From bffcd066443e63faf395047baed69f7911f48a72 Mon Sep 17 00:00:00 2001
From: Tad <tad@spotco.us>
Date: Fri, 11 Oct 2019 13:29:04 -0400
Subject: [PATCH] 16.0: add zenfone3

---
 Manifests/Manifest_LAOS-16.0.xml              |   4 +
 Scripts/Common/Deblob.sh                      |  15 ++-
 .../android_kernel_asus_msm8953.sh            | 104 ++++++++++++++++++
 .../CVE_Patchers/android_kernel_samsung_jf.sh |   8 +-
 Scripts/LineageOS-16.0/Functions.sh           |   4 +-
 Scripts/LineageOS-16.0/Patch.sh               |   1 +
 6 files changed, 125 insertions(+), 11 deletions(-)
 create mode 100644 Scripts/LineageOS-16.0/CVE_Patchers/android_kernel_asus_msm8953.sh

diff --git a/Manifests/Manifest_LAOS-16.0.xml b/Manifests/Manifest_LAOS-16.0.xml
index 69c82085..0e5b56b2 100644
--- a/Manifests/Manifest_LAOS-16.0.xml
+++ b/Manifests/Manifest_LAOS-16.0.xml
@@ -93,6 +93,10 @@
 	<project path="kernel/google/msm" name="LineageOS/android_kernel_google_msm" remote="github" />
 	<project path="packages/apps/FlipFlap" name="LineageOS/android_packages_apps_FlipFlap" remote="github" />
 
+	<!-- Asus ZenFone 3 (zenfone3) -->
+	<project path="device/asus/zenfone3" name="LineageOS/android_device_asus_zenfone3" remote="github" />
+	<project path="kernel/asus/msm8953" name="LineageOS/android_kernel_asus_msm8953" remote="github" />
+
 	<!-- Essential PH-1 (mata) -->
 	<project path="device/essential/mata" name="LineageOS/android_device_essential_mata" remote="github" />
 	<project path="kernel/essential/msm8998" name="LineageOS/android_kernel_essential_msm8998" remote="github" />
diff --git a/Scripts/Common/Deblob.sh b/Scripts/Common/Deblob.sh
index d58ed875..c07edaae 100644
--- a/Scripts/Common/Deblob.sh
+++ b/Scripts/Common/Deblob.sh
@@ -71,7 +71,7 @@ echo "Deblobbing..."
 	#Clearkey (DRM) [Google]
 	blobs=$blobs"|libdrmclearkeyplugin.so";
 
-	#CMN (DRM?) [?]
+	#CMN (?) [?]
 	#blobs=$blobs"|cmnlib.*";
 
 	#CNE (Automatic Cell/Wi-Fi Switching) [Qualcomm]
@@ -85,6 +85,10 @@ echo "Deblobbing..."
 	makes=$makes"libcnefeatureconfig";
 	sepolicy=$sepolicy" cnd.te qcneservice.te";
 
+	#CPPF (DRM) [?]
+	blobs=$blobs"|libcppf.so";
+	blobs=$blobs"|cppf.*";
+
 	#Diagnostics
 	blobs=$blobs"|[/]diag[/]|diag_callback_client|diag_dci_sample|diag_klog|diag_mdlog|diag_mdlog-getlogs|diag_mdlog-wrap|diag[/]mdm|diag_qshrink4_daemon|diag_socket_log|diag_uart_log|drmdiagapp|ibdrmdiag.so|ssr_diag|test_diag|cnss_diag";
 	#blobs=$blobs"|libdiag.so|libsdm-diag.so|libDiagService.so"; #XXX: Breaks qseecomd AND brightness control (?)
@@ -362,7 +366,9 @@ echo "Deblobbing..."
 	blobs=$blobs"|Tycho.apk";
 
 	#Quickboot [Qualcomm]
+	blobs=$blobs"|power_off_alarm";
 	blobs=$blobs"|QuickBoot.apk|PowerOffAlarm.apk";
+	blobs=$blobs"|vendor.qti.hardware.alarm.*";
 
 	#QTI (Tethering Extensions) [Qualcomm]
 	blobs=$blobs"|libQtiTether.so";
@@ -389,6 +395,7 @@ echo "Deblobbing..."
 
