Issues on Linux and Security
button Other -->

mp3riot (formerly known as


I decided to rename into mp3riot. the reason is, that the name does not clearly indicate, for what the program is best suited for. Because the program has grown so much (and because the the name should be more attractive to get more users), a renaming seems to be a must to me.

There are some important news about mp3riot / f2htmlpl. Please see the NEWS for further details.


Mp3riot (formerly known as is a command line utility that searches recursively through directories, builds a file list (with additional file information), and generates html files, plylists, etc. The output can be controlled, links can be corrected, and more. The script is mainly desigend to create Web pages, playlists, and databases for mp3-files, but can also used for other purposes.

Read the manual for further details.

Main Features:

  • supports playlists in m3u, pls, and xml format
  • supports sql output
  • creates html pages, templates can be used
  • supports advanced grouping methods
  • supports slection by date ranges, file extensions, and by random
  • supports renaming of mp3 files using id3tag information, templates or guessing can be used
  • advanced string manipulation methods
  • and much more ...


Latest version:

Older versions of mp3riot /

For Windows-Users:

You can also download a windows executable compiled with perl2exe. Then you need not to install perl. But I have not testet the functionality of the executable in detail. So it is best to use perl and the source of mp3riot!

Windows binaries of mp3riot:


perl mp3riot [options]

  • -h, --help: Show this screen and exit
  • -k, --mkconf:Use an assistant to write a config file
  • -o, --os win/unix: Default "unix", otherwise windows
  • -Q, --sortby value: Default is NAME (the filename). You can sort the filelist by the following criteria: URLNAME, SHOWNAME, DIR, NAME, TITLE, ARTIST, ALBUM, YEAR, COMMENT, GENRE, TRACKNUM, SIZE, MODTIME, VBR, BITRATE, FREQUENCY, MINUTES, SECONDS, FIRSTCHAR
  • -n, --doublicates: Check for doublicates of files by their filename
  • -D, --md5doublicates: Check for doublicates of files by their MD5 sum
  • -V, --seekvalues <n,+-n,n>: Three values that have to be seperated by ",". This is an useful option for --md5doublicates. The first one is the offset in bytes, the second is the number of bytes to seek (and the direction), and the last value tells the program where to start from (1 means to start from the begining of a file, 2 means to start from the end of a file. So, a combination of 1000,-1128,2 tells the programm to start 1128 bytes before the file ends (id3v1 tag is 128 bytes long!) and use 1000 bytes for calculation of md5 sums.
  • -b, --dbfile file: Write database to a file for searching it
  • -m --m3u file: Write a m3u playlist file. Directory and filename or GROUPPATH for writing m3u files for groups.
  • -X --xml file: Write a xml playlist file. Directory and filename or GROUPPATH for writing xml files for groups.
  • -L --pls file: Write a pls playlist file. Directory and filename or GROUPPATH for writing pls files for groups.
  • -W, --b4s file: Write a b4s playlist file. Directory and filename or GROUPPATH for writing b4s files for groups.
  • -t, --html file: Write a html file. Directory and filename or GROUPPATH for writing html files for groups.
  • -a, --http name: Define the http address for url
  • -r, --remove: Remove id3tags (do you know what you are doing?)
  • -i, --mp3info: Use mp3/ogg info for html output
  • -e, --ext: Remove file extensions in html output
  • -f, --filesize: Use filesize for html output
  • -c, --check ext: Select files by their extension(s) (e.g. mp3). For every extension use a seperate flag!
  • -z, --skip number: Skip n elements of mount/directories/names
  • -p, --conf file: Use a config file
  • -w, --utf8 file: File with UTF-8 code for replacements in links
  • -q, --nocs: Do sorting not case sensitive
  • -j, --statfile file: Write statistics to file
  • -d, --dir directory: Define the (multiple) directory(ies) the mp3s are stored in. For every directory use a seperate flag!
  • -g, --sql file: Filename to store sql table in (only for mp3 and ogg!)
  • -y, --replace file: Name of replacement file; in the file use <string_1>=<string_2> to transform <string_1> into <string_2>; special characters like a backslash have to be preceeded by a backslash "\\" (used for directories)
  • -s, --seperate path: Write seperate html files for every character
  • -R, --rename: Renames mp3 and ogg file using their id3tag. The use of rename_template in the configfile is optional. If rename_template is not used, the program tries to create a filename like: ARTIST - ALBUM - TRACKNUMBER - TITLE by using the id3tag. It assumes, that the filenames have a similar format and tries to guess, whether the id3tag has enough information to create a better filename. Old and new filenames are stored in RENAME.bak
  • -B, --renameback: Renames files back using the file RENAME.bak
  • -T, --templatesHtml templates are used. They have to be defined in the conmfig file using the commands html_head, html_change, html_body, html_footer, html_sep_head. See the README for avalable templates!
  • -G, --groupfile file: Filename for grouping information: <groupname1>=<TYPE>=<string1>,<string2>,...
  • -P, --grouppath path: The path, where to write the html files for group
  • -O, --older number: Only files are selected, having a modification time higher than the specified days
  • -Y, --younger number: Only files are selected, having a modification time less than the specified days
  • -I, --id3tag: Use the id3 tag to get infos
  • -S, --random number: Percentage of file to select randomly (e.g. 50 to select 50% of files/every second file)
You can use nearly all commands in a config file (and it is the best to do it this way!). The syntax then changes sligthly, so that, for example, --dir changes to dir=
Additionally, in the config file it is possible to use the commands:
  • exec= param: Execute system command. This command can be used multiple times
  • rename_template=string:string with templates for renaming files by their id3tag (to be used together with --rename)
    The following rename templates are available: **TITLE**, **ARTIST**, **ALBUM**, **YEAR**, **COMMENT**, **GENRE**. **TRACKNUM**
  • html_head= string: Html code for the head
  • html_change= string: Html code if the first character between two file names change
  • html_body= string: Html code for each filename
  • html_footer= string: Html code for the foot
  • html_sep_head= string: Html code for the head seperate html files by first character
    The following html templates are available: **SUMOFFILES**, **SUMOFMEGS**, **DATE**, **URLNAME**, **SHOWNAME**, **DIR**, **NAME**, **TITLE**, **ARTIST**, **ALBUM**, **YEAR**, **COMMENT**, **GENRE**, **TRACKNUM**, **SIZE**, **MODTIME**, **VBR**, **BITRATE**, **FREQUENCY**, **MINUTES**, **SECONDS**, **HTMLINDEX**, **FIRSTCHAR**


