HIVE-26254: upgrade calcite to 1.26.0 due to CVE

[pjfanning]

What changes were proposed in this pull request?

Upgrade calcite version due to CVE - https://issues.apache.org/jira/browse/HIVE-26254

Why are the changes needed?

Does this PR introduce any user-facing change?

How was this patch tested?

[github-actions]

This pull request has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.
Feel free to reach out on the dev@hive.apache.org list if the patch is in need of reviews.

[ayushtkn]

The build results aren't available now, so couldn't check what broke due to this.
Something which can't be fixed?

[pjfanning]

@ayushtkn I can't recall the issue but I think it was non-trivial. I've started a CI build to get the results.

[ayushtkn]

Thanx @pjfanning
Seems atleast there is some guava version conflict. Hive and Calcite Guava version are conflicting, because in a couple of tests I see there is NoSuchMethodException for Guava classes.
Second is some SARG literal and some ClassCastExceptions for it, may be CALCITE-4716 could be a fix, which is there in 1.28.0 and above.

But I think Guava issue will stay....

[pjfanning]

@ayushtkn I linked a couple of issues on https://issues.apache.org/jira/browse/HIVE-26254 relating to Guava upgrade. Would there be any stomach to try to upgrade guava?

[ayushtkn]

I think we need to upgrade guava for other reasons as well. May be it would be possible post HIVE-24484. As of today if you try upgrading guava it will give a bunch of failures due to conflict between current guava version of hadoop. HADOOP-16924 shades guava, so I think post moving to hadoop-3.3.1, upgrading guava should be possible

[zabetak]

FYI Calcite claims to support all Guava versions from 19.0 to 31.1-jre and there are regular CI tests for both ends:

• CI for 19.0 https://github.com/apache/calcite/blob/657a3d352ff81ef54f2bc0be6884363b49741305/.travis.yml#L27
• CI for 31.1-jre https://github.com/apache/calcite/blob/657a3d352ff81ef54f2bc0be6884363b49741305/.travis.yml#L55

thus I don't think upgrading Calcite would strictly require Guava upgrade.

Apart from that, Calcite 1.31.0 will be out soon so it may be preferable to upgrade to that version directly.

[pjfanning]

The link to the broken build does not work for me.

https://ci.hive.apache.org/job/hive-precommit/job/PR-3315/1/display/redirect

[ayushtkn]

Try this:
http://ci.hive.apache.org/job/hive-precommit/job/PR-3315/1/

[pjfanning]

@ayushtkn that link doesn't work for me -- turns out that Chrome doesn't like that link but it works for me in Safari

[ayushtkn]

@zabetak I saw that written in the POM of Calcite as well.
But still I see there is failure due to Guava here:
http://ci.hive.apache.org/job/hive-precommit/job/PR-3315/1/testReport/junit/org.apache.hadoop.hive.cli.split17/TestMiniLlapLocalCliDriver/Testing___split_08___PostProcess___testCliDriver_parquet_map_null_vectorization_/

May be we have to exclude the Guava coming from Calcite and then try with the latest version?

[zabetak]

Thanks for the pointer @ayushtkn. Indeed the failure is related to Guava and Calcite (most likely due to CALCITE-4259) but it shouldn't require a Guava upgrade. Probably there is a problem on the way Hive shades calcite in the ql module or something along these lines.

[github-actions]

This pull request has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.
Feel free to reach out on the dev@hive.apache.org list if the patch is in need of reviews.

[pjfanning]

Closed as https://issues.apache.org/jira/browse/HIVE-26254 has been superseded.