diff --git a/SQLAlchemy-1.3.22.tar.gz b/SQLAlchemy-1.3.22.tar.gz
deleted file mode 100644
index 03b1f25..0000000
--- a/SQLAlchemy-1.3.22.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:758fc8c4d6c0336e617f9f6919f9daea3ab6bb9b07005eda9a1a682e24a6cacc
-size 6300186
diff --git a/SQLAlchemy-1.3.23.tar.gz b/SQLAlchemy-1.3.23.tar.gz
new file mode 100644
index 0000000..c3434b2
--- /dev/null
+++ b/SQLAlchemy-1.3.23.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:6fca33672578666f657c131552c4ef8979c1606e494f78cd5199742dfb26918b
+size 6313652
diff --git a/python-SQLAlchemy.changes b/python-SQLAlchemy.changes
index cb778b2..3724728 100644
--- a/python-SQLAlchemy.changes
+++ b/python-SQLAlchemy.changes
@@ -1,3 +1,17 @@
+-------------------------------------------------------------------
+Tue Feb 23 17:27:18 UTC 2021 - Matej Cepl <mcepl@suse.com>
+
+- Add tests_overcome_bpo42967.patch to over effects of bpo#42967,
+  which forbade mixing amps and semicolons in query strings as
+  separators (gh#sqlalchemy/sqlalchemy#5969).
+
+-------------------------------------------------------------------
+Tue Feb 23 17:07:02 UTC 2021 - Dirk Müller <dmueller@suse.com>
+
+- update to 1.3.23:
+  * Release 1.3.23 contains an array of bugfixes specific to dialects such as
+    Oracle, PostgreSQL, and MySQL. 
+
 -------------------------------------------------------------------
 Wed Jan 20 12:21:49 UTC 2021 - John Vandenberg <jayvdb@gmail.com>
 
diff --git a/python-SQLAlchemy.spec b/python-SQLAlchemy.spec
index fc6a1fa..c3dee6c 100644
--- a/python-SQLAlchemy.spec
+++ b/python-SQLAlchemy.spec
@@ -19,13 +19,17 @@
 %{?!python_module:%define python_module() python-%{**} python3-%{**}}
 %define oldpython python
 Name:           python-SQLAlchemy
-Version:        1.3.22
+Version:        1.3.23
 Release:        0
 Summary:        Database Abstraction Library
 License:        MIT
 URL:            https://www.sqlalchemy.org
 Source:         https://files.pythonhosted.org/packages/source/S/SQLAlchemy/SQLAlchemy-%{version}.tar.gz
 Source1:        SQLAlchemy.keyring
+# PATCH-FIX-UPSTREAM tests_overcome_bpo42967.patch gh#sqlalchemy/sqlalchemy#5969 mcepl@suse.com
+# over effects of bpo#42967, which forbade mixing amps and
+# semicolons in query strings as separators.
+Patch0:         tests_overcome_bpo42967.patch
 # devel is needed for optional C extensions cprocessors.so, cresultproxy.so and cutils.so
 BuildRequires:  %{python_module devel}
 BuildRequires:  %{python_module setuptools}
@@ -65,7 +69,7 @@ This package contains HTML documentation, including tutorials and API
 reference for python-SQLAlchemy.
 
 %prep
-%setup -q -n SQLAlchemy-%{version}
+%autosetup -p1 -n SQLAlchemy-%{version}
 
 rm -rf doc/build # Remove unnecessary scripts for building documentation
 sed -i 's/\r$//' examples/dynamic_dict/dynamic_dict.py
diff --git a/tests_overcome_bpo42967.patch b/tests_overcome_bpo42967.patch
new file mode 100644
index 0000000..0bc47e2
--- /dev/null
+++ b/tests_overcome_bpo42967.patch
@@ -0,0 +1,65 @@
+---
+ lib/sqlalchemy/engine/url.py      |   14 ++++++++++----
+ test/dialect/mssql/test_engine.py |    3 ++-
+ 2 files changed, 12 insertions(+), 5 deletions(-)
+
+--- a/lib/sqlalchemy/engine/url.py
++++ b/lib/sqlalchemy/engine/url.py
+@@ -14,6 +14,7 @@ argument; alternatively, the URL is a pu
+ be used directly and is also accepted directly by ``create_engine()``.
+ """
+ 
++import inspect
+ import re
+ 
+ from .interfaces import Dialect
+@@ -218,7 +219,7 @@ class URL(object):
+         return translated
+ 
+ 
+-def make_url(name_or_url):
++def make_url(name_or_url, separator='&'):
+     """Given a string or unicode instance, produce a new URL instance.
+ 
+     The given string is parsed according to the RFC 1738 spec.  If an
+@@ -226,12 +227,12 @@ def make_url(name_or_url):
+     """
+ 
+     if isinstance(name_or_url, util.string_types):
+-        return _parse_rfc1738_args(name_or_url)
++        return _parse_rfc1738_args(name_or_url, separator)
+     else:
+         return name_or_url
+ 
+ 
+-def _parse_rfc1738_args(name):
++def _parse_rfc1738_args(name, qs_sep):
+     pattern = re.compile(
+         r"""
+             (?P<name>[\w\+]+)://
+@@ -261,7 +262,12 @@ def _parse_rfc1738_args(name):
+             if len(tokens) > 1:
+                 query = {}
+ 
+-                for key, value in util.parse_qsl(tokens[1]):
++                if 'separator' in inspect.signature(util.parse_qsl).parameters:
++                    qs_dict = util.parse_qsl(tokens[1], separator=qs_sep)
++                else:
++                    qs_dict = util.parse_qsl(tokens[1])
++
++                for key, value in qs_dict:
+                     if util.py2k:
+                         key = key.encode("ascii")
+                     if key in query:
+--- a/test/dialect/mssql/test_engine.py
++++ b/test/dialect/mssql/test_engine.py
+@@ -164,7 +164,8 @@ class ParseConnectTest(fixtures.TestBase
+         u = url.make_url(
+             "mssql+pyodbc://@server_name/db_name?"
+             "driver=ODBC+Driver+17+for+SQL+Server;"
+-            "authentication=ActiveDirectoryIntegrated"
++            "authentication=ActiveDirectoryIntegrated",
++            separator=';'
+         )
+         connection = dialect.create_connect_args(u)
+         eq_(connection[1], {})