From cca779eb76ab86e13aabb89e3362e0b59fde4016 Mon Sep 17 00:00:00 2001
From: wangrong <wangrong@uniontech.com>
Date: Wed, 7 Jan 2026 15:44:35 +0800
Subject: [PATCH 1/2] chore: Update compiler flags for security enhancements

As title

Log: Update compiler flags for security enhancements
Bug: https://pms.uniontech.com/bug-view-339563.html
---
 src/CMakeLists.txt | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt
index 6d8563b..7cec02f 100644
--- a/src/CMakeLists.txt
+++ b/src/CMakeLists.txt
@@ -44,13 +44,17 @@ if(DOTEST)
     endif()
 endif()
 
+# sw_64 上运行时有崩溃, 所以暂时排除该架构
 if (NOT ${CMAKE_SYSTEM_PROCESSOR} MATCHES "sw_64")
     set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -Wall -Wl,--as-need -fPIE")
     set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wno-error=incompatible-pointer-types -fPIC")
     set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -Wall -Wl,--as-need -fPIE -Wno-error=incompatible-pointer-types")
-    set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -pie -Wl,-z,relro -Wl,-z,now")
+    set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -pie")
 endif()
 
+# 启用只读重定位/立即绑定，以提高安全性
+set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -Wl,-z,relro -Wl,-z,now")
+
 find_package(Qt${QT_VERSION_MAJOR} REQUIRED ${QtModule})
 
 add_definitions(${QT_DEFINITIONS})

From 1bd2e8bc4d652141ac40438ce0ee1614370cde43 Mon Sep 17 00:00:00 2001
From: wangrong <wangrong@uniontech.com>
Date: Wed, 7 Jan 2026 15:58:09 +0800
Subject: [PATCH 2/2] fix: Fix sw64 gcc not support pie by default

Add the -fPIE parameter via CMAKE_POSITION_INDEPENDENT_CODE.
Add the -pie parameter via target_link_options.

Log: Update compiler flags for security enhancements
Bug: https://pms.uniontech.com/bug-view-339563.html
---
 CMakeLists.txt     | 5 ++++-
 src/CMakeLists.txt | 5 ++++-
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/CMakeLists.txt b/CMakeLists.txt
index c44db44..fb3cebd 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -1,4 +1,4 @@
-# SPDX-FileCopyrightText: 2022 UnionTech Software Technology Co., Ltd.
+# SPDX-FileCopyrightText: 2022 - 2026 UnionTech Software Technology Co., Ltd.
 #
 # SPDX-License-Identifier: CC0-1.0
 
@@ -7,5 +7,8 @@ project(deepin-ocr)
 
 option(DOTEST "option for test" OFF)
 
+# 启用位置无关代码，提高安全性（ASLR）
+set(CMAKE_POSITION_INDEPENDENT_CODE ON)
+
 #deepin-ocr
 add_subdirectory(src)
diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt
index 7cec02f..fccecb7 100644
--- a/src/CMakeLists.txt
+++ b/src/CMakeLists.txt
@@ -1,4 +1,4 @@
-# SPDX-FileCopyrightText: 2022 UnionTech Software Technology Co., Ltd.
+# SPDX-FileCopyrightText: 2022 - 2026 UnionTech Software Technology Co., Ltd.
 #
 # SPDX-License-Identifier: CC0-1.0
 
@@ -202,6 +202,9 @@ if(DOTEST)
     )
 endif()
 
+# 启用位置无关可执行文件，提高安全性
+target_link_options(${PROJECT_NAME} PRIVATE -pie)
+
 # dde项目，期望CMAKE_INSTALL_PREFIX为/usr
 if(CMAKE_INSTALL_PREFIX_INITIALIZED_TO_DEFAULT)
     set(CMAKE_INSTALL_PREFIX /usr)