diff --git a/0001-Use-fstack-protector-strong-compiler-flag.patch b/0001-Use-fstack-protector-strong-compiler-flag.patch
new file mode 100644
index 0000000..6c520f2
--- /dev/null
+++ b/0001-Use-fstack-protector-strong-compiler-flag.patch
@@ -0,0 +1,31 @@
+From 6ab64f1d0686817d17420a39284efdbe46b42f61 Mon Sep 17 00:00:00 2001
+From: Chris Kelley <ckelley@redhat.com>
+Date: Thu, 2 Dec 2021 14:40:58 +0000
+Subject: [PATCH] Use -fstack-protector-strong compiler flag
+
+* Fixes gating issues with annobin
+
+Resolves: #1936636
+---
+ cmake/Modules/DefineCompilerFlags.cmake | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/cmake/Modules/DefineCompilerFlags.cmake b/cmake/Modules/DefineCompilerFlags.cmake
+index 10d30f1a9..413648d13 100644
+--- a/cmake/Modules/DefineCompilerFlags.cmake
++++ b/cmake/Modules/DefineCompilerFlags.cmake
+@@ -22,9 +22,9 @@ if (UNIX AND NOT WIN32)
+             set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fPIC")
+         endif (WITH_FPIC)
+ 
+-        check_c_compiler_flag_ssp("-fstack-protector" WITH_STACK_PROTECTOR)
++        check_c_compiler_flag_ssp("-fstack-protector-strong" WITH_STACK_PROTECTOR)
+         if (WITH_STACK_PROTECTOR)
+-            set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fstack-protector")
++            set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fstack-protector-strong")
+         endif (WITH_STACK_PROTECTOR)
+ 
+         check_c_compiler_flag("-D_FORTIFY_SOURCE=2" WITH_FORTIFY_SOURCE)
+-- 
+2.33.1
+
diff --git a/pki-core.spec b/pki-core.spec
index 19b5f8e..06da6db 100644
--- a/pki-core.spec
+++ b/pki-core.spec
@@ -16,7 +16,7 @@ License:          GPLv2 and LGPLv2
 # For development (i.e. unsupported) releases, use x.y.z-0.n.<phase>.
 # For official (i.e. supported) releases, use x.y.z-r where r >=1.
 Version:          11.0.1
-Release:          2%{?_timestamp}%{?_commit_id}%{?dist}
+Release:          3%{?_timestamp}%{?_commit_id}%{?dist}
 #global           _phase -alpha1
 
 # To create a tarball from a version tag:
@@ -26,6 +26,7 @@ Release:          2%{?_timestamp}%{?_commit_id}%{?dist}
 #     -o pki-<version>.tar.gz \
 #     <version tag>
 Source: https://github.com/dogtagpki/pki/archive/v%{version}%{?_phase}/pki-%{version}%{?_phase}.tar.gz
+Patch1: 0001-Use-fstack-protector-strong-compiler-flag.patch
 
 # To create a patch for all changes since a version tag:
 # $ git format-patch \
@@ -1369,6 +1370,9 @@ fi
 
 ################################################################################
 %changelog
+* Thu Dec 02 2021 Red Hat PKI Team <rhcs-maint@redhat.com> - 11.0.1-3
+- Change gcc compiler flags to fix annobin gating failures
+
 * Tue Nov 23 2021 Red Hat PKI Team <rhcs-maint@redhat.com> - 11.0.1-2
 - Rebase to PKI 11.0.1