This patch will upgrade Sudo version 1.8.17 to Sudo version 1.8.17
patchlevel 1.  To apply:

    $ cd sudo-1.8.17
    $ patch -p1 < sudo-1.8.17p1.patch

diff -urNa sudo-1.8.17/ChangeLog sudo-1.8.17p1/ChangeLog
--- sudo-1.8.17/ChangeLog	Fri Jun 17 20:47:50 2016
+++ sudo-1.8.17p1/ChangeLog	Wed Jun 22 10:38:26 2016
@@ -1,3 +1,14 @@
+2016-06-22  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* NEWS, configure, configure.ac:
+	Sudo 1.8.17p1
+	[bc30a172370c]
+
+	* src/sudo.c, src/sudo.h:
+	Set user groups in exec_setup() if they were not already set by
+	policy_init_session(). Bug #749
+	[3bf16489800c]
+
 2016-06-15  Todd C. Miller  <Todd.Miller@courtesan.com>
 
 	* doc/sudo.conf.cat, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in:
diff -urNa sudo-1.8.17/NEWS sudo-1.8.17p1/NEWS
--- sudo-1.8.17/NEWS	Fri Jun 17 20:44:21 2016
+++ sudo-1.8.17p1/NEWS	Wed Jun 22 10:36:22 2016
@@ -1,3 +1,8 @@
+What's new in Sudo 1.8.17p1
+
+ * Fixed a bug introduced in 1.8.17 where the user's groups were
+   not set on systems that don't use PAM.  Bug #749.
+
 What's new in Sudo 1.8.17
 
  * On AIX, if /etc/security/login.cfg has auth_type set to PAM_AUTH
diff -urNa sudo-1.8.17/configure sudo-1.8.17p1/configure
--- sudo-1.8.17/configure	Fri Jun 17 20:44:21 2016
+++ sudo-1.8.17p1/configure	Wed Jun 22 10:36:22 2016
@@ -1,6 +1,6 @@
 #! /bin/sh
 # Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for sudo 1.8.17.
+# Generated by GNU Autoconf 2.69 for sudo 1.8.17p1.
 #
 # Report bugs to <https://bugzilla.sudo.ws/>.
 #
@@ -590,8 +590,8 @@
 # Identity of this package.
 PACKAGE_NAME='sudo'
 PACKAGE_TARNAME='sudo'
-PACKAGE_VERSION='1.8.17'
-PACKAGE_STRING='sudo 1.8.17'
+PACKAGE_VERSION='1.8.17p1'
+PACKAGE_STRING='sudo 1.8.17p1'
 PACKAGE_BUGREPORT='https://bugzilla.sudo.ws/'
 PACKAGE_URL=''
 
@@ -1525,7 +1525,7 @@
   # Omit some internal or obsolete options to make the list less imposing.
   # This message is too long to be a string in the A/UX 3.1 sh.
   cat <<_ACEOF
-\`configure' configures sudo 1.8.17 to adapt to many kinds of systems.
+\`configure' configures sudo 1.8.17p1 to adapt to many kinds of systems.
 
 Usage: $0 [OPTION]... [VAR=VALUE]...
 
@@ -1590,7 +1590,7 @@
 
 if test -n "$ac_init_help"; then
   case $ac_init_help in
-     short | recursive ) echo "Configuration of sudo 1.8.17:";;
+     short | recursive ) echo "Configuration of sudo 1.8.17p1:";;
    esac
   cat <<\_ACEOF
 
@@ -1837,7 +1837,7 @@
 test -n "$ac_init_help" && exit $ac_status
 if $ac_init_version; then
   cat <<\_ACEOF
-sudo configure 1.8.17
+sudo configure 1.8.17p1
 generated by GNU Autoconf 2.69
 
 Copyright (C) 2012 Free Software Foundation, Inc.
@@ -2363,7 +2363,7 @@
 This file contains any messages produced by compilers while
 running configure, to aid debugging if configure makes a mistake.
 
-It was created by sudo $as_me 1.8.17, which was
+It was created by sudo $as_me 1.8.17p1, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
 
   $ $0 $@
@@ -24858,7 +24858,7 @@
 # report actual input values of CONFIG_FILES etc. instead of their
 # values after options handling.
 ac_log="
-This file was extended by sudo $as_me 1.8.17, which was
+This file was extended by sudo $as_me 1.8.17p1, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
 
