diff --git a/PrebuiltApps b/PrebuiltApps
index b1c4f695..5e1c4c88 160000
--- a/PrebuiltApps
+++ b/PrebuiltApps
@@ -1 +1 @@
-Subproject commit b1c4f69538a8b6899bc394207bc67007b13cc7d6
+Subproject commit 5e1c4c8893a5997ade460f37565637178a4b8d0b
diff --git a/Scripts/Common/Functions.sh b/Scripts/Common/Functions.sh
index d17c74fd..d8b633c0 100644
--- a/Scripts/Common/Functions.sh
+++ b/Scripts/Common/Functions.sh
@@ -254,7 +254,7 @@ hardenUserdata() {
 
 	#TODO: Ensure: noatime,nosuid,nodev
 	sed -i '/\/data/{/discard/!s|nosuid|discard,nosuid|}' fstab.* root/fstab.* rootdir/fstab.* rootdir/*/fstab.* &>/dev/null || true;
-	if [ "$1" != "device/samsung/tuna" ] && [ "$1" != "device/asus/grouper" ]; then #tuna needs first boot to init, grouper *extremely* slow
+	if [ "$1" != "device/samsung/tuna" ]; then #tuna needs first boot to init
 		sed -i 's|encryptable=/|forceencrypt=/|' fstab.* root/fstab.* rootdir/fstab.* rootdir/*/fstab.* &>/dev/null || true;
 	fi;
 	echo "Hardened /data for $1";
diff --git a/Scripts/LineageOS-11.0/Functions.sh b/Scripts/LineageOS-11.0/Functions.sh
index d33172cb..120aea21 100644
--- a/Scripts/LineageOS-11.0/Functions.sh
+++ b/Scripts/LineageOS-11.0/Functions.sh
@@ -30,7 +30,7 @@ export -f resetWorkspace;
 scanWorkspaceForMalware() {
 	scanQueue="$DOS_BUILD_BASE/abi $DOS_BUILD_BASE/android $DOS_BUILD_BASE/bionic $DOS_BUILD_BASE/bootable $DOS_BUILD_BASE/build $DOS_BUILD_BASE/dalvik $DOS_BUILD_BASE/device $DOS_BUILD_BASE/hardware $DOS_BUILD_BASE/libcore $DOS_BUILD_BASE/libnativehelper $DOS_BUILD_BASE/ndk $DOS_BUILD_BASE/packages $DOS_BUILD_BASE/pdk $DOS_BUILD_BASE/sdk $DOS_BUILD_BASE/system";
 	scanQueue=$scanQueue" $DOS_BUILD_BASE/vendor/cm $DOS_BUILD_BASE/vendor/cmsdk";
-	scanForMalware true $scanQueue;
+	scanForMalware true "$scanQueue";
 }
 export -f scanWorkspaceForMalware;
 
diff --git a/Scripts/LineageOS-14.1/Functions.sh b/Scripts/LineageOS-14.1/Functions.sh
index e8f1a1f0..650b0e60 100644
--- a/Scripts/LineageOS-14.1/Functions.sh
+++ b/Scripts/LineageOS-14.1/Functions.sh
@@ -30,7 +30,7 @@ export -f resetWorkspace;
 scanWorkspaceForMalware() {
 	scanQueue="$DOS_BUILD_BASE/abi $DOS_BUILD_BASE/android $DOS_BUILD_BASE/art $DOS_BUILD_BASE/bionic $DOS_BUILD_BASE/bootable $DOS_BUILD_BASE/build $DOS_BUILD_BASE/dalvik $DOS_BUILD_BASE/device $DOS_BUILD_BASE/hardware $DOS_BUILD_BASE/libcore $DOS_BUILD_BASE/libnativehelper $DOS_BUILD_BASE/ndk $DOS_BUILD_BASE/packages $DOS_BUILD_BASE/pdk $DOS_BUILD_BASE/platform_testing $DOS_BUILD_BASE/sdk $DOS_BUILD_BASE/system";
 	scanQueue=$scanQueue" $DOS_BUILD_BASE/vendor/cm $DOS_BUILD_BASE/vendor/cmsdk";
-	scanForMalware true $scanQueue;
+	scanForMalware true "$scanQueue";
 }
 export -f scanWorkspaceForMalware;
 
