ntp: security bump to version 4.2.8

Fixes:

CVE-2014-9293 - ntpd generated a weak key for its internal use, with
full administrative privileges.  Attackers could use this key to
reconfigure ntpd (or to exploit other vulnerabilities).

CVE-2014-9294 - The ntp-keygen utility generated weak MD5 keys with
insufficient entropy.

CVE-2014-9295 - ntpd had several buffer overflows (both on the stack and
in the data section), allowing remote authenticated attackers to crash
ntpd or potentially execute arbitrary code.

CVE-2014-9296 - The general packet processing function in ntpd did not
handle an error case correctly.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>