diff --git a/net-libs/webkit-gtk/patches/webkit_gtk-2.40.0.patchset b/net-libs/webkit-gtk/patches/webkit_gtk-2.40.0.patchset
index b9be40335..d5c79f97c 100644
--- a/net-libs/webkit-gtk/patches/webkit_gtk-2.40.0.patchset
+++ b/net-libs/webkit-gtk/patches/webkit_gtk-2.40.0.patchset
@@ -480,222 +480,6 @@ index e5cac15..5dabd58 100644
  #elif OS(LINUX)
      prctl(PR_SET_NAME, normalizeThreadName(threadName));
  #else
-diff --git a/Source/WebCore/Modules/mediastream/gstreamer/GStreamerWebRTCUtils.cpp b/Source/WebCore/Modules/mediastream/gstreamer/GStreamerWebRTCUtils.cpp
-index a468d15..dc07bad 100644
---- a/Source/WebCore/Modules/mediastream/gstreamer/GStreamerWebRTCUtils.cpp
-+++ b/Source/WebCore/Modules/mediastream/gstreamer/GStreamerWebRTCUtils.cpp
-@@ -22,13 +22,14 @@
- #if ENABLE(WEB_RTC) && USE(GSTREAMER_WEBRTC)
- #include "GStreamerWebRTCUtils.h"
- 
--#include "OpenSSLCryptoUniquePtr.h"
- #include "RTCIceCandidate.h"
- #include "RTCIceProtocol.h"
-+
- #include <openssl/bn.h>
- #include <openssl/rsa.h>
- #include <openssl/ssl.h>
- #include <wtf/CryptographicallyRandomNumber.h>
-+#include <wtf/Scope.h>
- #include <wtf/WallTime.h>
- #include <wtf/text/Base64.h>
- #include <wtf/text/StringToIntegerConversion.h>
-@@ -292,16 +293,20 @@ std::optional<RTCIceCandidate::Fields> parseIceCandidateSDP(const String& sdp)
- 
- static String x509Serialize(X509* x509)
- {
--    auto bio = BIOPtr(BIO_new(BIO_s_mem()));
-+    BIO* bio = BIO_new(BIO_s_mem());
-     if (!bio)
-         return { };
- 
--    if (!PEM_write_bio_X509(bio.get(), x509))
-+    auto scopeExit = WTF::makeScopeExit([&] {
-+        BIO_free(bio);
-+    });
-+
-+    if (!PEM_write_bio_X509(bio, x509))
-         return { };
- 
-     Vector<char> buffer;
-     buffer.reserveCapacity(4096);
--    int length = BIO_read(bio.get(), buffer.data(), 4096);
-+    int length = BIO_read(bio, buffer.data(), 4096);
-     if (!length)
-         return { };
- 
-@@ -310,16 +315,20 @@ static String x509Serialize(X509* x509)
- 
- static String privateKeySerialize(EVP_PKEY* privateKey)
- {
--    auto bio = BIOPtr(BIO_new(BIO_s_mem()));
-+    BIO* bio = BIO_new(BIO_s_mem());
-     if (!bio)
-         return { };
- 
--    if (!PEM_write_bio_PrivateKey(bio.get(), privateKey, nullptr, nullptr, 0, nullptr, nullptr))
-+    auto scopeExit = WTF::makeScopeExit([&] {
-+        BIO_free(bio);
-+    });
-+
-+    if (!PEM_write_bio_PrivateKey(bio, privateKey, nullptr, nullptr, 0, nullptr, nullptr))
-         return { };
- 
-     Vector<char> buffer;
-     buffer.reserveCapacity(4096);
--    int length = BIO_read(bio.get(), buffer.data(), 4096);
-+    int length = BIO_read(bio, buffer.data(), 4096);
-     if (!length)
-         return { };
- 
-@@ -329,74 +338,66 @@ static String privateKeySerialize(EVP_PKEY* privateKey)
- std::optional<Ref<RTCCertificate>> generateCertificate(Ref<SecurityOrigin>&& origin, const PeerConnectionBackend::CertificateInformation& info)
- {
-     ensureDebugCategoryInitialized();
--    EvpPKeyPtr privateKey;
-+    EVP_PKEY* privateKey = EVP_PKEY_new();
-+    if (!privateKey) {
-+        GST_WARNING("Failed to create private key");
-+        return { };
-+    }
-+
-+    auto scopeExit = WTF::makeScopeExit([&] {
-+        EVP_PKEY_free(privateKey);
-+    });
- 
-     switch (info.type) {
-     case PeerConnectionBackend::CertificateInformation::Type::ECDSAP256: {
--        privateKey.reset(EVP_EC_gen("prime256v1"));
--        if (!privateKey)
-+        EC_KEY* ecKey = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
-+        // Ensure curve name is included when EC key is serialized.