diff --git a/Scripts/LineageOS-15.1/Functions.sh b/Scripts/LineageOS-15.1/Functions.sh
index a1fc0cc7..6a95e319 100644
--- a/Scripts/LineageOS-15.1/Functions.sh
+++ b/Scripts/LineageOS-15.1/Functions.sh
@@ -30,7 +30,7 @@ export -f resetWorkspace;
 scanWorkspaceForMalware() {
 	scanQueue="$DOS_BUILD_BASE/android $DOS_BUILD_BASE/art $DOS_BUILD_BASE/bionic $DOS_BUILD_BASE/bootable $DOS_BUILD_BASE/build $DOS_BUILD_BASE/compatibility $DOS_BUILD_BASE/dalvik $DOS_BUILD_BASE/device $DOS_BUILD_BASE/hardware $DOS_BUILD_BASE/libcore $DOS_BUILD_BASE/libnativehelper $DOS_BUILD_BASE/packages $DOS_BUILD_BASE/pdk $DOS_BUILD_BASE/platform_testing $DOS_BUILD_BASE/sdk $DOS_BUILD_BASE/system";
 	scanQueue=$scanQueue" $DOS_BUILD_BASE/lineage-sdk $DOS_BUILD_BASE/vendor/lineage";
-	scanForMalware true $scanQueue;
+	scanForMalware true "$scanQueue";
 }
 export -f scanWorkspaceForMalware;
 
@@ -84,10 +84,8 @@ export -f buildAll;
 patchWorkspace() {
 	if [ "$DOS_MALWARE_SCAN_ENABLED" = true ]; then scanForMalware false "$DOS_PREBUILT_APPS $DOS_BUILD_BASE/build $DOS_BUILD_BASE/device $DOS_BUILD_BASE/vendor/lineage"; fi;
 
-	source build/envsetup.sh;
+	#source build/envsetup.sh;
 	#repopick 219020; #ab-neverallow-user
-	#repopick -it bt-sbc-hd-dualchannel;
-	repopick 244160; #ramdisk compression fix
 
