Issues on Linux and Security
button Other -->

mp3riot (formerly known as


I decided to rename into mp3riot. the reason is, that the name does not clearly indicate, for what the program is best suited for. Because the program has grown so much (and because the the name should be more attractive to get more users), a renaming seems to be a must to me.

There are some important news about mp3riot / f2htmlpl. Please see the NEWS for further details.


Mp3riot (formerly known as is a command line utility that searches recursively through directories, builds a file list (with additional file information), and generates html files, plylists, etc. The output can be controlled, links can be corrected, and more. The script is mainly desigend to create Web pages, playlists, and databases for mp3-files, but can also used for other purposes.

Read the manual for further details.

Main Features:

  • supports playlists in m3u, pls, and xml format
  • supports sql output
  • creates html pages, templates can be used
  • supports advanced grouping methods
  • supports slection by date ranges, file extensions, and by random
  • supports renaming of mp3 files using id3tag information, templates or guessing can be used
  • advanced string manipulation methods
  • and much more ...


Latest version:

Older versions of mp3riot /

For Windows-Users:

You can also download a windows executable compiled with perl2exe. Then you need not to install perl. But I have not testet the functionality of the executable in detail. So it is best to use perl and the source of mp3riot!

Windows binaries of mp3riot:


perl mp3riot [options]

  • -h, --help: Show this screen and exit
  • -k, --mkconf:Use an assistant to write a config file
  • -o, --os win/unix: Default "unix", otherwise windows
  • -Q, --sortby value: Default is NAME (the filename). You can sort the filelist by the following criteria: URLNAME, SHOWNAME, DIR, NAME, TITLE, ARTIST, ALBUM, YEAR, COMMENT, GENRE, TRACKNUM, SIZE, MODTIME, VBR, BITRATE, FREQUENCY, MINUTES, SECONDS, FIRSTCHAR
  • -n, --doublicates: Check for doublicates of files by their filename
  • -D, --md5doublicates: Check for doublicates of files by their MD5 sum
  • -V, --seekvalues <n,+-n,n>: Three values that have to be seperated by ",". This is an useful option for --md5doublicates. The first one is the offset in bytes, the second is the number of bytes to seek (and the direction), and the last value tells the program where to start from (1 means to start from the begining of a file, 2 means to start from the end of a file. So, a combination of 1000,-1128,2 tells the programm to start 1128 bytes before the file ends (id3v1 tag is 128 bytes long!) and use 1000 bytes for calculation of md5 sums.
  • -b, --dbfile file: Write database to a file for searching it
  • -m --m3u file: Write a m3u playlist file. Directory and filename or GROUPPATH for writing m3u files for groups.
  • -X --xml file: Write a xml playlist file. Directory and filename or GROUPPATH for writing xml files for groups.
  • -L --pls file: Write a pls playlist file. Directory and filename or GROUPPATH for writing pls files for groups.
  • -W, --b4s file: Write a b4s playlist file. Directory and filename or GROUPPATH for writing b4s files for groups.
  • -t, --html file: Write a html file. Directory and filename or GROUPPATH for writing html files for groups.
  • -a, --http name: Define the http address for url
  • -r, --remove: Remove id3tags (do you know what you are doing?)
  • -i, --mp3info: Use mp3/ogg info for html output
  • -e, --ext: Remove file extensions in html output
  • -f, --filesize: Use filesize for html output
  • -c, --check ext: Select files by their extension(s) (e.g. mp3). For every extension use a seperate flag!
  • -z, --skip number: Skip n elements of mount/directories/names
  • -p, --conf file: Use a config file
  • -w, --utf8 file: File with UTF-8 code for replacements in links
  • -q, --nocs: Do sorting not case sensitive
  • -j, --statfile file: Write statistics to file
  • -d, --dir directory: Define the (multiple) directory(ies) the mp3s are stored in. For every directory use a seperate flag!
  • -g, --sql file: Filename to store sql table in (only for mp3 and ogg!)
  • -y, --replace file: Name of replacement file; in the file use <string_1>=<string_2> to transform <string_1> into <string_2>; special characters like a backslash have to be preceeded by a backslash "\\" (used for directories)
  • -s, --seperate path: Write seperate html files for every character
  • -R, --rename: Renames mp3 and ogg file using their id3tag. The use of rename_template in the configfile is optional. If rename_template is not used, the program tries to create a filename like: ARTIST - ALBUM - TRACKNUMBER - TITLE by using the id3tag. It assumes, that the filenames have a similar format and tries to guess, whether the id3tag has enough information to create a better filename. Old and new filenames are stored in RENAME.bak
  • -B, --renameback: Renames files back using the file RENAME.bak
  • -T, --templatesHtml templates are used. They have to be defined in the conmfig file using the commands html_head, html_change, html_body, html_footer, html_sep_head. See the README for avalable templates!
  • -G, --groupfile file: Filename for grouping information: <groupname1>=<TYPE>=<string1>,<string2>,...
  • -P, --grouppath path: The path, where to write the html files for group
  • -O, --older number: Only files are selected, having a modification time higher than the specified days
  • -Y, --younger number: Only files are selected, having a modification time less than the specified days
  • -I, --id3tag: Use the id3 tag to get infos
  • -S, --random number: Percentage of file to select randomly (e.g. 50 to select 50% of files/every second file)
You can use nearly all commands in a config file (and it is the best to do it this way!). The syntax then changes sligthly, so that, for example, --dir changes to dir=
Additionally, in the config file it is possible to use the commands:
  • exec= param: Execute system command. This command can be used multiple times
  • rename_template=string:string with templates for renaming files by their id3tag (to be used together with --rename)
    The following rename templates are available: **TITLE**, **ARTIST**, **ALBUM**, **YEAR**, **COMMENT**, **GENRE**. **TRACKNUM**
  • html_head= string: Html code for the head
  • html_change= string: Html code if the first character between two file names change
  • html_body= string: Html code for each filename
  • html_footer= string: Html code for the foot
  • html_sep_head= string: Html code for the head seperate html files by first character
    The following html templates are available: **SUMOFFILES**, **SUMOFMEGS**, **DATE**, **URLNAME**, **SHOWNAME**, **DIR**, **NAME**, **TITLE**, **ARTIST**, **ALBUM**, **YEAR**, **COMMENT**, **GENRE**, **TRACKNUM**, **SIZE**, **MODTIME**, **VBR**, **BITRATE**, **FREQUENCY**, **MINUTES**, **SECONDS**, **HTMLINDEX**, **FIRSTCHAR**


