[replying to the original post, because I'm not sure where else in the more recent activity on this thread would be more appropriate] On Fri, Nov 11, 2022 at 08:38:18AM +0000, Sam James wrote: > Hi all, > > In Gentoo, we've been planning out what we should do for time64 on glibc [0] > and concluded that we need some support in glibc for a newer option. I'll outline > why below. > ... > > Indeed, the gnulib version of change #2 is exactly how we ended up with > wget/gnutls breaking [1]. I feel this shows that the only approach > "supported" by glibc right now is untenable. > [1] https://bugs.gentoo.org/828001 Now Fedora is also being hit by the gnutls ABI change due to time_t in public interfaces being silently changed. From an IRC conversation I had with Dan Berrange and Rich Jones (I think Rich mean i686 below): <danpb> rjones (IRC): oh wow, the certificates created on i696 are not quite right ..... <danpb> Validity: <danpb> Not Before: Sat Sep 05 00:23:57 UTC 2703 <danpb> Not After: Sun Sep 06 00:23:57 UTC 2703 <danpb> just a few years too early <danpb> i think this is looking like a gnutls regression, downgrading gnutls makes it work ... <danpb> rjones (IRC): hmm, i'm beginning to think gnutls has been miscompiled by gcc <danpb> gnutls_x509_crt_get_activation_time inside the gnutls verification api returns garbage <danpb> but the very same call done from a demo program returns the right answer ... <danpb> OMG, gnulib-- has silently changed gnutls to use 64-bit time_t <danpb> ...which is an ABI incompatibility because gnutls has public APIs which have time_t parameters <danpb> so apps talking to gnutls will expect 32-bit time_t, but gnutls is processing 64-bit time_t <danpb> this is utterly insane -- Eric Blake, Principal Software Engineer Red Hat, Inc. +1-919-301-3266 Virtualization: qemu.org | libvirt.org
