Someone please correct me if I'm wrong, but I think simply adding -DOPENSSL_NO_HEARTBEATS to crypto/openssl/Makefile (and recompiling!) is sufficient to remove the vulnerability from the base system. -nd.