mp3riot 1.3-20041220

  • extended grouping fuction for all playlistfiles
  • renaming of special characters for filenames og groups
  • support of b4s playlistformat
  • sorting of filelist by various criterias of id3tag, mp3 and
  • file information (e.g. ARTIST, BITRATE etc.)
  • extended output of doublicate function by diretory names
  • added FIRSTCHAR as a value for grouping

mp3riot 1.2-20041007

  • Fixed bug in sql output
  • Flexible search for doublicate files using md5 sums
  • search for doublicates by filenames seperated from search function
  • fixed bug in xml output
  • filesize in html output is now rouded
  • replaced progress bar by counter in percentage
  • added counter for collected files
  • fixed bug in index in html output
  • fixed bug in html output for grouping
  • extended grouping function by new type EQUAL
  • bugfix in pls output

mp3riot 1.1-20030728

  • Renamed into mp3riot
  • Fixed output of playlist in M3U format, so that the M3U file is now containing full information
  • Fixed bug for retreaving the TITLE of an id3tag
  • Added output of playlist in XML format
  • Added output of playlist in PLS format
  • Added random fileselection for random playlists
  • Added the tracknumber for sql output
  • Added **TRACKNUM** (tracknumber) and as a template variable for html output
  • Added TRACKNUM (tracknumber) as a variable for groupings
  • Added tracknumber and comment for db output
  • Fixed bug in renaming function when special characters are present in the id3tag
  • Added rename_template to do renaming of files using their id3tag in a flexible way
  • Fixed a bug in renameback 1.0-20030319

  • Fixed some smaller bugs
  • Rebuild the internal data structure completely
  • Removed option for fast sorting (not necessary any more)
  • Implemented selection of files by their modification time (younger and/or older than days from now)
  • Implemented grouping of files by string matching between group defninitions by various types
  • Implemented variable html-code dsefinitions and templates
  • Changed definition for string replacement
  • now comes with a new version of from MP3-Info-1.02 by Chris Nandor
  • The use of the id3tag for sql and html output is now optional
  • Manpage is not supported any more. 0.9-20030313

  • Fixed a commandline parameter bug where the parameters were handled non case sensitive. Now there are handled case sensitive. As a result the functions RENAME and RENAMEBACK did not work when called with the short command line argument.
  • Fixed a commandline parameter bug that occured with Perl 5.8.0 and Getopt::Long 2.32. The -s flag in line 1 of the perl script causes the program to count the command line parameters in an usual way, so that command line parameters got disturbed and did not work any more. 0.8-20021105

