From 1d67b13674c681b0e228049e34fa2fbd43703bb9 Mon Sep 17 00:00:00 2001
From: Erik Johnston <erik@matrix.org>
Date: Fri, 24 Aug 2018 12:10:01 +0100
Subject: [PATCH 1/2] Fix bug when federation_domain_whitelist is an emtpy list

Outbound federation were incorrectly allowed when the config option was
set to an empty list
---
 synapse/http/matrixfederationclient.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/synapse/http/matrixfederationclient.py b/synapse/http/matrixfederationclient.py
index 44b61e70a4..b34bb8e31a 100644
--- a/synapse/http/matrixfederationclient.py
+++ b/synapse/http/matrixfederationclient.py
@@ -133,7 +133,7 @@ class MatrixFederationHttpClient(object):
                 failures, connection failures, SSL failures.)
         """
         if (
-            self.hs.config.federation_domain_whitelist and
+            self.hs.config.federation_domain_whitelist is not None and
             destination not in self.hs.config.federation_domain_whitelist
         ):
             raise FederationDeniedError(destination)

From c780d84d6691b686147910a9e8645f2bb4db4c15 Mon Sep 17 00:00:00 2001
From: Erik Johnston <erik@matrix.org>
Date: Fri, 24 Aug 2018 12:13:00 +0100
Subject: [PATCH 2/2] Newsfile

---
 changelog.d/3754.bugfix | 1 +
 1 file changed, 1 insertion(+)
 create mode 100644 changelog.d/3754.bugfix

diff --git a/changelog.d/3754.bugfix b/changelog.d/3754.bugfix
new file mode 100644
index 0000000000..6e3ec80194
--- /dev/null
+++ b/changelog.d/3754.bugfix
@@ -0,0 +1 @@
+Fix 'federation_domain_whitelist' such that an empty list correctly blocks all outbound federation traffic