diff --git a/SOURCES/rsyslog-8.2102.0-capabilities-drop-credential.patch b/SOURCES/rsyslog-8.2102.0-capabilities-drop-credential.patch
new file mode 100644
index 0000000..2faf05c
--- /dev/null
+++ b/SOURCES/rsyslog-8.2102.0-capabilities-drop-credential.patch
@@ -0,0 +1,67 @@
+diff -up rsyslog-8.2102.0/runtime/rsconf.c.orig rsyslog-8.2102.0/runtime/rsconf.c
+--- rsyslog-8.2102.0/runtime/rsconf.c.orig 2023-02-17 11:52:17.460043970 +0100
++++ rsyslog-8.2102.0/runtime/rsconf.c 2023-02-17 12:00:49.881602881 +0100
+@@ -33,9 +33,6 @@
+ #include
+ #include
+ #include
+-#ifdef ENABLE_LIBCAPNG
+- #include
+-#endif
+
+ #include "rsyslog.h"
+ #include "obj.h"
+@@ -549,7 +546,7 @@ rsRetVal doDropPrivGid(void)
+ uchar szBuf[1024];
+ DEFiRet;
+
+-#ifndef ENABLE_LIBCAPNG
++
+ if(!ourConf->globals.gidDropPrivKeepSupplemental) {
+ res = setgroups(0, NULL); /* remove all supplemental group IDs */
+ if(res) {
+@@ -567,15 +564,6 @@ rsRetVal doDropPrivGid(void)
+ "could not set requested group id: %s via setgid()", szBuf);
+ ABORT_FINALIZE(RS_RET_ERR_DROP_PRIV);
+ }
+-#else
+- int capng_flags = ourConf->globals.gidDropPrivKeepSupplemental ? CAPNG_NO_FLAG : CAPNG_DROP_SUPP_GRP;
+- res = capng_change_id(-1, ourConf->globals.gidDropPriv, capng_flags);
+- if (res) {
+- LogError(0, RS_RET_LIBCAPNG_ERR,
+- "could not set requested group id %d via capng_change_id()", ourConf->globals.gidDropPriv);
+- ABORT_FINALIZE(RS_RET_LIBCAPNG_ERR);
+- }
+-#endif
+
+ DBGPRINTF("setgid(%d): %d\n", ourConf->globals.gidDropPriv, res);
+ snprintf((char*)szBuf, sizeof(szBuf), "rsyslogd's groupid changed to %d",
+@@ -613,13 +601,8 @@ static void doDropPrivUid(int iUid)
+ iUid, szBuf);
+ }
+
+-#ifndef ENABLE_LIBCAPNG
++
+ res = setuid(iUid);
+- // res = setuid(cnf->globals.uidDropPriv);
+-#else
+- int capng_flags = ourConf->globals.gidDropPrivKeepSupplemental ? CAPNG_NO_FLAG : CAPNG_DROP_SUPP_GRP;
+- res = capng_change_id(iUid, -1, capng_flags);
+-#endif
+
+ if(res) {
+ /* if we can not set the userid, this is fatal, so let's unconditionally abort */
+diff -up rsyslog-8.2102.0/tools/rsyslogd.c.orig rsyslog-8.2102.0/tools/rsyslogd.c
+--- rsyslog-8.2102.0/tools/rsyslogd.c.orig 2023-02-17 11:52:00.011011019 +0100
++++ rsyslog-8.2102.0/tools/rsyslogd.c 2023-02-17 11:58:37.322491823 +0100
+@@ -2161,9 +2161,9 @@ main(int argc, char **argv)
+ CAP_LEASE,
+ CAP_NET_ADMIN,
+ CAP_NET_BIND_SERVICE,
+- CAP_PERFMON,
+ CAP_SETGID,
+ CAP_SETUID,
++ CAP_DAC_OVERRIDE,
+ CAP_SYS_ADMIN,
+ CAP_SYS_CHROOT,
+ CAP_SYS_RESOURCE,
diff --git a/SOURCES/rsyslog-8.2102.0-rhbz2124849-extra-ca-files-doc.patch b/SOURCES/rsyslog-8.2102.0-rhbz2124849-extra-ca-files-doc.patch
new file mode 100644
index 0000000..5c46529
--- /dev/null
+++ b/SOURCES/rsyslog-8.2102.0-rhbz2124849-extra-ca-files-doc.patch
@@ -0,0 +1,25 @@
+--- rsyslog-8.2102.0/doc/configuration/global/index.html 2021-02-15 12:53:30.000000000 +0100
++++ rsyslog-8.2102.0.backup.doc.202209071236/doc/configuration/global/index.html 2022-09-07 12:33:21.318360707 +0200
+@@ -119,7 +119,14 @@
+ network stream driver to use.
+ Defaults to ptcp.
+
+-$DefaultNetstreamDriverCAFile </path/to/cafile.pem>
++$DefaultNetstreamDriverCAFile </path/to/cafile.pem>
++
++$NetstreamDriverCAExtraFiles </path/to/extracafile.pem> -
++This directive allows to configure multiple additional extra CA files.
++This is intended for SSL certificate chains to work appropriately,
++as the different CA files in the chain need to be specified.
++It must be remarked that this directive only works with the OpenSSL driver.
++
+
+ $DefaultNetstreamDriverCertFile </path/to/certfile.pem>
+
+@@ -311,4 +318,4 @@
+
+