Issues on Linux and Security
button Other -->

mp3riot (formerly known as


I decided to rename into mp3riot. the reason is, that the name does not clearly indicate, for what the program is best suited for. Because the program has grown so much (and because the the name should be more attractive to get more users), a renaming seems to be a must to me.

There are some important news about mp3riot / f2htmlpl. Please see the NEWS for further details.


Mp3riot (formerly known as is a command line utility that searches recursively through directories, builds a file list (with additional file information), and generates html files, plylists, etc. The output can be controlled, links can be corrected, and more. The script is mainly desigend to create Web pages, playlists, and databases for mp3-files, but can also used for other purposes.

Read the manual for further details.

Main Features:

  • supports playlists in m3u, pls, and xml format
  • supports sql output
  • creates html pages, templates can be used
  • supports advanced grouping methods
  • supports slection by date ranges, file extensions, and by random
  • supports renaming of mp3 files using id3tag information, templates or guessing can be used
  • advanced string manipulation methods
  • and much more ...


Latest version:

Older versions of mp3riot /

For Windows-Users:

You can also download a windows executable compiled with perl2exe. Then you need not to install perl. But I have not testet the functionality of the executable in detail. So it is best to use perl and the source of mp3riot!

Windows binaries of mp3riot:


perl mp3riot [options]

  • -h, --help: Show this screen and exit
  • -k, --mkconf:Use an assistant to write a config file
  • -o, --os win/unix: Default "unix", otherwise windows
  • -Q, --sortby value: Default is NAME (the filename). You can sort the filelist by the following criteria: URLNAME, SHOWNAME, DIR, NAME, TITLE, ARTIST, ALBUM, YEAR, COMMENT, GENRE, TRACKNUM, SIZE, MODTIME, VBR, BITRATE, FREQUENCY, MINUTES, SECONDS, FIRSTCHAR
  • -n, --doublicates: Check for doublicates of files by their filename
  • -D, --md5doublicates: Check for doublicates of files by their MD5 sum
  • -V, --seekvalues <n,+-n,n>: Three values that have to be seperated by ",". This is an useful option for --md5doublicates. The first one is the offset in bytes, the second is the number of bytes to seek (and the direction), and the last value tells the program where to start from (1 means to start from the begining of a file, 2 means to start from the end of a file. So, a combination of 1000,-1128,2 tells the programm to start 1128 bytes before the file ends (id3v1 tag is 128 bytes long!) and use 1000 bytes for calculation of md5 sums.
  • -b, --dbfile file: Write database to a file for searching it
  • -m --m3u file: Write a m3u playlist file. Directory and filename or GROUPPATH for writing m3u files for groups.
  • -X --xml file: Write a xml playlist file. Directory and filename or GROUPPATH for writing xml files for groups.
  • -L --pls file: Write a pls playlist file. Directory and filename or GROUPPATH for writing pls files for groups.
  • -W, --b4s file: Write a b4s playlist file. Directory and filename or GROUPPATH for writing b4s files for groups.
  • -t, --html file: Write a html file. Directory and filename or GROUPPATH for writing html files for groups.
  • -a, --http name: Define the http address for url
  • -r, --remove: Remove id3tags (do you know what you are doing?)
  • -i, --mp3info: Use mp3/ogg info for html output
  • -e, --ext: Remove file extensions in html output
  • -f, --filesize: Use filesize for html output
  • -c, --check ext: Select files by their extension(s) (e.g. mp3). For every extension use a seperate flag!
  • -z, --skip number: Skip n elements of mount/directories/names
  • -p, --conf file: Use a config file
  • -w, --utf8 file: File with UTF-8 code for replacements in links
  • -q, --nocs: Do sorting not case sensitive
  • -j, --statfile file: Write statistics to file
  • -d, --dir directory: Define the (multiple) directory(ies) the mp3s are stored in. For every directory use a seperate flag!
  • -g, --sql file: Filename to store sql table in (only for mp3 and ogg!)
  • -y, --replace file: Name of replacement file; in the file use <string_1>=<string_2> to transform <string_1> into <string_2>; special characters like a backslash have to be preceeded by a backslash "\\" (used for directories)
  • -s, --seperate path: Write seperate html files for every character
  • -R, --rename: Renames mp3 and ogg file using their id3tag. The use of rename_template in the configfile is optional. If rename_template is not used, the program tries to create a filename like: ARTIST - ALBUM - TRACKNUMBER - TITLE by using the id3tag. It assumes, that the filenames have a similar format and tries to guess, whether the id3tag has enough information to create a better filename. Old and new filenames are stored in RENAME.bak
  • -B, --renameback: Renames files back using the file RENAME.bak
  • -T, --templatesHtml templates are used. They have to be defined in the conmfig file using the commands html_head, html_change, html_body, html_footer, html_sep_head. See the README for avalable templates!
  • -G, --groupfile file: Filename for grouping information: <groupname1>=<TYPE>=<string1>,<string2>,...
  • -P, --grouppath path: The path, where to write the html files for group
  • -O, --older number: Only files are selected, having a modification time higher than the specified days
  • -Y, --younger number: Only files are selected, having a modification time less than the specified days
  • -I, --id3tag: Use the id3 tag to get infos
  • -S, --random number: Percentage of file to select randomly (e.g. 50 to select 50% of files/every second file)
You can use nearly all commands in a config file (and it is the best to do it this way!). The syntax then changes sligthly, so that, for example, --dir changes to dir=
Additionally, in the config file it is possible to use the commands:
  • exec= param: Execute system command. This command can be used multiple times
  • rename_template=string:string with templates for renaming files by their id3tag (to be used together with --rename)
    The following rename templates are available: **TITLE**, **ARTIST**, **ALBUM**, **YEAR**, **COMMENT**, **GENRE**. **TRACKNUM**
  • html_head= string: Html code for the head
  • html_change= string: Html code if the first character between two file names change
  • html_body= string: Html code for each filename
  • html_footer= string: Html code for the foot
  • html_sep_head= string: Html code for the head seperate html files by first character
    The following html templates are available: **SUMOFFILES**, **SUMOFMEGS**, **DATE**, **URLNAME**, **SHOWNAME**, **DIR**, **NAME**, **TITLE**, **ARTIST**, **ALBUM**, **YEAR**, **COMMENT**, **GENRE**, **TRACKNUM**, **SIZE**, **MODTIME**, **VBR**, **BITRATE**, **FREQUENCY**, **MINUTES**, **SECONDS**, **HTMLINDEX**, **FIRSTCHAR**


