diff --git a/java-25-openjdk-portable.specfile b/java-25-openjdk-portable.specfile
index f45ab50..f09dfe0 100644
--- a/java-25-openjdk-portable.specfile
+++ b/java-25-openjdk-portable.specfile
@@ -376,7 +376,7 @@
 # Define IcedTea version used for SystemTap tapsets and desktop file
 %global icedteaver      6.0.0pre00-c848b93a8598
 # Define current Git revision for the FIPS support patches
-%global fipsver df044414ef4
+%global fipsver e55ada9353e
 # Define JDK versions
 %global newjavaver %{featurever}.%{interimver}.%{updatever}.%{patchver}
 %global javaver         %{featurever}
@@ -391,7 +391,7 @@
 %global top_level_dir_name   %{vcstag}
 %global top_level_dir_name_backup %{top_level_dir_name}-backup
 %global buildver        10
-%global rpmrelease      2
+%global rpmrelease      3
 #%%global tagsuffix     %%{nil}
 # Priority must be 8 digits in total; up to openjdk 1.8, we were using 18..... so when we moved to 11, we had to add another digit
 %if %is_system_jdk
@@ -643,37 +643,9 @@ Source18: TestTranslations.java
 # as follows: git diff %%{vcstag} src make test > fips-25u-$(git show -s --format=%h HEAD).patch
 # Diff is limited to src and make subdirectories to exclude .github changes
 # Fixes currently included:
-# PR3183, RH1340845: Follow system wide crypto policy
-# PR3695: Allow use of system crypto policy to be disabled by the user
-# RH1655466: Support RHEL FIPS mode using SunPKCS11 provider
-# RH1818909: No ciphersuites availale for SSLSocket in FIPS mode
-# RH1860986: Disable TLSv1.3 with the NSS-FIPS provider until PKCS#11 v3.0 support is available
-# RH1915071: Always initialise JavaSecuritySystemConfiguratorAccess
-# RH1929465: Improve system FIPS detection
-# RH1995150: Disable non-FIPS crypto in SUN and SunEC security providers
-# RH1996182: Login to the NSS software token in FIPS mode
-# RH1991003: Allow plain key import unless com.redhat.fips.plainKeySupport is set to false
-# RH2021263: Resolve outstanding FIPS issues
-# RH2052819: Fix FIPS reliance on crypto policies
-# RH2052829: Detect NSS at Runtime for FIPS detection
-# RH2052070: Enable AlgorithmParameters and AlgorithmParameterGenerator services in FIPS mode
-# RH2023467: Enable FIPS keys export
-# RH2094027: SunEC runtime permission for FIPS
-# RH2036462: sun.security.pkcs11.wrapper.PKCS11.getInstance breakage
-# RH2090378: Revert to disabling system security properties and FIPS mode support together
-# RH2104724: Avoid import/export of DH private keys
-# RH2092507: P11Key.getEncoded does not work for DH keys in FIPS mode
-# Build the systemconf library on all platforms
-# RH2048582: Support PKCS#12 keystores [now part of JDK-8301553 upstream]
-# RH2020290: Support TLS 1.3 in FIPS mode
-# Add nss.fips.cfg support to OpenJDK tree
-# RH2117972: Extend the support for NSS DBs (PKCS11) in FIPS mode
-# Remove forgotten dead code from RH2020290 and RH2104724
-# OJ1357: Fix issue on FIPS with a SecurityManager in place
-# RH2134669: Add missing attributes when registering services in FIPS mode.
-# test/jdk/sun/security/pkcs11/fips/VerifyMissingAttributes.java: fixed jtreg main class
-# RH1940064: Enable XML Signature provider in FIPS mode
-# RH2173781: Avoid calling C_GetInfo() too early, before cryptoki is initialized [now part of JDK-8301553 upstream]
+# OPENJDK-2108: Internal __redhat_fips__ property
+# OPENJDK-2123: Algorithms lockdown
+# OPENJDK-4559: Red Hat Build of OpenJDK 25 should not restrict all the providers in FIPS
 Patch1001: fips-%{featurever}u-%{fipsver}.patch
 