-+        // Without this call, OpenSSL versions before 1.1.0 will create
-+        // certificates that don't work for TLS.
-+        // This is a no-op for BoringSSL and OpenSSL 1.1.0+
-+        EC_KEY_set_asn1_flag(ecKey, OPENSSL_EC_NAMED_CURVE);
-+        if (!privateKey || !ecKey || !EC_KEY_generate_key(ecKey) || !EVP_PKEY_assign_EC_KEY(privateKey, ecKey)) {
-+            EC_KEY_free(ecKey);
-             return { };
-+        }
-         break;
-     }
-     case PeerConnectionBackend::CertificateInformation::Type::RSASSAPKCS1v15: {
--        int publicExponent = info.rsaParameters ? info.rsaParameters->publicExponent : 65537;
--        auto modulusLength = info.rsaParameters ? info.rsaParameters->modulusLength : 2048;
--
--        auto ctx = EvpPKeyCtxPtr(EVP_PKEY_CTX_new_from_name(nullptr, "RSA", nullptr));
--        if (!ctx)
--            return { };
--
--        EVP_PKEY_keygen_init(ctx.get());
--
--        auto paramsBuilder = OsslParamBldPtr(OSSL_PARAM_BLD_new());
--        if (!paramsBuilder)
--            return { };
--
--        auto exponent = BIGNUMPtr(BN_new());
--        if (!BN_set_word(exponent.get(), publicExponent))
--            return { };
--
--        auto modulus = BIGNUMPtr(BN_new());
--        if (!BN_set_word(modulus.get(), modulusLength))
--            return { };
--
--        if (!OSSL_PARAM_BLD_push_BN(paramsBuilder.get(), "n", modulus.get()))
--            return { };
--
--        if (!OSSL_PARAM_BLD_push_BN(paramsBuilder.get(), "e", exponent.get()))
--            return { };
--
--        if (!OSSL_PARAM_BLD_push_BN(paramsBuilder.get(), "d", nullptr))
-+        RSA* rsa = RSA_new();
-+        if (!rsa)
-             return { };
- 
--        auto params = OsslParamPtr(OSSL_PARAM_BLD_to_param(paramsBuilder.get()));
--        if (!params)
--            return { };
--
--        EVP_PKEY_CTX_set_params(ctx.get(), params.get());
--
--        EVP_PKEY* pkey = nullptr;
--        EVP_PKEY_generate(ctx.get(), &pkey);
--        if (!pkey)
-+        BIGNUM* exponent = BN_new();
-+        int publicExponent = info.rsaParameters ? info.rsaParameters->publicExponent : 65537;
-+        auto modulusLength = info.rsaParameters ? info.rsaParameters->modulusLength : 2048;
-+        if (!BN_set_word(exponent, publicExponent) || !RSA_generate_key_ex(rsa, modulusLength, exponent, nullptr)
-+            || !EVP_PKEY_assign_RSA(privateKey, rsa)) {
-+            RSA_free(rsa);
-             return { };
--        privateKey.reset(pkey);
-+        }
-+        BN_free(exponent);
-         break;
-     }
-     }
- 
--    auto x509 = X509Ptr(X509_new());
-+    X509* x509 = X509_new();
-     if (!x509) {
-         GST_WARNING("Failed to create certificate");
-         return { };
-     }
- 
--    X509_set_version(x509.get(), 2);
-+    auto certScopeExit = WTF::makeScopeExit([&] {
-+        X509_free(x509);
-+    });
-+
-+    X509_set_version(x509, 2);
- 
-     // Set a random 64 bit integer as serial number.
