I just noticed that the port is vulnerable to CVE-2015-9275.
Thanks for the report. Unfortunately I am too busy to work on this right now and the situation would persist for about 2 weeks or so.
In case someone would want to work on this, please feel free to commit a fix as long as you are confident with it.
My discoveries so far, in case people want to work on it:
1) Debian patch: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774527
Note that they need to be adapted to FreeBSD port;
2) Debian have migrated to a different upstream, https://github.com/ani6al/arc which appears to be unmaintained.
The Debian version (5.21q) have some license cleanups, which seems to be authorized by original owner (see https://lists.debian.org/debian-legal/2011/09/msg00018.html ) but I haven't dig into this further. We probably want to move to this upstream too.
3) There are other unresolved bugs with Debian port: