diff -up tcp_wrappers_7.6/fix_options.c.patch9 tcp_wrappers_7.6/fix_options.c
--- tcp_wrappers_7.6/fix_options.c.patch9	1997-04-08 02:29:19.000000000 +0200
+++ tcp_wrappers_7.6/fix_options.c	2008-08-29 09:45:12.000000000 +0200
@@ -11,6 +11,9 @@ static char sccsid[] = "@(#) fix_options
 
 #include <sys/types.h>
 #include <sys/param.h>
+#ifdef HAVE_IPV6
+#include <sys/socket.h>
+#endif
 #include <netinet/in.h>
 #include <netinet/in_systm.h>
 #include <netinet/ip.h>
@@ -41,6 +44,22 @@ struct request_info *request;
     unsigned int opt;
     int     optlen;
     struct in_addr dummy;
+#ifdef HAVE_IPV6
+    struct sockaddr_storage ss;
+    int sslen;
+
+    /*
+     * check if this is AF_INET socket
+     * XXX IPv6 support?
+     */
+    sslen = sizeof(ss);
+    if (getsockname(fd, (struct sockaddr *)&ss, &sslen) < 0) {
+	syslog(LOG_ERR, "getpeername: %m");
+	clean_exit(request);
+    }
+    if (ss.ss_family != AF_INET)
+	return;
+#endif
 
     if ((ip = getprotobyname("ip")) != 0)
 	ipproto = ip->p_proto;
diff -up tcp_wrappers_7.6/hosts_access.5.patch9 tcp_wrappers_7.6/hosts_access.5
--- tcp_wrappers_7.6/hosts_access.5.patch9	2008-08-29 09:45:12.000000000 +0200
+++ tcp_wrappers_7.6/hosts_access.5	2008-08-29 09:45:12.000000000 +0200
@@ -85,11 +85,18 @@ member of the specified netgroup. Netgro
 for daemon process names or for client user names.
 .IP \(bu
 An expression of the form `n.n.n.n/m.m.m.m\' is interpreted as a
-`net/mask\' pair. A host address is matched if `net\' is equal to the
+`net/mask\' pair. An IPv4 host address is matched if `net\' is equal to the
 bitwise AND of the address and the `mask\'. For example, the net/mask
 pattern `131.155.72.0/255.255.254.0\' matches every address in the
 range `131.155.72.0\' through `131.155.73.255\'.
 .IP \(bu
+An expression of the form `[n:n:n:n:n:n:n:n/m]\' is interpreted as a
+`[net/prefixlen]\' pair. An IPv6 host address is matched if
+`prefixlen\' bits of `net\' is equal to the `prefixlen\' bits of the
+address. For example, the [net/prefixlen] pattern
+`[3ffe:505:2:1::/64]\' matches every address in the range
+`3ffe:505:2:1::\' through `3ffe:505:2:1:ffff:ffff:ffff:ffff\'.
+.IP \(bu
 A string that begins with a `/\' character is treated as a file
 name. A host name or address is matched if it matches any host name
 or address pattern listed in the named file. The file format is
diff -up tcp_wrappers_7.6/inetcf.c.patch9 tcp_wrappers_7.6/inetcf.c
--- tcp_wrappers_7.6/inetcf.c.patch9	1997-02-12 02:13:24.000000000 +0100
+++ tcp_wrappers_7.6/inetcf.c	2008-08-29 09:45:12.000000000 +0200
@@ -26,6 +26,9 @@ extern void exit();
   * guesses. Shorter names follow longer ones.
   */
 char   *inet_files[] = {
+#ifdef HAVE_IPV6
+    "/usr/local/v6/etc/inet6d.conf",	/* KAME */
+#endif
     "/private/etc/inetd.conf",		/* NEXT */
     "/etc/inet/inetd.conf",		/* SYSV4 */
     "/usr/etc/inetd.conf",		/* IRIX?? */
diff -up tcp_wrappers_7.6/Makefile.patch9 tcp_wrappers_7.6/Makefile
--- tcp_wrappers_7.6/Makefile.patch9	2013-01-25 10:53:33.891349937 +0100
+++ tcp_wrappers_7.6/Makefile	2013-01-25 11:00:57.362801588 +0100
@@ -21,7 +21,7 @@ what:
 	@echo "	dynix epix esix freebsd hpux irix4 irix5 irix6 isc iunix"
 	@echo "	linux machten mips(untested) ncrsvr4 netbsd next osf power_unix_211"
 	@echo "	ptx-2.x ptx-generic pyramid sco sco-nis sco-od2 sco-os5 sinix sunos4"
-	@echo "	sunos40 sunos5 sysv4 tandem ultrix unicos7 unicos8 unixware1 unixware2"
+	@echo "	sunos40 sunos5 solaris8 sysv4 tandem ultrix unicos7 unicos8 unixware1 unixware2"
 	@echo "	uts215 uxp"
 	@echo
 	@echo "If none of these match your environment, edit the system"
@@ -138,13 +138,25 @@ epix:
 
 freebsd:
 	@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
+	LIBS="-L/usr/local/v6/lib -linet6" \
 	LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ= NETGROUP= TLI= \
-	EXTRA_CFLAGS=-DUSE_STRERROR VSYSLOG= all
+	EXTRA_CFLAGS="-DUSE_STRERROR -Dss_family=__ss_family -Dss_len=__ss_len" VSYSLOG= all
+
+netbsd:
+	@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
+	LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ= NETGROUP= TLI= \
+	EXTRA_CFLAGS="-DSYS_ERRLIST_DEFINED -Dss_family=__ss_family -Dss_len=__ss_len" VSYSLOG= all
 
 linux:
 	@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
 	LIBS="-lnsl" RANLIB=ranlib ARFLAGS=rv AUX_OBJ= \
-	NETGROUP="-DNETGROUP" TLI= EXTRA_CFLAGS="$(RPM_OPT_FLAGS) -DUSE_STRERROR -DSYS_ERRLIST_DEFINED -DBROKEN_SO_LINGER" all
+	NETGROUP="-DNETGROUP" TLI= EXTRA_CFLAGS="$(RPM_OPT_FLAGS) -DUSE_STRERROR -DSYS_ERRLIST_DEFINED -DBROKEN_SO_LINGER -Dss_family=__ss_family -Dss_len=__ss_len" all
+
+linux-old:
+	@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
+	LIBS="/usr/inet6/lib/libinet6.a -lresolv" \
+	RANLIB=ranlib ARFLAGS=rv AUX_OBJ=setenv.o NETGROUP= TLI= \
+	EXTRA_CFLAGS="-DSYS_ERRLIST_DEFINED -DBROKEN_SO_LINGER -Dss_family=sin6_family -Dsockaddr_storage=sockaddr_in6 -I/usr/inet6/include" all
 
 # This is good for many SYSV+BSD hybrids with NIS, probably also for HP-UX 7.x.
 hpux hpux8 hpux9 hpux10:
@@ -197,6 +209,13 @@ sunos5:
 	BUGS="$(BUGS) -DSOLARIS_24_GETHOSTBYNAME_BUG" IPV6="$(IPV6)" \
 	EXTRA_CFLAGS=-DUSE_STRERROR all
 
+# SunOS 5.8 is another SYSV4 variant, but has IPv6 support
+solaris8:
+	@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
+	LIBS="-lsocket -lnsl" RANLIB=echo ARFLAGS=rv VSYSLOG= \
+	NETGROUP=-DNETGROUP AUX_OBJ=setenv.o TLI=-DTLI \
+	EXTRA_CFLAGS="-DNO_CLONE_DEVICE -DINT32_T" all
+
 # Generic SYSV40
 esix sysv4:
 	@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
@@ -392,7 +411,7 @@ AR	= ar
 # the ones provided with this source distribution. The environ.c module
 # implements setenv(), getenv(), and putenv().
 
-AUX_OBJ= setenv.o
+#AUX_OBJ= setenv.o
 #AUX_OBJ= environ.o
 #AUX_OBJ= environ.o strcasecmp.o
 
@@ -455,7 +474,7 @@ AUX_OBJ= setenv.o
 # host name aliases. Compile with -DSOLARIS_24_GETHOSTBYNAME_BUG to work
 # around this. The workaround does no harm on other Solaris versions.
 
-BUGS = -DGETPEERNAME_BUG -DBROKEN_FGETS -DLIBC_CALLS_STRTOK
+#BUGS = -DGETPEERNAME_BUG -DBROKEN_FGETS -DLIBC_CALLS_STRTOK
 #BUGS = -DGETPEERNAME_BUG -DBROKEN_FGETS -DINET_ADDR_BUG
 #BUGS = -DGETPEERNAME_BUG -DBROKEN_FGETS -DSOLARIS_24_GETHOSTBYNAME_BUG
 
@@ -473,7 +492,7 @@ BUGS = -DGETPEERNAME_BUG -DBROKEN_FGETS
 # If your system supports vsyslog(), comment out the following definition.
 # If in doubt leave it in, it won't harm.
 