mp3riot 1.3-20041220

  • extended grouping fuction for all playlistfiles
  • renaming of special characters for filenames og groups
  • support of b4s playlistformat
  • sorting of filelist by various criterias of id3tag, mp3 and
  • file information (e.g. ARTIST, BITRATE etc.)
  • extended output of doublicate function by diretory names
  • added FIRSTCHAR as a value for grouping

mp3riot 1.2-20041007

  • Fixed bug in sql output
  • Flexible search for doublicate files using md5 sums
  • search for doublicates by filenames seperated from search function
  • fixed bug in xml output
  • filesize in html output is now rouded
  • replaced progress bar by counter in percentage
  • added counter for collected files
  • fixed bug in index in html output
  • fixed bug in html output for grouping
  • extended grouping function by new type EQUAL
  • bugfix in pls output

mp3riot 1.1-20030728

  • Renamed into mp3riot
  • Fixed output of playlist in M3U format, so that the M3U file is now containing full information
  • Fixed bug for retreaving the TITLE of an id3tag
  • Added output of playlist in XML format
  • Added output of playlist in PLS format
  • Added random fileselection for random playlists
  • Added the tracknumber for sql output
  • Added **TRACKNUM** (tracknumber) and as a template variable for html output
  • Added TRACKNUM (tracknumber) as a variable for groupings
  • Added tracknumber and comment for db output
  • Fixed bug in renaming function when special characters are present in the id3tag
  • Added rename_template to do renaming of files using their id3tag in a flexible way
  • Fixed a bug in renameback 1.0-20030319