 	#SecureUI Frontends
 	blobs=$blobs"|libHealthAuthClient.so|libHealthAuthJNI.so|libSampleAuthJNI.so|libSampleAuthJNIv1.so|libSampleExtAuthJNI.so|libSecureExtAuthJNI.so|libSecureSampleAuthClient.so|libsdedrm.so";
+	blobs=$blobs"|vendor.qti.hardware.tui.*";
 
 	#[Sprint]
 	blobs=$blobs"|CQATest.apk|GCS.apk|HiddenMenu.apk|LifetimeData.apk|SprintHM.apk|LifeTimerService.apk|SecPhone.apk|SprintMenu.apk";
@@ -426,11 +433,13 @@ echo "Deblobbing..."
 	makes=$makes"|android.hardware.soundtrigger.*";
 
 	#Wfd (Wireless Display? Wi-Fi Direct?) [Qualcomm]
-	blobs=$blobs"|libmmparser_lite.so|libmmrtpdecoder.so|libmmrtpencoder.so|libmmwfdinterface.so|libmmwfdsinkinterface.so|libmmwfdsrcinterface.so|libwfdavenhancements.so|libwfdcommonutils.so|libwfdhdcpcp.so|libwfdmmsink.so|libwfdmmsrc.so|libwfdmmutils.so|libwfdnative.so|libwfdrtsp.so|libwfdservice.so|libwfdsm.so|libwfduibcinterface.so|libwfduibcsinkinterface.so|libwfduibcsink.so|libwfduibcsrcinterface.so|libwfduibcsrc.so";
-	blobs=$blobs"|wfdservice";
+	blobs=$blobs"|libmmparser_lite.so|libmmrtpdecoder.so|libmmrtpencoder.so|libmmwfdinterface.so|libmmwfdsinkinterface.so|libmmwfdsrcinterface.so|libwfdavenhancements.so|libwfdcommonutils.so|libwfdhdcpcp.so|libwfdmmsink.so|libwfdmmsrc.so|libwfdmmutils.so|libwfdnative.so|libwfdrtsp.so|libwfdservice.so|libwfdsm.so|libwfduibcinterface.so|libwfduibcsinkinterface.so|libwfduibcsink.so|libwfduibcsrcinterface.so|libwfduibcsrc.so|libwfdcommonutils_proprietary.so|libwfdhaldsmanager.so|libwfdmmservice.so|libwfdmodulehdcpsession.so|libwfdcodecv4l2.so|libwfdconfigutils.so|libwfdmminterface.so|libwfdclient.so";
+	blobs=$blobs"|wfdservice|wifidisplayhalservice";
 	blobs=$blobs"|WfdService.apk";
 	blobs=$blobs"|WfdCommon.jar";
 	blobs=$blobs"|wfdconfigsink.xml|wfdconfig.xml";
+	blobs=$blobs"|com.qualcomm.qti.wifidisplayhal.*";
+	makes=$makes"|WfdCommon";
 