-VSYSLOG	= -Dvsyslog=myvsyslog
+#VSYSLOG	= -Dvsyslog=myvsyslog
 
 ###############################################################
 # System dependencies: whether or not your system has IPV6
@@ -485,7 +504,7 @@ VSYSLOG	= -Dvsyslog=myvsyslog
 
 # If your system does not have getipnodebyname() but uses the obsolete
 # gethostbyname2() instead, use this (AIX)
-# IPV6 = -DHAVE_IPV6 -DUSE_GETHOSTBYNAME2
+IPV6 = -DHAVE_IPV6 -DUSE_GETHOSTBYNAME2
 
 # End of the system dependencies.
 #################################
diff -up tcp_wrappers_7.6/misc.c.patch9 tcp_wrappers_7.6/misc.c
--- tcp_wrappers_7.6/misc.c.patch9	1996-02-11 17:01:30.000000000 +0100
+++ tcp_wrappers_7.6/misc.c	2008-08-29 09:45:12.000000000 +0200
@@ -58,9 +58,31 @@ int     delimiter;
 {
     char   *cp;
 
+#ifdef HAVE_IPV6
+    int bracket = 0;
+
+    for (cp = string; cp && *cp; cp++) {
+	switch (*cp) {
+	case '[':
+	    bracket++;
+	    break;
+	case ']':
+	    bracket--;
+	    break;
+	default:
+	    if (bracket == 0 && *cp == delimiter) {
+		*cp++ = 0;
+		return cp;
+	    }
+	    break;
+	}
+    }
+    return (NULL);
+#else
     if ((cp = strchr(string, delimiter)) != 0)
 	*cp++ = 0;
     return (cp);
+#endif
 }
 
 /* dot_quad_addr - convert dotted quad to internal form */
diff -up tcp_wrappers_7.6/refuse.c.patch9 tcp_wrappers_7.6/refuse.c
--- tcp_wrappers_7.6/refuse.c.patch9	1994-12-28 17:42:40.000000000 +0100
+++ tcp_wrappers_7.6/refuse.c	2008-08-29 09:45:12.000000000 +0200
@@ -25,7 +25,12 @@ static char sccsid[] = "@(#) refuse.c 1.
 void    refuse(request)
 struct request_info *request;
 {
+#ifdef HAVE_IPV6
+    syslog(deny_severity, "refused connect from %s (%s)",
+	   eval_client(request), eval_hostaddr(request->client));
+#else
     syslog(deny_severity, "refused connect from %s", eval_client(request));
+#endif
     clean_exit(request);
     /* NOTREACHED */
 }
diff -up tcp_wrappers_7.6/rfc931.c.patch9 tcp_wrappers_7.6/rfc931.c
--- tcp_wrappers_7.6/rfc931.c.patch9	2004-05-04 16:01:01.000000000 +0200
+++ tcp_wrappers_7.6/rfc931.c	2013-01-25 11:08:26.690292897 +0100
@@ -94,6 +94,12 @@ char   *dest;
      * sockets.
      */
 
+    /* address family must be the same */
+    if (SGFAM(rmt_sin) != SGFAM(our_sin)) {
+	STRN_CPY(dest, result, STRING_LENGTH);
+	return;
+    }
+
     if ((fp = fsocket(SGFAM(rmt_sin), SOCK_STREAM, 0)) != 0) {
 	setbuf(fp, (char *) 0);
 
diff -up tcp_wrappers_7.6/tcpd.c.patch9 tcp_wrappers_7.6/tcpd.c
--- tcp_wrappers_7.6/tcpd.c.patch9	2008-08-29 09:45:12.000000000 +0200
+++ tcp_wrappers_7.6/tcpd.c	2008-08-29 09:45:12.000000000 +0200
@@ -120,7 +120,12 @@ char  **argv;
 
     /* Report request and invoke the real daemon program. */
 
+#ifdef HAVE_IPV6
+    syslog(allow_severity, "connect from %s (%s)",
+	   eval_client(&request), eval_hostaddr(request.client));
+#else
     syslog(allow_severity, "connect from %s", eval_client(&request));
+#endif
     closelog();
     (void) execv(path, argv);
     syslog(LOG_ERR, "error: cannot execute %s: %m", path);
diff -up tcp_wrappers_7.6/workarounds.c.patch9 tcp_wrappers_7.6/workarounds.c
--- tcp_wrappers_7.6/workarounds.c.patch9	1996-03-19 16:22:26.000000000 +0100
+++ tcp_wrappers_7.6/workarounds.c	2008-08-29 09:45:12.000000000 +0200
@@ -166,11 +166,22 @@ struct sockaddr *sa;
 int    *len;
 {
     int     ret;
+#ifdef HAVE_IPV6
+    struct sockaddr *sin = sa;
+#else
     struct sockaddr_in *sin = (struct sockaddr_in *) sa;
+#endif
 
     if ((ret = getpeername(sock, sa, len)) >= 0
+#ifdef HAVE_IPV6
+	&& ((sin->su_si.si_family == AF_INET6
+	     && IN6_IS_ADDR_UNSPECIFIED(&sin->su_sin6.sin6_addr))
+	    || (sin->su_si.si_family == AF_INET
+		&& sin->su_sin.sin_addr.s_addr == 0))) {
+#else
 	&& sa->sa_family == AF_INET
 	&& sin->sin_addr.s_addr == 0) {
+#endif
 	errno = ENOTCONN;
 	return (-1);
     } else {