Description of problem:
With the 3.8.0 release of GNUTLS, the public API has broken ABI compatibility on 32-bit platforms which have glibc >= 2.34 present.

The issue affects any GNUTLS API that uses the time_t type.  We detected this because it broken all the libvirt and QEMU unit tests which generate certificates, with errors about the certificate not being active yet.

The problem arose because GNULIB has changed the 'largefile' module so that it probes for the C library exposing _TIME_BITS=64, and if available will set that define. This results in time_t changing from 32-bit in size to 64-bit when gnutls is 
built.

Meanwhile essentially no application that uses GNUTLS will have _TIME_BITS=64 set, and thus they will all be passing/receiving time with a 32-bit time_t.

This means that any application interacting with GNUTLS APIs that involve time_t will be broken on 32-bit hosts with glibc >= 2.34 (when _TIME_BITS=64 arrived).

GNULIB did provide a '--disable-year2038' flag for configure which can be used at build time to disable 64-bit time_t. Essentially everyone who builds GNUTLS today needs to be sure to pass --disable-year2038 to avoid the silent ABI change.

Upstream report with a demo program is https://gitlab.com/gnutls/gnutls/-/issues/1466

--disable-year2038 needs to be added to all Fedora branches

Version-Release number of selected component (if applicable):
gnutls-3.8.0-1.fc37.i686

But affects all Fedora branches with the 3.8.0 rebase (f36, f37, f38, rawhide)

How reproducible:
Always on i686 hosts

Steps to Reproduce:
1. See demo program in upstream bug

Actual results:


Expected results:


Additional info: