ntp: security bump to version 4.2.8p1

Fixes:

CVE-2014-9297 - vallen is not validated in several places in ntp_crypto.c,
leading to a potential information leak or possibly a crash

CVE-2014-9298 - ::1 can be spoofed on some OSes (including "some versions" of
Linux), so ACLs based on IPv6 ::1 addresses can be bypassed

Drop a patch applied upstream, along with its accompanied AUTORECONF.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>