  • Fixed some smaller bugs
  • Rebuild the internal data structure completely
  • Removed option for fast sorting (not necessary any more)
  • Implemented selection of files by their modification time (younger and/or older than days from now)
  • Implemented grouping of files by string matching between group defninitions by various types
  • Implemented variable html-code dsefinitions and templates
  • Changed definition for string replacement
  • now comes with a new version of from MP3-Info-1.02 by Chris Nandor
  • The use of the id3tag for sql and html output is now optional
  • Manpage is not supported any more. 0.9-20030313

  • Fixed a commandline parameter bug where the parameters were handled non case sensitive. Now there are handled case sensitive. As a result the functions RENAME and RENAMEBACK did not work when called with the short command line argument.
  • Fixed a commandline parameter bug that occured with Perl 5.8.0 and Getopt::Long 2.32. The -s flag in line 1 of the perl script causes the program to count the command line parameters in an usual way, so that command line parameters got disturbed and did not work any more. 0.8-20021105

  • Some changes in the documentation.
  • New option to rename files using their id3tag.
  • New option to rename files back.
  • Some code fixes.
  • Usage of the replace option has changed. 0.7-20021016

  • Bug for the option "check" in config file and configuration wizard fixed
  • Bug for the check of the mp3 extension when mp3info was enabled fixed.
  • Bug of sum of megs in html output fixed.
  • Bug in mp3table.sql fixed.
  • Basic ogg vorbis support implemented (thanks to Jens Burkal). 0.6-20020718

  • New method (experimental) for faster sorting. Useful for indexing huge number of files or mp3 files with additional information.
  • New option for checking for dublicates of filenames.
  • Now comes wioth a new version of from MP3-Info-1.01 by Chris Nandor. 0.5-20020626

  • Fixed problem with sql data output when files contain the charakter " ' ".
  • Name of option "hex" changed to "utf8".
  • Implemeted progress bar for prepating html files.
  • More information about what the program is doing. 0.4-20011127

  • Now f2html comes with a new version of from MP3-Info-0.91 by Chris Nandor.
  • Minor Bugfixes.
  • New option to create sql database.
  • New option to create a config file. 0.3-20010628

  • Some checks and corrections for pathnames.
  • Only existing characters are written out at the top of a html file.
  • Rewrite of sum of files and sizes. Important for writing seperate html files for every character.
  • The option -q has been implemented and allows for doing the procedures in a non case sensitive way.
  • The option -j has been implemented. A html file with statistics can be written out. 0.2-20010117

  • The manual has been updated.
  • The option -c has been updated. Now this option can be used more than only one time. So one is able to select file by different extensions. 0.1-20001127

  • Initial release.

back to top

button Whats New
[2005-02-18] mp3riot version 1.3 released
[2004-10-08] mp3riot version 1.2 is out.
[2004-04-30] Added section Bridging
[2004-01-09] working progress on mp3riot version 1.2
Software Freedom Conservancy has announceda major fundraising effort. "Pointing to the difficulty of relying on corporate funding while pursuing important but controversial issues, like GPL compliance, Conservancy has structured its fundraiser to increase individual support. The organization needs at least 750 annual Supporters to continue its basic community services and 2500 to avoid hibernating its enforcement efforts. If Conservancy does not meet its goals, it will be forced to radically restructure and wind down a substantial portion of its operations."
Software Freedom Conservancy Launches 2015 Fundraiser

Debianhas updated libcommons-collections3-java(unsanitized input data) and symfony(two vulnerabilities). Debian-LTShas updated putty(memory corruption). Fedorahas updated grub2(F23: Secure Boot circumvention), krb5(F21: multiple vulnerabilities), libpng10(F23; F22; F21: two vulnerabilities), sblim-sfcb(F23; F22; F21: denial of service), and wpa_supplicant(F22: denial of service). Slackwarehas updated pcre(code execution). SUSEhas updated linux-3.12.32(SLELP12: two vulnerabilities), linux-3.12.36(SLELP12: two vulnerabilities), linux-3.12.38(SLELP12: two vulnerabilities), linux-3.12.39(SLELP12: two vulnerabilities), linux-3.12.43(SLELP12: two vulnerabilities), linux-3.12.44(SLELP12: two vulnerabilities), and linux-3.12.44(SLELP12: two vulnerabilities). Ubuntuhas updated icedtea-web(15.10, 15.04, 14.04: applet execution) and python-django(15.10, 15.04, 14.04, 12.04: information disclosure).
Security advisories for Wednesday