  • Some changes in the documentation.
  • New option to rename files using their id3tag.
  • New option to rename files back.
  • Some code fixes.
  • Usage of the replace option has changed. 0.7-20021016

  • Bug for the option "check" in config file and configuration wizard fixed
  • Bug for the check of the mp3 extension when mp3info was enabled fixed.
  • Bug of sum of megs in html output fixed.
  • Bug in mp3table.sql fixed.
  • Basic ogg vorbis support implemented (thanks to Jens Burkal). 0.6-20020718

  • New method (experimental) for faster sorting. Useful for indexing huge number of files or mp3 files with additional information.
  • New option for checking for dublicates of filenames.
  • Now comes wioth a new version of from MP3-Info-1.01 by Chris Nandor. 0.5-20020626

  • Fixed problem with sql data output when files contain the charakter " ' ".
  • Name of option "hex" changed to "utf8".
  • Implemeted progress bar for prepating html files.
  • More information about what the program is doing. 0.4-20011127

  • Now f2html comes with a new version of from MP3-Info-0.91 by Chris Nandor.
  • Minor Bugfixes.
  • New option to create sql database.
  • New option to create a config file. 0.3-20010628

  • Some checks and corrections for pathnames.
  • Only existing characters are written out at the top of a html file.
  • Rewrite of sum of files and sizes. Important for writing seperate html files for every character.
  • The option -q has been implemented and allows for doing the procedures in a non case sensitive way.
  • The option -j has been implemented. A html file with statistics can be written out. 0.2-20010117

  • The manual has been updated.
  • The option -c has been updated. Now this option can be used more than only one time. So one is able to select file by different extensions. 0.1-20001127

  • Initial release.

back to top

button Whats New
[2005-02-18] mp3riot version 1.3 released
[2004-10-08] mp3riot version 1.2 is out.
[2004-04-30] Added section Bridging
[2004-01-09] working progress on mp3riot version 1.2
Debianhas updated openssl(multiple vulnerabilities), qemu(code execution), and qemu-kvm(code execution). Mageiahas updated apache-mod_security(rules bypass), cups-filters(M4: code execution), openjpeg(code execution), php(denial of service), and rsync(M4: denial of service). Oraclehas updated kernel(2.6.39 - OL5; OL6: privilege escalation) and kernel(3.8.13 - OL6: privilege escalation). SUSEhas updated jakarta-commons-fileupload(SLES11 SP3: denial of service).
Friday's security updates

The Debian project has announced that the security support period for the 6.0 ("squeeze") release has been extended by nearly two years; it now runs out in February 2016. At the end, squeeze will have received a full five years of security support. "squeeze-lts is only going to support i386 and amd64. If you're running a different architecture you need to upgrade to Debian 7 (wheezy). Also there are going to be a few packages which will not be supported in squeeze-lts (e.g. a few web-based applications which cannot be supported for five years). There will be a tool to detect such unsupported packages."
Debian 6.0 to get long-term support

Internet Systems Consortium, the non-profit behind the BIND DNS server, has released version 1.2 of BIND 10, which is the last release it will make of the "applications framework for Internet infrastructure, such as DNS". That completes ISC's development effort on BIND 10, so it has renamed the project to Bundyand turned it over to the community for updates and maintenance. "'BIND 10 is an excellent software system,' said Scott Mann, ISC's Vice President of Engineering, 'and a huge step forward in open-source infrastructure software. Unfortunately, we do not have the resources to continue development on both projects, and BIND 9 is much more widely used.' 'The BIND 10 software is open-source,' Scott added, 'so we are making it available for anyone who wants to continue its development. The source will be available from GitHub under the name Bundy, to mitigate the confusion between it and ISC's BIND 9 (a completely separate system). The name 'BIND' is associated with ISC; we have changed its name as a reminder that ISC is no longer involved with the project.'"
ISC releases BIND 10 1.2, renames it, and turns it over to community

Ubuntu has announced the release of its latest long-term support distribution: Ubuntu 14.04 LTS (aka "Trusty Tahr"). The release noteshave all the details. It comes in a multitude of configurations, for desktops, servers, the cloud, phones, and tablets; also in many flavors: Kubuntu, Edubuntu, Xubuntu, Lubuntu, Ubuntu GNOME, Ubuntu Kylin, and Ubuntu Studio. "Ubuntu 14.04 LTS is the first long-term support release with support for the new "arm64"architecture for 64-bit ARM systems, as well as the "ppc64el"architecture for little-endian 64-bit POWER systems. This release also includes several subtle but welcome improvements to Unity, AppArmor, and a host of other great software."
Ubuntu 14.04 LTS (Trusty Tahr) released

