HADOOP-18484. Upgrade hsqldb to v2.7.1 to mitigate CVE-2022-41853

[ashutoshcipher]

Description of PR

Upgrade hsqldb to v2.7.1 to mitigate CVE-2022-41853

Cherry-picked e62ba16 for branch-3.3

How was this patch tested?

For code changes:

• Does the title or this PR starts with the corresponding JIRA issue id (e.g. 'HADOOP-17799. Your PR title ...')?
• Object storage: have the integration tests been executed and the endpoint declared according to the connector-specific documentation?
• If adding new dependencies to the code, are these dependencies licensed in a way that is compatible for inclusion under ASF 2.0?
• If applicable, have you updated the LICENSE, LICENSE-binary, NOTICE-binary files?

[ashutoshcipher]

@adoroszlai please help in reviewing the follow-up PR for branch-3.3

[hadoop-yetus]

💔 -1 overall

Vote	Subsystem	Runtime	Logfile	Comment
+0 🆗	reexec	0m 43s		Docker mode activated.
			_ Prechecks _
+1 💚	dupname	0m 0s		No case conflicting files found.
+0 🆗	codespell	0m 0s		codespell was not available.
+0 🆗	detsecrets	0m 0s		detect-secrets was not available.
+0 🆗	xmllint	0m 0s		xmllint was not available.
+0 🆗	shelldocs	0m 0s		Shelldocs was not available.
+1 💚	@author	0m 0s		The patch does not contain any @author tags.
-1 ❌	test4tests	0m 0s		The patch doesn't appear to include any new or modified tests. Please justify why no new tests are needed for this patch. Also please list what manual steps were performed to verify this patch.
			_ branch-3.3 Compile Tests _
+0 🆗	mvndep	15m 47s		Maven dependency ordering for branch
+1 💚	mvninstall	24m 6s		branch-3.3 passed
+1 💚	compile	18m 20s		branch-3.3 passed
+1 💚	mvnsite	20m 34s		branch-3.3 passed
+1 💚	javadoc	7m 9s		branch-3.3 passed
+1 💚	shadedclient	30m 13s		branch has no errors when building and testing our client artifacts.
			_ Patch Compile Tests _
+0 🆗	mvndep	0m 30s		Maven dependency ordering for patch
+1 💚	mvninstall	26m 10s		the patch passed
+1 💚	compile	17m 41s		the patch passed
+1 💚	javac	17m 41s		the patch passed
+1 💚	blanks	0m 0s		The patch has no blanks issues.
+1 💚	mvnsite	20m 4s		the patch passed
+1 💚	shellcheck	0m 0s		No new issues.
+1 💚	javadoc	7m 0s		the patch passed
+1 💚	shadedclient	31m 13s		patch has no errors when building and testing our client artifacts.
			_ Other Tests _
-1 ❌	unit	694m 43s	/patch-unit-root.txt	root in the patch passed.
+1 💚	asflicense	2m 25s		The patch does not generate ASF License warnings.
		905m 22s

Reason	Tests
Failed junit tests	hadoop.hdfs.server.balancer.TestBalancer
	hadoop.hdfs.server.blockmanagement.TestPendingInvalidateBlock
	hadoop.hdfs.server.datanode.TestBPOfferService
	hadoop.yarn.server.timelineservice.security.TestTimelineAuthFilterForV2

Subsystem	Report/Notes
Docker	ClientAPI=1.41 ServerAPI=1.41 base: https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-5101/3/artifact/out/Dockerfile
GITHUB PR	#5101
Optional Tests	dupname asflicense compile javac javadoc mvninstall mvnsite unit shadedclient codespell detsecrets xmllint shellcheck shelldocs
uname	Linux c4c60ba27143 4.15.0-191-generic #202-Ubuntu SMP Thu Aug 4 01:49:29 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
Build tool	maven
Personality	dev-support/bin/hadoop.sh
git revision	branch-3.3 / 9cca0c3
Default Java	Private Build-1.8.0_342-8u342-b07-0ubuntu1~18.04-b07
Test Results	https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-5101/3/testReport/
Max. process+thread count	3352 (vs. ulimit of 5500)
modules	C: hadoop-project hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common hadoop-mapreduce-project/hadoop-mapreduce-client/hadoop-mapreduce-client-jobclient hadoop-mapreduce-project/hadoop-mapreduce-examples hadoop-mapreduce-project . U: .
Console output	https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-5101/3/console
versions	git=2.17.1 maven=3.6.0 shellcheck=0.4.6
Powered by	Apache Yetus 0.14.0 https://yetus.apache.org

This message was automatically generated.

[adoroszlai]

The 4 failed tests passed locally (twice) and had no issue with the same patch on either branch-3.2 or trunk, so I assume they are flaky.

[ashutoshcipher]

Thanks @adoroszlai for validating. Looks good to commit to 3.3 as well.