 #############################################
@@ -692,6 +664,15 @@ Patch1001: fips-%{featurever}u-%{fipsver}.patch
 # JDK-8372534: Update Libpng to 1.6.51
 # Integrated in 25.0.3
 Patch2001: jdk8372534-libpng-1.6.51.patch
+# JDK-8375063: Update Libpng to 1.6.54
+# Integrated in 25.0.3
+Patch2002: jdk8375063-libpng-1.6.54.patch
+# JDK-8375057: Update HarfBuzz to 12.3.2
+# Integrated in 25.0.3
+Patch2003: jdk8375057-harfbuzz-12.3.2.patch
+# JDK-8377526: Update Libpng to 1.6.55
+# Integrated in 25.0.3
+Patch2004: jdk8377526-libpng-1.6.55.patch
 
 #############################################
 #
@@ -778,13 +759,13 @@ Provides: bundled(freetype) = 2.13.3
 # Version in src/java.desktop/share/native/libsplashscreen/giflib/gif_lib.h
 Provides: bundled(giflib) = 5.2.2
 # Version in src/java.desktop/share/native/libharfbuzz/hb-version.h
-Provides: bundled(harfbuzz) = 10.4.0
+Provides: bundled(harfbuzz) = 12.3.2
 # Version in src/java.desktop/share/native/liblcms/lcms2.h
 Provides: bundled(lcms2) = 2.17.0
 # Version in src/java.desktop/share/native/libjavajpeg/jpeglib.h
 Provides: bundled(libjpeg) = 6b
 # Version in src/java.desktop/share/native/libsplashscreen/libpng/png.h
-Provides: bundled(libpng) = 1.6.51
+Provides: bundled(libpng) = 1.6.55
 # Version in src/java.base/share/native/libzip/zlib/zlib.h
 Provides: bundled(zlib) = 1.3.1
 # We link statically against libstdc++ to increase portability
@@ -1005,8 +986,11 @@ sh %{SOURCE12} %{top_level_dir_name}
 pushd %{top_level_dir_name}
 # Add crypto policy and FIPS support
 %patch -P1001 -p1
-# Add libpng update ahead of 25.0.3
+# Add libpng & harfbuzz updates ahead of 25.0.3
 %patch -P2001 -p1
+%patch -P2002 -p1
+%patch -P2003 -p1
+%patch -P2004 -p1
 popd # openjdk
 
 echo "Generating %{alt_java_name} man page"
@@ -1974,6 +1958,20 @@ done
 %endif
 
 %changelog
+* Tue Mar 03 2026 Andrew Hughes <gnu.andrew@redhat.com> - 1:25.0.2.0.10-3
+- Update FIPS patch to e55ada9353e to include the fix for the too restrictive provider lockdown
+- Fix FIPS issue list to represent the new 25u version
+- Add JDK-8375063 libpng 1.6.54 ahead of 25.0.3
+- Add JDK-8375057 harfbuzz 12.3.2 ahead of 25.0.3
+- Add JDK-8377526 libpng 1.6.55 ahead of 25.0.3
+- Bump libpng version to 1.6.55 following JDK-8375063 & JDK-8377526
+- Bump harfbuzz version to 12.3.2 following JDK-8375057
+- Resolves: OPENJDK-4570
+- Resolves: OPENJDK-4304
+- Resolves: OPENJDK-4524
+- Resolves: OPENJDK-4544
+- Resolves: OPENJDK-4553
+
 * Mon Jan 12 2026 Andrew Hughes <gnu.andrew@redhat.com> - 1:25.0.2.0.10-2
 - Add JDK-8372534 libpng 1.6.51 ahead of 25.0.3
 - Bump libpng version to 1.6.51 following JDK-8372534
diff --git a/java-25-openjdk.spec b/java-25-openjdk.spec
index 050765b..4947566 100644
--- a/java-25-openjdk.spec
+++ b/java-25-openjdk.spec
@@ -2618,9 +2618,14 @@ exit 0
 - Add tagging scripts with signature checks and gating handling
 - Update tagged versions to include 9.8.0-z, 9.9.0, 10.2-z & 10.3.
 - Add gating scripts to simplify obtaining results and waiving issues
+- Sync the copy of the portable specfile with the latest update
 - Resolves: RHEL-155327
 - Resolves: RHEL-155337
 - Resolves: RHEL-155339
+- Related: RHEL-155000
+- Related: RHEL-146649
+- Related: RHEL-148327
+- Related: RHEL-148830
 
 * Wed Mar 11 2026 Thomas Fitzsimmons <fitzsim@redhat.com> - 1:25.0.2.0.10-3
 - Disable abidiff inspection in rpminspect.yaml to avoid an out-of-memory error on the CentOS test farm