NPR has a lookat the cross-pollination of open source software and agriculture, resulting in the release of the first "Open Source Seeds". The new Open Source Seed Initiativewas formed to put seeds, and, more importantly, their genetic material, into a protected commons, so they will be available in perpetuity. "At an event on the campus of the University of Wisconsin, Madison, backers of the new Open Source Seed Initiative will pass out 29 new varieties of 14 different crops, including carrots, kale, broccoli and quinoa. Anyone receiving the seeds must pledge not to restrict their use by means of patents, licenses or any other kind of intellectual property. In fact, any future plant that's derived from these open source seeds also has to remain freely available as well."(Thanks to Rich Brown.)
Plant Breeders Release First 'Open Source Seeds' (NPR)

The QEMUteam has announcedthe release of version 2.0.0 of the QEMU "open source machine emulator and virtualizer". New features in the release include support for KVM on AArch64 (64-bit ARM) systems, support for all 64-bit ARMV8 instructions (other than the optional CRC and crypto extensions), support for the Allwinner A10-based cubieboard, CPU hotplug for Q35 x86 systems, better Windows guest performance when doing many floating-point or SIMD operations, live snapshot merging, new management interfaces for CPU and virtio-rng hotplug, direct access to NFSv3 shares using libnfs, and lots more. Detailed information about all of the changes can be found in the changelog.
QEMU 2.0.0 released

Debianhas announcedthat regular security updates for Debian 6.0 ("squeeze") will cease on May 31. But there will be long-term support for most of the packages in squeeze on just the i386 and amd64 architectures until February 2016. Fedorahas updated cacti(F20; F19: multiple vulnerabilities), json-c(F20: two denial of service flaws), and openstack-keystone(F20: access restriction bypass). Mandrivahas updated json-c(BS1.0: two denial of service flaws). Oraclehas updated java-1.6.0-openjdk(OL6; OL5: multiple vulnerabilities, most unspecified) and java-1.7.0-openjdk(OL6; OL5: multiple vulnerabilities, most unspecified). Red Hathas updated java-1.6.0-sun(many vulnerabilities, lots unspecified), java-1.7.0-oracle(RHEL; RHEL Supplementary: multiple vulnerabilities, most unspecified), and libyaml(RHEL6: two code execution flaws). Scientific Linuxhas updated java-1.6.0-openjdk(multiple vulnerabilities, most unspecified) and java-1.7.0-openjdk(SL5: multiple vulnerabilities, most unspecified). SUSEhas updated flash-player(SLE11SP3: multiple vulnerabilities) and kernel(SLERTE11SP3; SLE10SP4: multiple vulnerabilities).
Security updates for Thursday

The Weekly Edition for April 17, 2014 is available.
[$] Weekly Edition for April 17, 2014

CentOShas updated java-1.6.0-openjdk(C6; C5: multiple vulnerabilities) and java-1.7.0-openjdk(C6; C5: multiple vulnerabilities). Debianhas updated chromium-browser(multiple vulnerabilities) and virtualbox(code execution). Fedorahas updated cups-filters(F20: command execution), ImageMagick(F20: code execution), jbigkit(F20: code execution), libinfinity(F20; F19: unspecified vulnerability), mingw-openjpeg(F20; F19: code execution), mingw-openssl(F19: information disclosure), oath-toolkit(F20: replays one time passwords), php(F20; F19: denial of service), squid(F19: denial of service), v8(F20: multiple vulnerabilities), and wordpress(F20: multiple vulnerabilities). Mageiahas updated asterisk(MG4; MG3: multiple vulnerabilities), cups-filters(MG4: multiple vulnerabilities), elfutils(MG3&4: code execution), fail2ban(MG3&4: denial of service), jbigkit(MG3&4: code execution), json-c(MG3&4: denial of service), and tigervnc(MG3&4: code execution). Mandrivahas updated asterisk(two vulnerabilities). openSUSEhas updated curl(11.4: multiple vulnerabilities). Red Hathas updated java-1.6.0-openjdk(RHEL5&6: multiple vulnerabilities) and java-1.7.0-openjdk(RHEL6; RHEL5: multiple vulnerabilities). Scientific Linuxhas updated java-1.7.0-openjdk(SL6: multiple vulnerabilities). SUSEhas updated kernel(SLE11 SP3: multiple vulnerabilities) and strongswan(SLE11, SLE10 LTSS: authentication bypass).
Security advisories for Wednesday