RAID5 support in the MD driver has been part of mainline Linux since 2.4.0 was released in early 2001. During this time it has been used widely by hobbyists and small installations, but there has been little evidence of any impact on the larger or "enterprise"sites. Anecdotal evidence suggests that such sites are usually happier with so-called "hardware RAID"configurations where a purpose-built computer, whether attached by PCI or fibre channel or similar, is dedicated to managing the array. This situation could begin to change with the 4.4 kernel, which brings some enhancements to the MD driver that should make it more competitive with hardware-RAID controllers.
[$] A journal for MD/RAID5

Debian-LTShas updated openjdk-6(multiple vulnerabilities). Fedorahas updated libsndfile(F22; F21: buffer overflow), mingw-freeimage(F23; F22: integer overflow), rpm(F23: denial of service), wpa_supplicant(F21: denial of service), and zarafa(F21: two vulnerabilities, one from 2012). Oraclehas updated autofs(OL7: privilege escalation), binutils(OL7: multiple vulnerabilities), chrony(OL7: multiple vulnerabilities), cpio(OL7: denial of service), cups-filters(OL7: multiple vulnerabilities), curl(OL7: multiple vulnerabilities), file(OL7: multiple vulnerabilities), grep(OL7: heap buffer overrun), grub2(OL7: Secure Boot circumvention), krb5(OL7: two vulnerabilities), libreport(OL6: data leak), libssh2(OL7: information leak), net-snmp(OL7: denial of service), netcf(OL7: denial of service), ntp(OL7: multiple vulnerabilities), openhpi(OL7: world writable /var/lib/openhpi directory), openldap(OL7: unintended cipher usage), openssh(OL7: two vulnerabilities), python(OL7: multiple vulnerabilities), rest(OL7: denial of service), rubygem-bundler and rubygem-thor(OL7: installs malicious gem files), squid(OL7: certificate validation bypass), unbound(OL7: denial of service), wireshark(OL7: multiple vulnerabilities), and xfsprogs(OL7: information disclosure). Scientific Linuxhas updated libreport(SL6: data leak). SUSEhas updated firefox(SLES10SP4: multiple vulnerabilities).
Security updates for Tuesday

Red Hat has announced the releaseof Red Hat Enterprise Linux 7.2. "New features and capabilities focus on security, networking, and system administration, along with a continued emphasis on enterprise-ready tooling for the development and deployment of Linux container-based applications. In addition, Red Hat Enterprise Linux 7.2 includes compatibility with the new Red Hat Insights, an add-on operational analytics offering designed to increase IT efficiency and reduce downtime through the proactive identification of known risks and technical issues."
Red Hat Enterprise Linux 7.2

Debianhas updated openjdk-7(unspecified vulnerability). Fedorahas updated cyrus-imapd(F21: largely unspecified), gdm(F23: denial of service), jenkins(F23: multiple vulnerabilities), jenkins-remoting(F23: multiple vulnerabilities), kernel(F21: multiple vulnerabilities), libpng(F23: denial of service), m2crypto(F21: denial of service), pdns(F21: denial of service), perl-IPTables-Parse(F21: predictable temporary file names), postgresql(F22: two vulnerabilities), python-rauth(F23: unspecified vulnerability), and xen(F23; F22; F21: denial of service). openSUSEhas updated Chromium(SUSE Package Hub for SLE12; Leap42.1, 13.2, 13.1: information leak), docker(Leap42.1: two vulnerabilities), and miniupnpc(Leap42.1, 13.2, 13.1: code execution). Red Hathas updated abrt, libreport(RHEL7: multiple vulnerabilities), java-1.6.0-ibm(RHEL5,6: multiple vulnerabilities), java-1.7.0-ibm(RHEL5: multiple vulnerabilities), java-1.7.1-ibm(RHEL6,7: multiple vulnerabilities), java-1.8.0-ibm(RHEL7: multiple vulnerabilities), and libreport(RHEL6: data leak).
Security advisories for Monday