mp3riot 1.3-20041220

  • extended grouping fuction for all playlistfiles
  • renaming of special characters for filenames og groups
  • support of b4s playlistformat
  • sorting of filelist by various criterias of id3tag, mp3 and
  • file information (e.g. ARTIST, BITRATE etc.)
  • extended output of doublicate function by diretory names
  • added FIRSTCHAR as a value for grouping

mp3riot 1.2-20041007

  • Fixed bug in sql output
  • Flexible search for doublicate files using md5 sums
  • search for doublicates by filenames seperated from search function
  • fixed bug in xml output
  • filesize in html output is now rouded
  • replaced progress bar by counter in percentage
  • added counter for collected files
  • fixed bug in index in html output
  • fixed bug in html output for grouping
  • extended grouping function by new type EQUAL
  • bugfix in pls output

mp3riot 1.1-20030728

  • Renamed into mp3riot
  • Fixed output of playlist in M3U format, so that the M3U file is now containing full information
  • Fixed bug for retreaving the TITLE of an id3tag
  • Added output of playlist in XML format
  • Added output of playlist in PLS format
  • Added random fileselection for random playlists
  • Added the tracknumber for sql output
  • Added **TRACKNUM** (tracknumber) and as a template variable for html output
  • Added TRACKNUM (tracknumber) as a variable for groupings
  • Added tracknumber and comment for db output
  • Fixed bug in renaming function when special characters are present in the id3tag
  • Added rename_template to do renaming of files using their id3tag in a flexible way
  • Fixed a bug in renameback 1.0-20030319