 	#Widevine (DRM) [Google]
 	blobs=$blobs"|libdrmclearkeyplugin.so|libdrmwvmplugin.so|libmarlincdmplugin.so|libwvdrmengine.so|libwvdrm_L1.so|libwvdrm_L3.so|libwvhidl.so|libwvm.so|libWVphoneAPI.so|libWVStreamControlAPI_L1.so|libWVStreamControlAPI_L3.so|libdrmmtkutil.so|libsepdrm.*.so";
diff --git a/Scripts/LineageOS-16.0/CVE_Patchers/android_kernel_asus_msm8953.sh b/Scripts/LineageOS-16.0/CVE_Patchers/android_kernel_asus_msm8953.sh
new file mode 100644
index 00000000..8562c91e
--- /dev/null
+++ b/Scripts/LineageOS-16.0/CVE_Patchers/android_kernel_asus_msm8953.sh
@@ -0,0 +1,104 @@
+#!/bin/bash
+cd "$DOS_BUILD_BASE""kernel/asus/msm8953"
+git apply $DOS_PATCHES_LINUX_CVES/0003-syzkaller-Misc2/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/0003-syzkaller-Misc2/ANY/0004.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.18/0019.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.18/0020.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.18/0022.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.18/0023.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.18/0025.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.18/0026.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.18/0027.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.18/0028.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.18/0029.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.18/0030.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.18/0031.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.18/0032.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.18/0033.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.18/0034.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.18/0035.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.18/0036.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.18/0037.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.18/0040.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.18/0041.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.18/0042.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.18/0043.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.18/0045.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.18/0046.patch
+git apply $DOS_PATCHES_LINUX_CVES/0006-Copperhead-Kernel_Hardening/3.18/0050.patch
+git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2014-9900/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-1339/^4.4/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-2041/^3.19/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-2042/^3.19/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-7515/^4.4/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-7837/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-7884/^4.3.3/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-7885/^4.3.3/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-8104/^4.2.6/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-8844/^4.3.5/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-8845/^4.4.1/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-8953/^4.2.6/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2069/^4.4.1/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2549/^4.4.1/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-3857/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-5244/^4.6.3/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6130/^4.6/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6187/^4.6.5/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6672/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6693/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6696/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-8394/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-8646/^4.3.6/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-GadgetFS/ANY/0007.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-GadgetFS/ANY/0008.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-GadgetFS/ANY/0009.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-GadgetFS/ANY/0010.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0610/ANY/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0750/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-1000252/^4.13.3/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-1000371/^4.11.5/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-11031/3.18/0001.patch
+#git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13162/3.18/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13218/3.18/0009.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13220/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13246/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13693/^4.12.9/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13694/^4.12.9/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-14883/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16650/^4.13.11/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16USB/ANY/0005.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16USB/ANY/0006.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-16USB/ANY/0009.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-5669/^4.9.12/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-5972/ANY/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-6001/^4.9.7/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-6348/^4.9.13/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-9605/^4.11.4/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-13094/^4.17.3/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-13914/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-15594/^4.18.1/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-18690/^4.17/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-5825/3.18/0003.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-5897/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-7273/^4.15.4/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-8043/^4.15.8/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-8087/^4.15.9/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-9415/ANY/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-12378/^5.1.5/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-12456/^5.1.5/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-12614/^5.1.6/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-13631/^5.2.1/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-15098/^5.2.8/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-15213/^5.2.3/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-15807/^5.1.13/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-15926/^5.2.3/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-17052/^5.3.2/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-8912/^4.20.11/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6693/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6696/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0610/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0750/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-14883/ANY/0001.patch
+editKernelLocalversion "-dos.p100"
+cd "$DOS_BUILD_BASE"
diff --git a/Scripts/LineageOS-16.0/CVE_Patchers/android_kernel_samsung_jf.sh b/Scripts/LineageOS-16.0/CVE_Patchers/android_kernel_samsung_jf.sh
index 34721568..54e07342 100644
--- a/Scripts/LineageOS-16.0/CVE_Patchers/android_kernel_samsung_jf.sh
+++ b/Scripts/LineageOS-16.0/CVE_Patchers/android_kernel_samsung_jf.sh
@@ -30,7 +30,6 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2085/^4.5/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2185/^4.5.1/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2186/^4.5.1/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2475/ANY/0001.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2543/^4.4.1/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-3854/ANY/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-3857/ANY/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-3865/ANY/0001.patch
@@ -42,23 +41,19 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-5244/^4.6.3/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-5828/^4.6.3/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6480/^4.7/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6672/ANY/0001.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6791/ANY/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-8404/ANY/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-8646/^4.3.6/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0430/ANY/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0524/ANY/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0573/ANY/0001.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0648/ANY/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0706/ANY/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0750/ANY/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0751/ANY/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0786/ANY/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0791/ANY/0001.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0861/ANY/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-1000111/ANY/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-1000251/3.4/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-1000363/ANY/0001.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-1000380/^4.11.5/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-10663/^4.12.4/0003.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-11015/prima/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-11015/prima/0002.patch
@@ -117,7 +112,6 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10902/ANY/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10940/^4.16.6/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-11832/ANY/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-11939/ANY/0001.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-13053/^4.17.3/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-15594/^4.18.1/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-16658/^4.18.6/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-18710/^4.19/0001.patch
@@ -146,5 +140,5 @@ git apply $DOS_PATCHES_LINUX_CVES/Untracked-02/ANY/797912_0001-usb-gadget-Fix-sy
 git apply $DOS_PATCHES_LINUX_CVES/Untracked-02/ANY/870057_0001-wcnss-add-null-check-in-pm_ops-unregister.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-2475/ANY/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0750/ANY/0001.patch
-editKernelLocalversion "-dos.p146"
+editKernelLocalversion "-dos.p140"
 cd "$DOS_BUILD_BASE"
diff --git a/Scripts/LineageOS-16.0/Functions.sh b/Scripts/LineageOS-16.0/Functions.sh
index df2233da..204ffda8 100644
--- a/Scripts/LineageOS-16.0/Functions.sh
+++ b/Scripts/LineageOS-16.0/Functions.sh
@@ -18,7 +18,7 @@
 #Last verified: 2018-04-27
 