Martin Grlin looks at the security of the Plasma desktoprunning under Wayland; it's better than X11, but with some ground yet to cover. "Now imagine you want to write a key logger in a Plasma/Wayland world. How would you do it? I asked myself this question recently, thought about it, found a possible solution and had a key logger in less than 10 minutes: ouch."
Grlin: Looking at the security of Plasma/Wayland

This Libre Graphics World articlelooks at the challenges faced by the 20-year-old GIMP project. "If you've been following GIMP's progress over recent years, you couldn't help yourself noticing the decreasing activity in terms of both commits (a rather lousy metric) and amount of participants (a more sensible one). 'GIMP is dying', say some. 'GIMP developers are slacking', say others. 'You've got to go for crowdfunding' is yet another popular notion. And no matter what, there's always a few whitebearded folks who would blame the team for not going with changes from the FilmGIMP branch. So what's actually going on and what's the outlook for the project?"
GIMP is 20 Years Old, What?s Next? (Libre Graphics World)

The second 4.4 prepatchis out for testing. Linus says: "Things are looking fairly normal in 4.4-land, with no huge surprises in rc2. There were a couple of late features: parisc hugepage support and some late slub bulk allocator patches were not only merged at the end of the week, but they strictly speaking should have been merge window things."
Kernel prepatch 4.4-rc2

Lennart Poettering introduces the sd-event APIfor the implementation of event loops. "sd-event.h, of course, is not the first event loop API around, and it doesn't implement any really novel concepts. When we started working on it we tried to do our homework, and checked the various existing event loop APIs, maybe looking for candidates to adopt instead of doing our own, and to learn about the strengths and weaknesses of the various implementations existing. Ultimately, we found no implementation that could deliver what we needed, or where it would be easy to add the missing bits: as usual in the systemd project, we wanted something that allows us access to all the Linux-specific bits, instead of limiting itself to the least common denominator of UNIX."
Poettering: Introducing sd-event

Debianhas updated lxc(code execution). Debian-LTShas updated nspr(code execution). Mageiahas updated dovecot(M5: denial of service), gcc(M5: predictable random values), kernel(M5: multiple vulnerabilities), latex2rtf(M5: code execution), libpng/libpng12(M5: denial of service), and uglify-js(M5: malicious code obfuscation). openSUSEhas updated krb5(13.1, 13.2: memory corruption) and libksba(13.1, 13.2: denial of service). Red Hathas updated autofs(RHEL7: privilege escalation), binutils(RHEL7: multiple vulnerabilities), chrony(RHEL7: multiple vulnerabilities), cpio(RHEL7: code execution), cups-filters(RHEL7: multiple vulnerabilities), curl(RHEL7: multiple vulnerabilities), file(RHEL7: multiple vulnerabilities), glibc(RHEL7: multiple vulnerabilities; RHEL7: privilege escalation), grep(RHEL7: heap buffer overrun), grub2(RHEL7: Secure Boot circumvention), kernel(RHEL7: multiple vulnerabilities), kernel-rt(RHEL7: multiple vulnerabilities), krb5(RHEL7: multiple vulnerabilities), libssh2(RHEL7: denial of service), net-snmp(RHEL7: denial of service), netcf(RHEL7: denial of service), NetworkManager(RHEL7: multiple vulnerabilities), ntp(RHEL7: multiple vulnerabilities), openhpi(RHEL7: world writable /var/lib/openhpi directory), openldap(RHEL7: unintended cipher usage), openssh(RHEL7: multiple vulnerabilities), pacemaker(RHEL7: privilege escalation), pcs(RHEL7: denial of service), python(RHEL7: multiple vulnerabilities), realmd(RHEL7: unsanitized input), rest(RHEL7: denial of service), rubygem-bundler, rubygem-thor(RHEL7: code execution), squid(RHEL7: certificate validation bypass), sssd(RHEL7: memory leak), tigervnc(RHEL7: multiple vulnerabilities), unbound(RHEL7: denial of service), wireshark(RHEL7: multiple vulnerabilities), and xfsprogs(RHEL7: information leak). Ubuntuhas updated libpng(multiple vulnerabilities).
Friday's security updates

