diff -Nru console-setup-1.108ubuntu15.4/debian/changelog console-setup-1.108ubuntu15.5/debian/changelog
--- console-setup-1.108ubuntu15.4/debian/changelog	2017-10-05 19:36:07.000000000 +0000
+++ console-setup-1.108ubuntu15.5/debian/changelog	2019-04-10 20:16:29.000000000 +0000
@@ -1,3 +1,13 @@
+console-setup (1.108ubuntu15.5) xenial; urgency=medium
+
+  * setupcon: use /run for tempfiles (and dump the various unnecessary
+    fallback paths), since /run is always mountable rw at least as early as
+    /tmp is and is guaranteed to be safe from tmpcleaners at boot.  Only keep
+    /tmp as a fallback in case we have access to write to /tmp and to a
+    console, but not to /run.  LP: #1824227.
+
+ -- Steve Langasek <steve.langasek@ubuntu.com>  Wed, 10 Apr 2019 13:16:29 -0700
+
 console-setup (1.108ubuntu15.4) xenial; urgency=medium
 
    * Drop dependency from console-setup to initramfs-tools |
diff -Nru console-setup-1.108ubuntu15.4/setupcon console-setup-1.108ubuntu15.5/setupcon
--- console-setup-1.108ubuntu15.4/setupcon	2016-04-04 17:41:49.000000000 +0000
+++ console-setup-1.108ubuntu15.5/setupcon	2019-04-10 20:16:13.000000000 +0000
@@ -56,11 +56,8 @@
     local tmp
     tmp="$TMPFILE"
     if \
-        TMPFILE=`mktemp /tmp/tmpkbd.XXXXXX 2>/dev/null` \
-            || TMPFILE=`mktemp /run/tmpkbd.XXXXXX 2>/dev/null` \
-            || TMPFILE=`mktemp /dev/.tmpkbd.XXXXXX 2>/dev/null` \
-            || TMPFILE=`mktemp /lib/init/rw/tmpkbd.XXXXXX 2>/dev/null` \
-            || TMPFILE=`mktemp 2>/dev/null`
+        TMPFILE=`mktemp /run/tmpkbd.XXXXXX 2>/dev/null` \
+            || TMPFILE=`mktemp /tmp/tmpkbd.XXXXXX 2>/dev/null`
     then
         if [ -z "$tmp" ]; then
             trap 'rm -f "$TMPFILE" >/dev/null 2>&1' 0