 	source "$DOS_SCRIPTS/Patch.sh";
 	source "$DOS_SCRIPTS/Defaults.sh";
diff --git a/Scripts/LineageOS-16.0/CVE_Patchers/android_kernel_lge_mako.sh b/Scripts/LineageOS-16.0/CVE_Patchers/android_kernel_lge_mako.sh
index 2c3b2f4e..ad4d234d 100644
--- a/Scripts/LineageOS-16.0/CVE_Patchers/android_kernel_lge_mako.sh
+++ b/Scripts/LineageOS-16.0/CVE_Patchers/android_kernel_lge_mako.sh
@@ -17,6 +17,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-3857/ANY/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-3894/ANY/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-5829/ANY/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6753/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6791/ANY/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6828/ANY/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-7910/ANY/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-7915/ANY/0001.patch
@@ -30,9 +31,11 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-9793/ANY/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-9794/ANY/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0403/3.0-^3.18/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0404/^3.18/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0611/3.4/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0648/ANY/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0710/ANY/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0750/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0751/ANY/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0786/ANY/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-11473/ANY/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-13305/ANY/0001.patch
@@ -57,7 +60,11 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-7184/ANY/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-7184/ANY/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-7308/ANY/0003.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-7487/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-8246/3.4/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-8246/3.4/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-8247/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-8254/3.4/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-8254/3.4/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-8890/3.4/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-9242/^4.11/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-1068/ANY/0001.patch
@@ -66,6 +73,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10879/3.4/0003.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10880/3.4/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10882/3.4/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10883/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-11832/ANY/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-9389/ANY/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-9416/ANY/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-9516/ANY/0001.patch
@@ -80,5 +88,5 @@ git apply $DOS_PATCHES_LINUX_CVES/Untracked-02/ANY/kernel.msm.git-7be3e08d7a5232
 git apply $DOS_PATCHES_LINUX_CVES/Untracked-02/ANY/kernel.msm.git-9f34c6ebc016cd061ae5ec901221d15fa3d67e49.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0750/ANY/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-1000111/ANY/0001.patch
-editKernelLocalversion "-dos.p80"
+editKernelLocalversion "-dos.p88"
 cd "$DOS_BUILD_BASE"
diff --git a/Scripts/LineageOS-16.0/CVE_Patchers/android_kernel_motorola_msm8996.sh b/Scripts/LineageOS-16.0/CVE_Patchers/android_kernel_motorola_msm8996.sh
index 913c1691..88ccb2b6 100644
--- a/Scripts/LineageOS-16.0/CVE_Patchers/android_kernel_motorola_msm8996.sh
+++ b/Scripts/LineageOS-16.0/CVE_Patchers/android_kernel_motorola_msm8996.sh
@@ -72,11 +72,12 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-5865/ANY/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-5897/ANY/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-9415/ANY/0002.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-9515/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-1999/ANY/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-8912/ANY/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6693/ANY/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6696/ANY/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0610/ANY/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0750/ANY/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-14883/ANY/0001.patch
-editKernelLocalversion "-dos.p78"
+editKernelLocalversion "-dos.p79"
 cd "$DOS_BUILD_BASE"
diff --git a/Scripts/LineageOS-16.0/CVE_Patchers/android_kernel_oppo_msm8974.sh b/Scripts/LineageOS-16.0/CVE_Patchers/android_kernel_oppo_msm8974.sh
index 2ff33fa8..e5aecdac 100644
--- a/Scripts/LineageOS-16.0/CVE_Patchers/android_kernel_oppo_msm8974.sh
+++ b/Scripts/LineageOS-16.0/CVE_Patchers/android_kernel_oppo_msm8974.sh
@@ -47,9 +47,10 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10879/3.4/0003.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10880/3.4/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10882/3.4/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2018-10883/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-2001/3.4/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-8912/ANY/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/Untracked-01/ANY/0008-nfsd-check-for-oversized-NFSv2-v3-arguments.patch
 git apply $DOS_PATCHES_LINUX_CVES/Untracked-02/ANY/kernel.msm.git-9f34c6ebc016cd061ae5ec901221d15fa3d67e49.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0750/ANY/0001.patch
-editKernelLocalversion "-dos.p51"
+editKernelLocalversion "-dos.p52"
 cd "$DOS_BUILD_BASE"
diff --git a/Scripts/LineageOS-16.0/Functions.sh b/Scripts/LineageOS-16.0/Functions.sh
index b89ed376..f36cd029 100644
--- a/Scripts/LineageOS-16.0/Functions.sh
+++ b/Scripts/LineageOS-16.0/Functions.sh
@@ -30,7 +30,7 @@ export -f resetWorkspace;
 scanWorkspaceForMalware() {
 	scanQueue="$DOS_BUILD_BASE/android $DOS_BUILD_BASE/art $DOS_BUILD_BASE/bionic $DOS_BUILD_BASE/bootable $DOS_BUILD_BASE/build $DOS_BUILD_BASE/compatibility $DOS_BUILD_BASE/dalvik $DOS_BUILD_BASE/device $DOS_BUILD_BASE/hardware $DOS_BUILD_BASE/libcore $DOS_BUILD_BASE/libnativehelper $DOS_BUILD_BASE/packages $DOS_BUILD_BASE/pdk $DOS_BUILD_BASE/platform_testing $DOS_BUILD_BASE/sdk $DOS_BUILD_BASE/system";
 	scanQueue=$scanQueue" $DOS_BUILD_BASE/lineage-sdk $DOS_BUILD_BASE/vendor/lineage";
-	scanForMalware true $scanQueue;
+	scanForMalware true "$scanQueue";
 }
 export -f scanWorkspaceForMalware;
 
@@ -66,6 +66,7 @@ patchWorkspace() {
 	#repopick -it bt-sbc-hd-dualchannel-pie;
 	repopick 244148; #log spam fix
 	#repopick -it recovery-p;
+	repopick 245252; #update webview
 
 	source "$DOS_SCRIPTS/Patch.sh";
 	source "$DOS_SCRIPTS/Defaults.sh";
diff --git a/Scripts/init.sh b/Scripts/init.sh
index c5a52bd9..f415c99e 100644
--- a/Scripts/init.sh
+++ b/Scripts/init.sh
@@ -89,6 +89,7 @@ gpgVerifyGitHead() {
 export -f gpgVerifyGitHead;
 
 BUILD_WORKING_DIR=${PWD##*/};
+DOS_VERSION=$BUILD_WORKING_DIR;
 if [ -d ".repo" ]; then
 	echo "Detected $BUILD_WORKING_DIR";
 else