Matthew Garrett continues his campaignagainst Canonical's "intellectual property rights policy". "The reality is that if Debian had had an identical policy in 2004, Ubuntu wouldn't exist. The effort required to strip all Debian trademarks from the source packages would have been immense, and this would have had to be repeated for every release. While this policy is in place, nobody's going to be able to take Ubuntu and build something better."
Garrett: If it's not practical to redistribute free software, it's not free software in practice

The Pitivi 0.95 releaseis out, bringing a lot of changes to this longstanding video editor project. "This one packs a lot of bugfixes and architectural work to further stabilize the GES backend. In this blog post, I?ll give you an overview of the new and interesting stuff this release brings, coming out from a year of hard work. It?s pretty epic and you?re in for a few surprises, so I suggest listening to this song while you?re reading this blog post."
Pitivi 0.95 released

The "Detectify Labs"site has put up a lengthy analysisof the user tracking taking place in many Chrome browser extensions. "Google, claiming that Chrome is the safest web browser out there, is actually making it very simple for extensions to hide how aggressively they are tracking their users. We have also discovered exactly how intrusive this sort of tracking actually is and how these tracking companies actually do a lot of things trying to hide it. Due to the fact that the gathering of data is made inside an extension, all other extensions created to prevent tracking (such as Ghostery) are completely bypassed."At the end they note that the situation with Firefox is not a whole lot better.
Detectify: Chrome Extensions ? AKA Total Absence of Privacy

Version 7 of the Nmap security scannerhas been released. "It is the product of three and a half years of work, nearly 3200 code commits, and more than a dozen point releases since the big Nmap 6 release in May 2012. Nmap turned 18 years old in September this year and celebrates its birthday with 171 new NSE scripts, expanded IPv6 support, world-class SSL/TLS analysis, and more user-requested features than ever."
Nmap 7 released

Oracle Java SE CVE-2015-4860 Remote Security Vulnerability
Vuln: Oracle Java SE CVE-2015-4860 Remote Security Vulnerability

Oracle Java SE CVE-2015-4872 Remote Security Vulnerability
Vuln: Oracle Java SE CVE-2015-4872 Remote Security Vulnerability

Oracle Java SE CVE-2015-4911 Remote Security Vulnerability
Vuln: Oracle Java SE CVE-2015-4911 Remote Security Vulnerability

Oracle Java SE CVE-2015-4903 Remote Security Vulnerability
Vuln: Oracle Java SE CVE-2015-4903 Remote Security Vulnerability

[SECURITY] [DSA 3404-1] python-django security update
Bugtraq: [SECURITY] [DSA 3404-1] python-django security update

CIS Manager Content Management System 2015Q4 - SQL Injection Vulnerability
Bugtraq: CIS Manager Content Management System 2015Q4 - SQL Injection Vulnerability

[security bulletin] HPSBGN03523 rev.1 - HP Loadrunner Virtual Table Server, Remote Code Execution
Bugtraq: [security bulletin] HPSBGN03523 rev.1 - HP Loadrunner Virtual Table Server, Remote Code Execution

[security bulletin] HPSBGN03523 rev.1 - HP Loadrunner Virtual Table Server, Remote Code Execution
Bugtraq: [security bulletin] HPSBGN03523 rev.1 - HP Loadrunner Virtual Table Server, Remote Code Execution

News, Infocus, Columns, Vulnerabilities, Bugtraq ...
More rss feeds from SecurityFocus