 patchAllKernels() {
-	startPatcher "kernel_asus_fugu kernel_cyanogen_msm8916 kernel_cyanogen_msm8974 kernel_essential_msm8998 kernel_fairphone_msm8974 kernel_google_bonito kernel_google_crosshatch kernel_google_marlin kernel_google_msm kernel_google_wahoo kernel_htc_msm8974 kernel_lge_g3 kernel_lge_hammerhead kernel_lge_mako kernel_lge_msm8974 kernel_moto_shamu kernel_motorola_msm8974 kernel_motorola_msm8992 kernel_motorola_msm8996 kernel_nextbit_msm8992 kernel_oppo_msm8974 kernel_razer_msm8998 kernel_samsung_jf kernel_samsung_msm8974 kernel_samsung_smdk4412 kernel_zuk_msm8996";
+	startPatcher "kernel_asus_fugu kernel_asus_msm8953 kernel_cyanogen_msm8916 kernel_cyanogen_msm8974 kernel_essential_msm8998 kernel_fairphone_msm8974 kernel_google_bonito kernel_google_crosshatch kernel_google_marlin kernel_google_msm kernel_google_wahoo kernel_htc_msm8974 kernel_lge_g3 kernel_lge_hammerhead kernel_lge_mako kernel_lge_msm8974 kernel_moto_shamu kernel_motorola_msm8974 kernel_motorola_msm8992 kernel_motorola_msm8996 kernel_nextbit_msm8992 kernel_oppo_msm8974 kernel_razer_msm8998 kernel_samsung_jf kernel_samsung_msm8974 kernel_samsung_smdk4412 kernel_zuk_msm8996";
 }
 export -f patchAllKernels;
 
@@ -87,6 +87,8 @@ buildAll() {
 	#SD821
 	buildDevice marlin verity;
 	buildDevice sailfish verity;
+	#SD625
+	buildDevice zenfone3; #needs manual patching - fwb xml: fused: dangling tag
 	#SD835
 	buildDevice cheryl; #broken
 	buildDevice mata verity;
diff --git a/Scripts/LineageOS-16.0/Patch.sh b/Scripts/LineageOS-16.0/Patch.sh
index e4246e50..803b5d56 100644
--- a/Scripts/LineageOS-16.0/Patch.sh
+++ b/Scripts/LineageOS-16.0/Patch.sh
@@ -270,6 +270,7 @@ cp "$DOS_SIGNING_KEYS/sailfish/verifiedboot_relkeys.der.x509" "kernel/google/mar
 cp "$DOS_SIGNING_KEYS/z2_plus/verifiedboot_relkeys.der.x509" "kernel/zuk/msm8996/verifiedboot_z2_plus_dos_relkeys.der.x509";
 
 #Fix broken options enabled by hardenDefconfig()
+sed -i "s/CONFIG_STRICT_MEMORY_RWX=y/# CONFIG_STRICT_MEMORY_RWX is not set/" kernel/asus/msm8953/arch/arm64/configs/*_defconfig; #Breaks on compile
 sed -i "s/CONFIG_DEBUG_RODATA=y/# CONFIG_DEBUG_RODATA is not set/" kernel/google/msm/arch/arm/configs/lineageos_*_defconfig; #Breaks on compile
 sed -i "s/CONFIG_DEBUG_RODATA=y/# CONFIG_DEBUG_RODATA is not set/" kernel/lge/mako/arch/arm/configs/lineageos_*_defconfig; #Breaks on compile
 sed -i "s/CONFIG_DEBUG_RODATA=y/# CONFIG_DEBUG_RODATA is not set/" kernel/motorola/msm8974/arch/arm/configs/lineageos_*_defconfig; #Breaks on compile