I just noticed that the port is vulnerable to CVE-2015-9275. https://nvd.nist.gov/vuln/detail/CVE-2015-9275
Thanks for the report. Unfortunately I am too busy to work on this right now and the situation would persist for about 2 weeks or so. In case someone would want to work on this, please feel free to commit a fix as long as you are confident with it. My discoveries so far, in case people want to work on it: 1) Debian patch: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774527 Note that they need to be adapted to FreeBSD port; 2) Debian have migrated to a different upstream, https://github.com/ani6al/arc which appears to be unmaintained. The Debian version (5.21q) have some license cleanups, which seems to be authorized by original owner (see https://lists.debian.org/debian-legal/2011/09/msg00018.html ) but I haven't dig into this further. We probably want to move to this upstream too. 3) There are other unresolved bugs with Debian port: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774439