diff --git a/curl-7.18.2-nss-thread-safety.patch b/curl-7.18.2-nss-thread-safety.patch
new file mode 100644
index 0000000..a566598
--- /dev/null
+++ b/curl-7.18.2-nss-thread-safety.patch
@@ -0,0 +1,68 @@
+diff -u --recursive curl-7.18.2.orig/lib/nss.c curl-7.18.2/lib/nss.c
+--- curl-7.18.2.orig/lib/nss.c	2008-05-26 11:02:49.000000000 -0400
++++ curl-7.18.2/lib/nss.c	2008-09-03 13:33:32.000000000 -0400
+@@ -73,6 +73,8 @@
+ 
+ PRFileDesc *PR_ImportTCPSocket(PRInt32 osfd);
+ 
++PRLock * nss_initlock = NULL;
++
+ int initialized = 0;
+ 
+ #define HANDSHAKE_TIMEOUT 30
+@@ -718,9 +720,12 @@
+  * @retval 1 SSL initialized successfully
+  */
+ int Curl_nss_init(void)
+-{
+-  if(!initialized)
++{ 
++  /* curl_global_init() is not thread-safe so this test is ok */
++  if (nss_initlock == NULL) {
+     PR_Init(PR_USER_THREAD, PR_PRIORITY_NORMAL, 256);
++    nss_initlock = PR_NewLock();
++  }
+ 
+   /* We will actually initialize NSS later */
+ 
+@@ -730,7 +735,17 @@
+ /* Global cleanup */
+ void Curl_nss_cleanup(void)
+ {
+-  NSS_Shutdown();
++  /* This function isn't required to be threadsafe and this is only done
++   * as a safety feature.
++   */
++  PR_Lock(nss_initlock);
++  if (initialized)
++    NSS_Shutdown();
++  PR_Unlock(nss_initlock);
++
++  PR_DestroyLock(nss_initlock);
++  nss_initlock = NULL;
++
+   initialized = 0;
+ }
+ 
+@@ -805,7 +820,8 @@
+   curlerr = CURLE_SSL_CONNECT_ERROR;
+ 
+   /* FIXME. NSS doesn't support multiple databases open at the same time. */
+-  if(!initialized) {
++  PR_Lock(nss_initlock);
++  if(!initialized && !NSS_IsInitialized()) {
+     initialized = 1;
+ 
+     certDir = getenv("SSL_DIR"); /* Look in $SSL_DIR */
+@@ -829,8 +845,11 @@
+     if(rv != SECSuccess) {
+       infof(conn->data, "Unable to initialize NSS database\n");
+       curlerr = CURLE_SSL_CACERT_BADFILE;
++      PR_Unlock(nss_initlock);
++      initialized = 0;
+       goto error;
+     }
++    PR_Unlock(nss_initlock);
+ 
+     NSS_SetDomesticPolicy();
+ 
diff --git a/curl.spec b/curl.spec
index d18591a..c6b4fc8 100644
--- a/curl.spec
+++ b/curl.spec
@@ -4,7 +4,7 @@
 Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
 Name: curl
 Version: 7.18.2
-Release: 3%{?dist}
+Release: 5%{?dist}
 License: MIT
 Group: Applications/Internet
 Source: http://curl.haxx.se/download/%{name}-%{version}.tar.bz2
@@ -12,6 +12,7 @@ Patch1: curl-7.15.3-multilib.patch
 Patch2: curl-7.16.0-privlibs.patch
 Patch3: curl-7.17.1-badsocket.patch
 Patch4: curl-7.18.2-nssproxy.patch
+Patch5: curl-7.18.2-nss-thread-safety.patch
 Provides: webclient
 URL: http://curl.haxx.se/
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -44,6 +45,7 @@ use cURL's capabilities internally.
 %patch2 -p1 -b .privlibs
 %patch3 -p1 -b .badsocket
 %patch4 -p1 -b .nssproxy
+%patch5 -p1 -b .nssthreadsafety
 
 # Convert docs to UTF-8
 for f in CHANGES README; do
@@ -111,6 +113,9 @@ rm -rf $RPM_BUILD_ROOT
 %{_datadir}/aclocal/libcurl.m4
 
 %changelog
+* Wed Sep 03 2008 Warren Togami <wtogami@redhat.com> 7.18.2-5
+- add thread safety to libcurl NSS cleanup() functions (#459297)
+
 * Fri Aug 22 2008 Tom "spot" Callaway <tcallawa@redhat.com> 7.18.2-3
 - undo mini libcurl.so.3