，确保所有开发者都了解这些改动。

4. 测试：建议在添加这些编译参数后进行全面的测试，以确保这些改动不会影响软件的功能和性能。

5. 版本控制：如果这些编译参数是针对特定版本的软件，建议在版本控制系统中添加相应的标签或注释，以便于追踪这些改动。

6. 安全性评估：虽然添加了安全编译参数，但建议进行安全性评估，确保这些参数确实能够提高软件的安全性，并且不会引入其他潜在的安全问题。

[deepin-ci-robot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: 18202781743, mhduiy

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• debian/deepin/OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment