This question probably belongs on tech-pkg rather than here.  (^&

The problem is that there *was* a relation, it seems, between the
removed code and code you didn't want to move.  Updating one
package required anothher package to be updated; that one wanted
the latest version of some library; that library was updated, but
openssh needed it, so openssh was updated...

There are some things that you can do; some I understand better
than others but you may look into each:

 * Identify the libraries that will be replaced, and do a
   "make replace" on them, first.  This will build and install
   new copies on top of the old.  This is not done by default
   because it is possible that a library upgrade will result in
   an incompatibility that will require an actual recompile.

   There are dependency-graph analysis tools and visualization
   tools to help with this, I think, in pkgsrc.

 * Use the system sshd, at least until you are done updating.

 * Link programs staticly.  I do not know if pkgsrc supports an
   option to request that all programs are staticly linked, and
   it would prevent you from getting nice propogated security fixes
   when you get a warning about a library.  (Though pkgsrc could
   still track the use of a library so that a dependency-checking
   audit script could be written.)

   But if you link staticly, you could (at least manually) break
   the pkgsrc run dependencies.  (You might also just build manually,
   without pkgsrc.)

 * I think that the new "pkgviews" concept allows you to have
   multiple installed versions of packages, so that you could
   update with a new "view" and if it all built well, switch
   over only after the build.


I'm not sure which, if any, of those you would want to pursue, but
those are some options that may solve your problem.  Good luck.

(^&

-- 
  "I probably don't know what I'm talking about."  http://www.olib.org/~rkr/