Debian 0.2.8.11 package CapabilityBoundingSet doesn't allow tor to start with a configured HS

Latest 0.2.8.11 package changes the capabilities from the systemd service file from:

CapabilityBoundingSet=CAP_SETUID CAP_SETGID CAP_NET_BIND_SERVICE CAP_DAC_OVERRIDE CAP_CHOWN CAP_FOWNER

to

CapabilityBoundingSet=CAP_SETUID CAP_SETGID CAP_NET_BIND_SERVICE

which makes it that tor doesn't restart after an upgrade with at least one hidden service configured:

[warn] Directory /var/lib/tor/hidden_service/ cannot be read: Permission denied

This is pretty bad because anyone upgrading will have its tor stopped. (from deb.tpo)

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information