diff --git a/security/openssh-portable/files/extra-patch-no-blocklistd-hpn-glue b/security/openssh-portable/files/extra-patch-no-blocklistd-hpn-glue
index 1059f57cc88b..3b4609039580 100644
--- a/security/openssh-portable/files/extra-patch-no-blocklistd-hpn-glue
+++ b/security/openssh-portable/files/extra-patch-no-blocklistd-hpn-glue
@@ -1,27 +1,27 @@
---- sshd-session.c.orig	2025-10-11 10:16:00.048273000 -0700
-+++ sshd-session.c	2025-10-11 10:16:02.937735000 -0700
-@@ -149,6 +149,12 @@ static int have_agent = 0;
- /* Daemon's agent connection */
- int auth_sock = -1;
- static int have_agent = 0;
+--- sshd-auth.c.orig	2026-04-26 20:56:18.236716000 -0700
++++ sshd-auth.c	2026-04-26 20:58:14.385157000 -0700
+@@ -167,6 +167,12 @@ static struct ssh_sandbox *box;
+ #ifndef HAVE_PLEDGE
+ static struct ssh_sandbox *box;
+ #endif
 +
 +/*
 + * This is compiled WITHOUT blocklistd support. This is done for patch
 + * glue in ports.
 + */
 +#define BLACKLIST_NOTIFY(...)
  
- /*
-  * Any really sensitive data in the application is contained in this
-@@ -1275,8 +1281,10 @@ main(int ac, char **av)
- 	}
+ /* XXX stub */
+ int
+@@ -812,8 +818,10 @@ do_ssh2_kex(struct ssh *ssh)
+ 	free(hkalgs);
  
  	if ((r = kex_exchange_identification(ssh, -1,
 -	    options.version_addendum)) != 0)
 +	    options.version_addendum)) != 0) {
 +		BLACKLIST_NOTIFY(ssh, BLACKLIST_AUTH_FAIL, "Banner exchange");
  		sshpkt_fatal(ssh, r, "banner exchange");
 +	}
+ 	mm_sshkey_setcompat(ssh); /* tell monitor */
  
- 	ssh_packet_set_nonblocking(ssh);
- 
+ 	if ((ssh->compat & SSH_BUG_NOREKEY))