  • Fixed some smaller bugs
  • Rebuild the internal data structure completely
  • Removed option for fast sorting (not necessary any more)
  • Implemented selection of files by their modification time (younger and/or older than days from now)
  • Implemented grouping of files by string matching between group defninitions by various types
  • Implemented variable html-code dsefinitions and templates
  • Changed definition for string replacement
  • now comes with a new version of from MP3-Info-1.02 by Chris Nandor
  • The use of the id3tag for sql and html output is now optional
  • Manpage is not supported any more. 0.9-20030313

  • Fixed a commandline parameter bug where the parameters were handled non case sensitive. Now there are handled case sensitive. As a result the functions RENAME and RENAMEBACK did not work when called with the short command line argument.
  • Fixed a commandline parameter bug that occured with Perl 5.8.0 and Getopt::Long 2.32. The -s flag in line 1 of the perl script causes the program to count the command line parameters in an usual way, so that command line parameters got disturbed and did not work any more. 0.8-20021105

  • Some changes in the documentation.
  • New option to rename files using their id3tag.
  • New option to rename files back.
  • Some code fixes.
  • Usage of the replace option has changed. 0.7-20021016

  • Bug for the option "check" in config file and configuration wizard fixed
  • Bug for the check of the mp3 extension when mp3info was enabled fixed.
  • Bug of sum of megs in html output fixed.
  • Bug in mp3table.sql fixed.
  • Basic ogg vorbis support implemented (thanks to Jens Burkal). 0.6-20020718

  • New method (experimental) for faster sorting. Useful for indexing huge number of files or mp3 files with additional information.
  • New option for checking for dublicates of filenames.
  • Now comes wioth a new version of from MP3-Info-1.01 by Chris Nandor. 0.5-20020626

  • Fixed problem with sql data output when files contain the charakter " ' ".
  • Name of option "hex" changed to "utf8".
  • Implemeted progress bar for prepating html files.
  • More information about what the program is doing. 0.4-20011127

  • Now f2html comes with a new version of from MP3-Info-0.91 by Chris Nandor.
  • Minor Bugfixes.
  • New option to create sql database.
  • New option to create a config file. 0.3-20010628

  • Some checks and corrections for pathnames.
  • Only existing characters are written out at the top of a html file.
  • Rewrite of sum of files and sizes. Important for writing seperate html files for every character.
  • The option -q has been implemented and allows for doing the procedures in a non case sensitive way.
  • The option -j has been implemented. A html file with statistics can be written out. 0.2-20010117

  • The manual has been updated.
  • The option -c has been updated. Now this option can be used more than only one time. So one is able to select file by different extensions. 0.1-20001127

  • Initial release.

back to top

button Whats New
[2005-02-18] mp3riot version 1.3 released
[2004-10-08] mp3riot version 1.2 is out.
[2004-04-30] Added section Bridging
[2004-01-09] working progress on mp3riot version 1.2
The Weekly Edition for February 11, 2016 is available.
[$] Weekly Edition for February 11, 2016

Scratching an itch is a recurring theme in presentations at As the open-hardware movement gains strength, more and more of these itches relate to the physical world, not just the digital. David Tulloh used his presentation [WebM]on the ?Linux Driven Microwave? to discuss how annoying microwave ovens can be and to describe his project to build something less irritating. Click below (subscribers only) for the full report from Neil Brown.
[$] A Linux-powered microwave oven

Arch Linuxhas updated kscreenlocker(restriction bypass). CentOShas updated sos(C6: information leak). Fedorahas updated claws-mail(F22: stack-based buffer overflow), imlib2(F22: denial of service), python-pillow(F23: denial of service), and webkitgtk4(F22: multiple vulnerabilities). Mageiahas updated ffmpeg(multiple vulnerabilities), flash-player-plugin(multiple vulnerabilities), jasper(denial of service), and nettle(improper cryptographic calculations). openSUSEhas updated jasper(13.2: denial of service), krb5(13.2: three vulnerabilities), and tiff(13.2: three vulnerabilities). Oraclehas updated sos(OL6: information leak). Red Hathas updated openstack-swift(RHELOSP7: denial of service) and python-django(RHELOSP7; RHELOSP5 for RHEL7; RHELOSP5 for RHEL6: information disclosure). Scientific Linuxhas updated sos(SL6: information leak). SUSEhas updated flash-player(SLE12-SP1; SLE11-SP4: multiple vulnerabilities) and java-1_7_1-ibm(SLE12-SP1; SLE11-SP4: multiple vulnerabilities). Ubuntuhas updated nginx(15.10, 14.04: denial of service).
Security advisories for Wednesday

