diff --git a/release/scripts/pkg-stage.sh b/release/scripts/pkg-stage.sh
index 8f96bd5cf5a1..082cf746b6b9 100755
--- a/release/scripts/pkg-stage.sh
+++ b/release/scripts/pkg-stage.sh
@@ -1,94 +1,94 @@
 #!/bin/sh
 #
 #
 
 set -e
 
 export ASSUME_ALWAYS_YES="YES"
 export PKG_DBDIR="/tmp/pkg"
 export PERMISSIVE="YES"
 export REPO_AUTOUPDATE="NO"
 export ROOTDIR="$PWD/dvd"
 export PKGCMD="/usr/sbin/pkg -d --rootdir ${ROOTDIR}"
 export PORTSDIR="${PORTSDIR:-/usr/ports}"
 
 _DVD_PACKAGES="devel/git@lite
 graphics/drm-kmod
 graphics/drm-510-kmod
 graphics/drm-515-kmod
 misc/freebsd-doc-all
 net/mpd5
 net/rsync
 net/wifi-firmware-kmod@release
 ports-mgmt/pkg
 shells/bash
 shells/zsh
-security/sudo
+security/sudo@default
 sysutils/screen
 sysutils/seatd
 sysutils/tmux
 www/firefox
 www/links
 x11/gnome
 x11/kde5
 x11/sddm
 x11/xorg
 x11-wm/sway"
 
 # If NOPORTS is set for the release, do not attempt to build pkg(8).
 if [ ! -f ${PORTSDIR}/Makefile ]; then
 	echo "*** ${PORTSDIR} is missing!    ***"
 	echo "*** Skipping pkg-stage.sh     ***"
 	echo "*** Unset NOPORTS to fix this ***"
 	exit 0
 fi
 
 if [ ! -x /usr/local/sbin/pkg ]; then
 	/etc/rc.d/ldconfig restart
 	/usr/bin/make -C ${PORTSDIR}/ports-mgmt/pkg install clean
 fi
 
 export PKG_ABI=$(pkg --rootdir ${ROOTDIR} config ABI)
 export PKG_ALTABI=$(pkg --rootdir ${ROOTDIR} config ALTABI 2>/dev/null)
 export PKG_REPODIR="packages/${PKG_ABI}"
 
 /bin/mkdir -p ${ROOTDIR}/${PKG_REPODIR}
 if [ ! -z "${PKG_ALTABI}" ]; then
 	ln -s ${PKG_ABI} ${ROOTDIR}/packages/${PKG_ALTABI}
 fi
 
 # Ensure the ports listed in _DVD_PACKAGES exist to sanitize the
 # final list.
 for _P in ${_DVD_PACKAGES}; do
 	if [ -d "${PORTSDIR}/${_P%%@*}" ]; then
 		DVD_PACKAGES="${DVD_PACKAGES} ${_P}"
 	else
 		echo "*** Skipping nonexistent port: ${_P%%@*}"
 	fi
 done
 
 # Make sure the package list is not empty.
 if [ -z "${DVD_PACKAGES}" ]; then
 	echo "*** The package list is empty."
 	echo "*** Something is very wrong."
 	# Exit '0' so the rest of the build process continues
 	# so other issues (if any) can be addressed as well.
 	exit 0
 fi
 
 # Print pkg(8) information to make debugging easier.
 ${PKGCMD} -vv
 ${PKGCMD} update -f
 ${PKGCMD} fetch -o ${PKG_REPODIR} -d ${DVD_PACKAGES}
 
 # Create the 'Latest/pkg.txz' symlink so 'pkg bootstrap' works
 # using the on-disc packages.
 export LATEST_DIR="${ROOTDIR}/${PKG_REPODIR}/Latest"
 mkdir -p ${LATEST_DIR}
 ln -s ../All/$(${PKGCMD} rquery %n-%v pkg).pkg ${LATEST_DIR}/pkg.pkg
 ln -sf pkg.pkg ${LATEST_DIR}/pkg.txz
 
 ${PKGCMD} repo ${PKG_REPODIR}
 
 # Always exit '0', even if pkg(8) complains about conflicts.
 exit 0
diff --git a/release/tools/oracle.conf b/release/tools/oracle.conf
index 08a9a3a372b0..8a4206c05623 100644
--- a/release/tools/oracle.conf
+++ b/release/tools/oracle.conf
@@ -1,94 +1,94 @@
 #!/bin/sh
 # Set to a list of packages to install.
 export VM_EXTRA_PACKAGES="
     comms/py-pyserial
     converters/base64
     devel/oci-cli
     devel/py-babel
     devel/py-iso8601
     devel/py-pbr
     devel/py-six
     ftp/curl
     lang/python
     lang/python3
     net/cloud-init
     net/py-eventlet
     net/py-netaddr
     net/py-netifaces
     net/py-oauth
     net/rsync
     panicmail
     security/ca_root_nss
-    security/sudo
+    security/sudo@default
     sysutils/firstboot-freebsd-update
     sysutils/firstboot-pkgs
     sysutils/panicmail
     textproc/jq
     "
 
 # Should be enough for base image, image can be resized in needed
 export VMSIZE=8g
 
 # Set to a list of third-party software to enable in rc.conf(5).
 export VM_RC_LIST="
     cloudinit
     firstboot_pkgs
     firstboot_freebsd_update
     growfs
     ntpd
     ntpd_sync_on_start
     sshd
     zfs"
 
 vm_extra_pre_umount() {
 	cat <<-'EOF' >> ${DESTDIR}/etc/rc.conf
 		dumpdev=AUTO
 		sendmail_enable=NONE
 EOF
 
 	cat <<-'EOF' >> ${DESTDIR}/boot/loader.conf
 		autoboot_delay="5"
 		beastie_disable="YES"
 		boot_serial="YES"
 		loader_logo="none"
 		cryptodev_load="YES"
 		opensolaris_load="YES"
 		xz_load="YES"
 		zfs_load="YES"
 EOF
 
 	cat <<-'EOF' >> ${DESTDIR}/etc/ssh/sshd_config
 		# S11 Configure the SSH service to prevent password-based login
 		PermitRootLogin prohibit-password
 		PasswordAuthentication no
 		KbdInteractiveAuthentication no
 		PermitEmptyPasswords no
 		UseDNS no
 EOF
 
 	 # S14 Root user login must be disabled on serial-over-ssh console
 	 pw -R ${DESTDIR} usermod root -w no
 	 # Oracle requirements override the default FreeBSD cloud-init settings
 	 cat <<-'EOF' >> ${DESTDIR}/usr/local/etc/cloud/cloud.cfg.d/98_oracle.cfg
 		disable_root: true
 		system_info:
 		   distro: freebsd
 		   default_user:
 		     name: freebsd
 		     lock_passwd: True
 		     gecos: "Oracle Cloud Default User"
 		     groups: [wheel]
 		     sudo: ["ALL=(ALL) NOPASSWD:ALL"]
 		     shell: /bin/sh
 		   network:
 		      renderers: ['freebsd']
 EOF
 
 	# Use Oracle Cloud Infrastructure NTP server
 	sed -i '' -E -e 's/^pool.*iburst/server 169.254.169.254 iburst/' \
         ${DESTDIR}/etc/ntp.conf
 
 	touch ${DESTDIR}/firstboot
 
 	return 0
 }