diff --git a/mail/fdm/Makefile b/mail/fdm/Makefile
index 762fd933c4..522765db8b 100644
--- a/mail/fdm/Makefile
+++ b/mail/fdm/Makefile
@@ -8,12 +8,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=fdm
-PKG_VERSION:=2.0
-PKG_RELEASE:=3
+PKG_VERSION:=2.2
+PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://github.com/nicm/fdm/releases/download/$(PKG_VERSION)
-PKG_HASH:=06b28cb6b792570bc61d7e29b13d2af46b92fea77e058b2b17e11e8f7ed0cea4
+PKG_HASH:=53aad117829834e21c1b9bf20496a1aa1c0e0fb98fe7735e1e73314266fb6c16
 
 PKG_MAINTAINER:=Dmitry V. Zimin <pfzim@mail.ru>
 PKG_LICENSE:=BSD-2-Clause
@@ -30,7 +30,7 @@ define Package/fdm
   TITLE:=fetch mail and deliver
   URL:=https://github.com/nicm/fdm
   MENU:=1
-  DEPENDS:=+tdb +zlib +libopenssl +FDM_WITH_PCRE:libpcre
+  DEPENDS:=+tdb +zlib +libopenssl +FDM_WITH_PCRE:libpcre2
   USERID:=_fdm=99:_fdm=99
 endef
 
@@ -42,7 +42,7 @@ define Package/fdm/description
 endef
 
 ifdef CONFIG_FDM_WITH_PCRE
-	CONFIGURE_ARGS += --enable-pcre
+	CONFIGURE_ARGS += --enable-pcre2
 endif
 