--    auto serialNumber = BIGNUMPtr(BN_new());
--    BN_rand(serialNumber.get(), 64, 0, 0);
--    ASN1_INTEGER* asn1SerialNumber = X509_get_serialNumber(x509.get());
--    BN_to_ASN1_INTEGER(serialNumber.get(), asn1SerialNumber);
-+    BIGNUM* serialNumber = BN_new();
-+    BN_pseudo_rand(serialNumber, 64, 0, 0);
-+    ASN1_INTEGER* asn1SerialNumber = X509_get_serialNumber(x509);
-+    BN_to_ASN1_INTEGER(serialNumber, asn1SerialNumber);
-+    BN_free(serialNumber);
- 
-     // Set a random 8 byte base64 string as issuer/subject.
-     X509_NAME* name = X509_NAME_new();
-@@ -404,25 +405,25 @@ std::optional<Ref<RTCCertificate>> generateCertificate(Ref<SecurityOrigin>&& ori
-     WTF::cryptographicallyRandomValues(buffer.data(), buffer.size());
-     auto commonName = base64EncodeToString(buffer);
-     X509_NAME_add_entry_by_NID(name, NID_commonName, MBSTRING_ASC, (const guchar*)commonName.ascii().data(), -1, -1, 0);
--    X509_set_subject_name(x509.get(), name);
--    X509_set_issuer_name(x509.get(), name);
-+    X509_set_subject_name(x509, name);
-+    X509_set_issuer_name(x509, name);
-     X509_NAME_free(name);
- 
-     // Fallback to 30 days, max out at one year.
-     uint64_t expires = info.expires.value_or(2592000);
-     expires = std::min<uint64_t>(expires, 31536000000);
--    X509_gmtime_adj(X509_getm_notBefore(x509.get()), 0);
--    X509_gmtime_adj(X509_getm_notAfter(x509.get()), expires);
--    X509_set_pubkey(x509.get(), privateKey.get());
-+    X509_gmtime_adj(X509_getm_notBefore(x509), 0);
-+    X509_gmtime_adj(X509_getm_notAfter(x509), expires);
-+    X509_set_pubkey(x509, privateKey);
- 
--    if (!X509_sign(x509.get(), privateKey.get(), EVP_sha256())) {
-+    if (!X509_sign(x509, privateKey, EVP_sha256())) {
-         GST_WARNING("Failed to sign certificate");
-         return { };
-     }
- 
--    auto pem = x509Serialize(x509.get());
-+    auto pem = x509Serialize(x509);
-     GST_DEBUG("Generated certificate PEM: %s", pem.ascii().data());
--    auto serializedPrivateKey = privateKeySerialize(privateKey.get());
-+    auto serializedPrivateKey = privateKeySerialize(privateKey);
-     Vector<RTCCertificate::DtlsFingerprint> fingerprints;
-     // FIXME: Fill fingerprints.
-     auto expirationTime = WTF::WallTime::now().secondsSinceEpoch() + WTF::Seconds(expires);
 diff --git a/Source/WebCore/inspector/InspectorFrontendHost.cpp b/Source/WebCore/inspector/InspectorFrontendHost.cpp
 index 5c4e75c..18e7db0 100644
 --- a/Source/WebCore/inspector/InspectorFrontendHost.cpp
diff --git a/net-libs/webkit-gtk/webkit_gtk-2.40.0.recipe b/net-libs/webkit-gtk/webkit_gtk-2.40.0.recipe
index 368910834..e1e94aa42 100644
--- a/net-libs/webkit-gtk/webkit_gtk-2.40.0.recipe
+++ b/net-libs/webkit-gtk/webkit_gtk-2.40.0.recipe
@@ -12,7 +12,7 @@ COPYRIGHT="2009‒2023 The WebKitGTK Team"
 LICENSE="GNU LGPL v2
 	BSD (2-clause)
 	"
-REVISION="2"
+REVISION="3"
 SOURCE_URI="https://www.webkitgtk.org/releases/webkitgtk-$portVersion.tar.xz"
 CHECKSUM_SHA256="a4607ea1bf89669e89b1cb2c63faaec513f93de09b6ae60cc71d6a8aab7ab393"
 SOURCE_DIR="webkitgtk-$portVersion"