Here is a long piece from Christian Schallerdescribing the planning for the upcoming Fedora Workstation product. "So when we are planning the Fedora Workstation we are not just looking at what features we can develop for individual libraries or applications like GTK+, Firefox or LibreOffice, but we are looking at what we want the system as a whole to look like. And maybe most important we try our hardest to look at things from a feature/usecase viewpoint first as opposed to a specific technology viewpoint."
Schaller: Preparing the ground for the Fedora Workstation

There is a saying that you need to spend money to make money, though this apparent paradox is easily resolved with a start-up loan and the discipline of balancing expenses against income. A similar logic applies to the management of memory in an operating system kernel such as Linux: sometimes you need to allocate memory to free memory. Here, too, discipline is needed, though the typical consequences of not being sufficiently careful is not bankruptcy but rather a deadlock. The history of how the Linux kernel developed its balance between saving and spending is interesting as a microcosm of how Linux development proceeds. Click below (subscribers only) for the full article by Neil Brown.
[$] Avoiding memory-allocation deadlocks

Debianhas updated strongswan(authentication bypass). Fedorahas updated mingw-openssl(F20: information disclosure), mod_security(F20; F19: rules bypass), php-ZendFramework(F20; F19: multiple vulnerabilities), php-ZendFramework2(F20; F19: multiple vulnerabilities), and systemd(F20: code execution). openSUSEhas updated couchdb(13.1, 12.3: denial of service) and jakarta-commons-fileupload(13.1; 12.3: denial of service). Ubuntuhas updated curl(all: information disclosure) and python-imaging(all: two tmpfile flaws).
Security updates for Tuesday

The results of the 2014 Debian project leader election are in; incumbent Lucas Nussbaum fended off challenger Neil McGovern to win a second one-year term in this position. See the DPL election pagefor details on how the voting went.
Lucas Nussbaum reelected as Debian project leader

Version 2.2of the Cinnamon desktop environment is out. New features include a lot of improvements to the settings dialogs, tweaks to the "hot corners"and heads-up display mechanisms, better high-resolution display support, and more.
Cinnamon 2.2 released

Greg Kroah-Hartman has released kernels 3.14.1, 3.13.10, 3.10.37, and 3.4.87. Each contains important updates and fixes; in addition, Greg notes that 3.13.10 will be the next-to-last release in the 3.13.y stable series, so migration to 3.14.y soon is advisable.
Four new stable kernels

Oracle MySQL Server CVE-2014-2432 Remote Security Vulnerability
Vuln: Oracle MySQL Server CVE-2014-2432 Remote Security Vulnerability

Oracle MySQL Server CVE-2014-2438 Remote Security Vulnerability
Vuln: Oracle MySQL Server CVE-2014-2438 Remote Security Vulnerability

Oracle MySQL Client CVE-2014-2440 Remote Security Vulnerability
Vuln: Oracle MySQL Client CVE-2014-2440 Remote Security Vulnerability

Oracle MySQL Server CVE-2014-2436 Remote Security Vulnerability
Vuln: Oracle MySQL Server CVE-2014-2436 Remote Security Vulnerability

[security bulletin] HPSBMU02995 rev.3 - HP Software HP Service Manager, Asset Manager, UCMDB Browser, UCMDB Configuration Manager, Executive Scorecard, Server Automation, Diagnostics, LoadRunner, and Performance Center, running OpenSSL, Remote Disclosure
Bugtraq: [security bulletin] HPSBMU02995 rev.3 - HP Software HP Service Manager, Asset Manager, UCMDB Browser, UCMDB Configuration Manager, Executive Scorecard, Server Automation, Diagnostics, LoadRunner, and Performance Center, running OpenSSL, Remote Disclosure

[security bulletin] HPSBMU02998 rev.2 - HP System Management Homepage (SMH) running OpenSSL on Linux and Windows, Remote Disclosure of Information, Denial of Service (DoS)
Bugtraq: [security bulletin] HPSBMU02998 rev.2 - HP System Management Homepage (SMH) running OpenSSL on Linux and Windows, Remote Disclosure of Information, Denial of Service (DoS)

[security bulletin] HPSBGN03010 rev.1 - HP Software Server Automation, "HeartBleed" OpenSSL Vulnerability, Remote Disclosure of Information
Bugtraq: [security bulletin] HPSBGN03010 rev.1 - HP Software Server Automation, "HeartBleed"OpenSSL Vulnerability, Remote Disclosure of Information

[ MDVSA-2014:079 ] json-c
Bugtraq: [ MDVSA-2014:079 ] json-c

News, Infocus, Columns, Vulnerabilities, Bugtraq ...
More rss feeds from SecurityFocus