   CONFIG_FILES    = $CONFIG_FILES
@@ -24924,7 +24924,7 @@
 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
 ac_cs_version="\\
-sudo config.status 1.8.17
+sudo config.status 1.8.17p1
 configured by $0, generated by GNU Autoconf 2.69,
   with options \\"\$ac_cs_config\\"
 
diff -urNa sudo-1.8.17/configure.ac sudo-1.8.17p1/configure.ac
--- sudo-1.8.17/configure.ac	Fri Jun 17 20:44:21 2016
+++ sudo-1.8.17p1/configure.ac	Wed Jun 22 10:36:23 2016
@@ -4,7 +4,7 @@
 dnl Copyright (c) 1994-1996,1998-2016 Todd C. Miller <Todd.Miller@courtesan.com>
 dnl
 AC_PREREQ([2.59])
-AC_INIT([sudo], [1.8.17], [https://bugzilla.sudo.ws/], [sudo])
+AC_INIT([sudo], [1.8.17p1], [https://bugzilla.sudo.ws/], [sudo])
 AC_CONFIG_HEADER([config.h pathnames.h])
 AC_CONFIG_SRCDIR([src/sudo.c])
 dnl
diff -urNa sudo-1.8.17/src/sudo.c sudo-1.8.17p1/src/sudo.c
--- sudo-1.8.17/src/sudo.c	Fri Jun 17 20:44:21 2016
+++ sudo-1.8.17p1/src/sudo.c	Wed Jun 22 10:36:23 2016
@@ -616,7 +616,7 @@
     memset(details, 0, sizeof(*details));
     details->closefrom = -1;
     details->execfd = -1;
-    details->flags = CD_SUDOEDIT_CHECKDIR;
+    details->flags = CD_SUDOEDIT_CHECKDIR | CD_SET_GROUPS;
     TAILQ_INIT(&details->preserved_fds);
 
 #define SET_STRING(s, n) \
@@ -938,6 +938,39 @@
 #endif /* __linux__ */
 }
 
+static bool
+set_user_groups(struct command_details *details)
+{
+    bool rval = false;
+    debug_decl(set_user_groups, SUDO_DEBUG_EXEC)
+
+    if (!ISSET(details->flags, CD_PRESERVE_GROUPS)) {
+	if (details->ngroups >= 0) {
+	    if (sudo_setgroups(details->ngroups, details->groups) < 0) {
+		sudo_warn(U_("unable to set supplementary group IDs"));
+		goto done;
+	    }
+	}
+    }
+#ifdef HAVE_SETEUID
+    if (ISSET(details->flags, CD_SET_EGID) && setegid(details->egid)) {
+	sudo_warn(U_("unable to set effective gid to runas gid %u"),
+	    (unsigned int)details->egid);
+	goto done;
+    }
+#endif
+    if (ISSET(details->flags, CD_SET_GID) && setgid(details->gid)) {
+	sudo_warn(U_("unable to set gid to runas gid %u"),
+	    (unsigned int)details->gid);
+	goto done;
+    }
+    rval = true;
+
+done:
+    CLR(details->flags, CD_SET_GROUPS);
+    debug_return_bool(rval);
+}
+
 /*
  * Setup the execution environment immediately prior to the call to execve().
  * Group setup is performed by policy_init_session(), called earlier.
@@ -1019,6 +1052,12 @@
 #endif /* HAVE_LOGIN_CAP_H */
     }
 
+    if (ISSET(details->flags, CD_SET_GROUPS)) {
+	/* set_user_groups() prints error message on failure. */
+	if (!set_user_groups(details))
+	    goto done;
+    }
+
     if (ISSET(details->flags, CD_SET_PRIORITY)) {
 	if (setpriority(PRIO_PROCESS, 0, details->priority) != 0) {
 	    sudo_warn(U_("unable to set process priority"));
@@ -1347,28 +1386,10 @@
      * as part of the session setup.  This allows for dynamic
      * groups to be set via pam_group(8) in pam_setcred(3).
      */
-    if (!ISSET(details->flags, CD_PRESERVE_GROUPS)) {
-	if (details->ngroups >= 0) {
-	    if (sudo_setgroups(details->ngroups, details->groups) < 0) {
-		sudo_warn(U_("unable to set supplementary group IDs"));
-		rval = -1;
-		goto done;
-	    }
-	}
-    }
-#ifdef HAVE_SETEUID
-    if (ISSET(details->flags, CD_SET_EGID) && setegid(details->egid)) {
-	sudo_warn(U_("unable to set effective gid to runas gid %u"),
-	    (unsigned int)details->egid);
-	rval = -1;
-	goto done;
-    }
-#endif
-    if (ISSET(details->flags, CD_SET_GID) && setgid(details->gid)) {
-	sudo_warn(U_("unable to set gid to runas gid %u"),
-	    (unsigned int)details->gid);
-	rval = -1;
-	goto done;
+    if (ISSET(details->flags, CD_SET_GROUPS)) {
+	/* set_user_groups() prints error message on failure. */
+	if (!set_user_groups(details))
+	    goto done;
     }
 
     if (policy_plugin.u.policy->init_session) {
diff -urNa sudo-1.8.17/src/sudo.h sudo-1.8.17p1/src/sudo.h
--- sudo-1.8.17/src/sudo.h	Thu Mar 17 10:13:10 2016
+++ sudo-1.8.17p1/src/sudo.h	Wed Jun 22 10:36:22 2016
@@ -129,6 +129,7 @@
 #define CD_SUDOEDIT_COPY	0x08000
 #define CD_SUDOEDIT_FOLLOW	0x10000
 #define CD_SUDOEDIT_CHECKDIR	0x20000
+#define CD_SET_GROUPS		0x40000
 
 struct preserved_fd {
     TAILQ_ENTRY(preserved_fd) entries;