Description of problem:

We have a customer using curl to query his Satellite 16.3 server.
When using HTTP2, curl fails after some time with the following error message:

curl: (16) Error in the HTTP2 framing layer

Digging into this, we were able to confirm that our curl is missing the following 2 commits:

commit 25a25f45ae55aae510a6de1b5bbcfa7547f5db6c
Author: Laramie Leavitt <laramie.leavitt>
Date:   Fri Jul 3 13:10:27 2020 -0700

    http: consolidate nghttp2_session_mem_recv() call paths
    
    Previously there were several locations that called
    nghttp2_session_mem_recv and handled responses slightly differently.
    Those have been converted to call the existing
    h2_process_pending_input() function.
    
    Moved the end-of-session check to h2_process_pending_input() since the
    only place the end-of-session state can change is after nghttp2
    processes additional input frames.
    
    This will likely fix the fuzzing error. While I don't have a root cause
    the out-of-bounds read seems like a use after free, so moving the
    nghttp2_session_check_request_allowed() call to a location with a
    guaranteed nghttp2 session seems reasonable.
    
    Also updated a few nghttp2 callsites to include error messages and added
    a few additional error checks.
    
    Closes #5648

Author: Daniel Stenberg <daniel>
Date:   Mon Aug 26 16:00:05 2019 +0200

    http2: when marked for closure and wanted to close == OK
    
    It could otherwise return an error even when closed correctly if GOAWAY
    had been received previously.
    
    Reported-by: Tom van der Woerdt
    Fixes #4267
    Closes #4268


Version-Release number of selected component (if applicable):

curl-7.61.1-30.el8_8.3

How reproducible:

Always on customer system when querying his Satellite 6.13