 define Package/fdm/config
diff --git a/mail/fdm/patches/010-ntop-fix.patch b/mail/fdm/patches/010-ntop-fix.patch
deleted file mode 100644
index e32479571a..0000000000
--- a/mail/fdm/patches/010-ntop-fix.patch
+++ /dev/null
@@ -1,9 +0,0 @@
---- a/Makefile.am
-+++ b/Makefile.am
-@@ -123,6 +123,3 @@ endif
- if NO_STRTONUM
- nodist_fdm_SOURCES += compat/strtonum.c
- endif
--if NO_B64_NTOP
--nodist_fdm_SOURCES += compat/base64.c
--endif
diff --git a/mail/fdm/patches/020-Fix-compile-with-OpenSSL-1.1.0.patch b/mail/fdm/patches/020-Fix-compile-with-OpenSSL-1.1.0.patch
deleted file mode 100644
index 3d2f45d407..0000000000
--- a/mail/fdm/patches/020-Fix-compile-with-OpenSSL-1.1.0.patch
+++ /dev/null
@@ -1,24 +0,0 @@
-From 3aa079c4885d89257c5033b4992011511b603150 Mon Sep 17 00:00:00 2001
-From: Rosen Penev <rosenp@gmail.com>
-Date: Tue, 26 Jun 2018 14:14:34 -0700
-Subject: [PATCH] Fix compile with OpenSSL 1.1.0
-
-OpenSSL 1.1.0 deprecared SSL_library_init and SSL_load_error_strings.
-They're part of OPENSSL_init_ssl now.
----
- fdm.c | 2 ++
- 1 file changed, 2 insertions(+)
-
---- a/fdm.c
-+++ b/fdm.c
-@@ -717,8 +717,10 @@ retry:
- 	}
- 	conf.lock_file = lock;
- 
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
- 	SSL_library_init();
- 	SSL_load_error_strings();
-+#endif
- 
- 	/* Filter account list. */
- 	TAILQ_INIT(&actaq);
diff --git a/mail/fdm/patches/030-cdefs.patch b/mail/fdm/patches/030-cdefs.patch
deleted file mode 100644
index d1ae7af3da..0000000000
--- a/mail/fdm/patches/030-cdefs.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-From 3232e537ccaba4417b25d9d70264e4a5533042da Mon Sep 17 00:00:00 2001
-From: Nicholas Marriott <nicholas.marriott@gmail.com>
-Date: Mon, 18 Mar 2019 13:04:00 +0000
-Subject: [PATCH] Fix bas64 declarations, from makepost at firemail dot cc.
-
----
- fdm.h | 5 ++---
- 1 file changed, 2 insertions(+), 3 deletions(-)
-
---- a/fdm.h
-+++ b/fdm.h
-@@ -20,7 +20,6 @@
- #define FDM_H
- 
- #include <sys/param.h>
--#include <sys/cdefs.h>
- #include <sys/stat.h>
- 
- #ifdef HAVE_QUEUE_H
-@@ -725,8 +724,8 @@ size_t		 strlcat(char *, const char *, s
- 
- #ifndef HAVE_B64_NTOP
- /* base64.c */
--int b64_ntop(src, srclength, target, targsize);
--int b64_pton(src, target, targsize);
-+int b64_ntop(u_char const *, size_t, char *, size_t);
-+int b64_pton(char const *, u_char *, size_t);
- #endif
- 
- /* shm.c */
diff --git a/mail/fdm/patches/100-Fix-bugs-in-PCRE2-code-don-t-walk-off-the-end-of-the.patch b/mail/fdm/patches/100-Fix-bugs-in-PCRE2-code-don-t-walk-off-the-end-of-the.patch
new file mode 100644
index 0000000000..8c63f96a9d
--- /dev/null
+++ b/mail/fdm/patches/100-Fix-bugs-in-PCRE2-code-don-t-walk-off-the-end-of-the.patch
@@ -0,0 +1,75 @@
+From f1ec1982725d60045c0d871f3e613f2880046c22 Mon Sep 17 00:00:00 2001
+From: Nicholas Marriott <nicholas.marriott@gmail.com>
+Date: Wed, 1 Feb 2023 15:31:30 +0000
+Subject: [PATCH] Fix bugs in PCRE2 code - don't walk off the end of the match
+ list if NOMATCH is returned, and don't stop on empty matches. From Thomas
+ Hurst.
+
+---
+ pcre.c | 45 ++++++++++++++++++++++++++-------------------
+ 1 file changed, 26 insertions(+), 19 deletions(-)
+
+--- a/pcre.c
++++ b/pcre.c
+@@ -66,7 +66,7 @@ int
+ re_block(struct re *re, const void *buf, size_t len, struct rmlist *rml,
+     char **cause)
+ {
+-	int			 res;
++	int			 res, ret;
+ 	pcre2_match_data	*pmd;
+ 	PCRE2_SIZE		*ovector;
+ 	u_int			 i, j;
+@@ -85,27 +85,34 @@ re_block(struct re *re, const void *buf,
+ 	}
+ 
+ 	pmd = pcre2_match_data_create_from_pattern(re->pcre2, NULL);
+-	res = pcre2_match(re->pcre2, buf, len, 0, 0, pmd, NULL);
+-	if (res < 0 && res != PCRE2_ERROR_NOMATCH) {
+-		xasprintf(cause, "%s: regexec failed", re->str);
+-		pcre2_match_data_free(pmd);
+-		return (-1);
+-	}
++	if (pmd == NULL)
++		fatalx("pcre2_match_data_create_from_pattern failed");
+ 
+-	if (rml != NULL) {
+-		ovector = pcre2_get_ovector_pointer(pmd);
+-		for (i = 0; i < res; i++) {
+-			j = i * 2;
+-			if (ovector[j + 1] <= ovector[j])
+-				break;
+-			rml->list[i].valid = 1;
+-			rml->list[i].so = ovector[j];
+-			rml->list[i].eo = ovector[j + 1];
++	res = pcre2_match(re->pcre2, buf, len, 0, 0, pmd, NULL);
++	if (res > 0) {
++		if (rml != NULL) {
++			if (res > NPMATCH)
++				res = NPMATCH;
++			ovector = pcre2_get_ovector_pointer(pmd);
++			for (i = 0; i < res; i++) {
++				j = i * 2;
++				if (ovector[j + 1] < ovector[j])
++					break;
++				rml->list[i].valid = 1;
++				rml->list[i].so = ovector[j];
++				rml->list[i].eo = ovector[j + 1];
++			}
++			rml->valid = 1;
+ 		}
+-		rml->valid = 1;
++		ret = 1;
++	} else if (res == PCRE2_ERROR_NOMATCH)
++		ret = 0;
++	else {
++		xasprintf(cause, "%s: regexec failed", re->str);
++		ret = -1;
+ 	}
+-
+-	return (res != PCRE2_ERROR_NOMATCH);
++	pcre2_match_data_free(pmd);
++	return (ret);
+ }
+ 
+ void
diff --git a/mail/fdm/patches/101-Fix-use-after-free-GitHub-issue-126.patch b/mail/fdm/patches/101-Fix-use-after-free-GitHub-issue-126.patch
new file mode 100644
index 0000000000..98024d21f1
--- /dev/null
+++ b/mail/fdm/patches/101-Fix-use-after-free-GitHub-issue-126.patch
@@ -0,0 +1,21 @@
+From 028f59bef0ea9435fb8fbe095b2939652ce63479 Mon Sep 17 00:00:00 2001
+From: Nicholas Marriott <nicholas.marriott@gmail.com>
+Date: Mon, 3 Apr 2023 08:54:28 +0100
+Subject: [PATCH] Fix use-after-free, GitHub issue 126.
+
+---
+ connect.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/connect.c
++++ b/connect.c
+@@ -550,8 +550,8 @@ httpproxy(struct server *srv,
+ 			if (strlen(line) < 12 ||
+ 			    strncmp(line, "HTTP/", 5) != 0 ||
+ 			    strncmp(line + 8, " 200", 4) != 0) {
+-				xfree(line);
+ 				xasprintf(cause, "unexpected data: %s", line);
++				xfree(line);
+ 				return (-1);
+ 			}
+ 			header = 1;