diff --git a/SOURCES/ruby-2.6.8-rdoc-6.1.2.1-command-injection-vulnerability.patch b/SOURCES/ruby-2.6.8-rdoc-6.1.2.1-command-injection-vulnerability.patch
index 29b0a96..2cca400 100644
--- a/SOURCES/ruby-2.6.8-rdoc-6.1.2.1-command-injection-vulnerability.patch
+++ b/SOURCES/ruby-2.6.8-rdoc-6.1.2.1-command-injection-vulnerability.patch
@@ -26,6 +26,43 @@ index ca2c1abefd..46aace7839 100644
             io.read(100) =~ /\A(\f\n[^,]+,\d+$|!_TAG_)/
           })
      end
+--- a/lib/rdoc/encoding.rb	2022-02-16 16:51:28.080178281 +0100
++++ b/lib/rdoc/encoding.rb	2022-02-16 16:51:37.108160840 +0100
+@@ -18,7 +18,7 @@
+   # unknown character in the target encoding will be replaced with '?'
+ 
+   def self.read_file filename, encoding, force_transcode = false
+-    content = open filename, "rb" do |f| f.read end
++    content = File.open filename, "rb" do |f| f.read end
+     content.gsub!("\r\n", "\n") if RUBY_PLATFORM =~ /mswin|mingw/
+ 
+     utf8 = content.sub!(/\A\xef\xbb\xbf/, '')
+--- a/lib/rdoc/parser.rb	2021-04-05 13:46:35.000000000 +0200
++++ b/lib/rdoc/parser.rb	2022-02-16 15:37:17.904822389 +0100
+@@ -74,7 +74,12 @@
+   def self.binary?(file)
+     return false if file =~ /\.(rdoc|txt)$/
+ 
+-    s = File.read(file, 1024) or return false
++    begin
++      open_file = File.open(file)
++      s = open_file.read(1024) or return false
++    ensure
++      open_file.close if open_file
++    end
+ 
+     return true if s[0, 2] == Marshal.dump('')[0, 2] or s.index("\x00")
+ 
+@@ -92,7 +97,8 @@
+   # http://www.garykessler.net/library/file_sigs.html
+ 
+   def self.zip? file
+-    zip_signature = File.read file, 4
++    zip_signature = ''
++    File.open(file) { |f| zip_signature = f.read(4) }
+ 
+     zip_signature == "PK\x03\x04" or
+       zip_signature == "PK\x05\x06" or
 diff --git a/test/rdoc/test_rdoc_rdoc.rb b/test/rdoc/test_rdoc_rdoc.rb
 index 3bce54b243..123b1a4f87 100644
 --- a/test/rdoc/test_rdoc_rdoc.rb
diff --git a/SPECS/ruby.spec b/SPECS/ruby.spec
index d6ba9c7..d2cdffa 100644
--- a/SPECS/ruby.spec
+++ b/SPECS/ruby.spec
@@ -21,7 +21,7 @@
 %endif
 
 
-%global release 108
+%global release 109
 
 %{!?release_string:%global release_string %{?development_release:0.}%{release}%{?development_release:.%{development_release}}%{?dist}}
 
@@ -1142,6 +1142,10 @@ OPENSSL_SYSTEM_CIPHERS_OVERRIDE=xyz_nonexistent_file OPENSSL_CONF='' \
 %{gem_dir}/specifications/xmlrpc-%{xmlrpc_version}.gemspec
 
 %changelog
+* Wed Feb 16 2022 Jarek Prokop <jprokop@redhat.com> - 2.5.9-109
+- Properly fix command injection vulnerability in Rdoc.
+  Related: CVE-2021-31799
+
 * Wed Feb 09 2022 Jarek Prokop <jprokop@redhat.com> - 2.5.9-108
 - Fix command injection vulnerability in RDoc.
   Resolves: CVE-2021-31799