The SourceForge hosting site has announcedthat it has a new owner (BIZX, LLC, along with Slashdot) and that it will be getting rid of the controversial DevShare program, which was covered herein 2013. "As of last week, the DevShare program was completely eliminated. The DevShare program delivered installer bundles as part of the download for participating projects. We want to restore our reputation as a trusted home for open source software, and this was a clear first step towards that. We?re more interested in doing the right thing than making extra short-term profit."
SourceForge dumps DevShare

The LibreOffice 5.1 release is available. "LibreOffice 5.1's user interface has been completely reorganized, to provide faster and more convenient access to its most used features. A new menu has been added to each of the applications: Style (Writer), Sheet (Calc) and Slide (Impress and Draw). In addition, several icons and menu commands have been repositioned based on user preferences."See this pagefor (a little) more information and some videos.
LibreOffice 5.1 released

The Obama administration has put out a planfor how it would like to make the net a safer place. There are a lot of topics covered here; toward the end it also mentions that "the Government will work with organizations such as the Linux Foundation?s Core Infrastructure Initiative to fund and secure commonly used internet 'utilities' such as open-source software, protocols, and standards. Just as our roads and bridges need regular repair and upkeep, so do the technical linkages that allow the information superhighway to flow."
The US government's "Cybersecurity National Action Plan"

"TPM,"said Matthew Garrett in his linux.conf.au2016 talk, stands for "trusted platform module"; it is a tool that is meant to allow a system's owner to decide which software to trust. Some years ago, there was a lot of fear that the TPM would be used, instead, to take that decision away, to allow others to decide which software would be trusted to run on our systems; for that reason, some called "trusted computing"by the rather less complimentary name "treacherous computing."That scenario didn't come about, though, for a number of reasons, both technical and social. But we can still use the TPM for its original purpose; Matthew was there to talk about his work to bring about computing that we can trust. Click below (subscribers only) for the full report from LCA 2016.
[$] Protecting systems with the TPM

Debianhas updated qemu(multiple vulnerabilities), qemu(more vulnerabilities), qemu-kvm(multiple vulnerabilities), and wordpress(two vulnerabilities). Debian-LTShas updated gajim(man-in-the-middle). Mageiahas updated mbedtls/hiawatha/belle-sip/linphone/pdns(code execution), openssl(man-in-the-middle), php(multiple vulnerabilities), privoxy(denial of service), and radicale(authentication bypass). Red Hathas updated sos(RHEL6: information leak). Slackwarehas updated curl(authentication bypass) and flac(multiple vulnerabilities). SUSEhas updated java-1_8_0-ibm(SLE12-SP1: multiple vulnerabilities) and rubygem-rails-html-sanitizer(SES2.1: multiple vulnerabilities). Ubuntuhas updated firefox(regression in previous update).
Tuesday's security updates

Wired talks with John Perry Barlowon the 20th anniversary of his Declaration of Independence of Cyberspace. "In the modern era of global NSA surveillance, China?s Great Firewall, and FBI agents trawling the dark Web, it?s easy to write off Barlow?s declaration as early dotcom-era hubris. But on his document?s 20th anniversary, Barlow himself wants to be clear: He stands by his words just as much today as he did when he clicked ?send? in 1996."
It?s Been 20 Years Since This Man Declared Cyberspace Independence (Wired)

Arch Linuxhas updated lib32-libsndfile(multiple vulnerabilities) and libsndfile(multiple vulnerabilities). Debianhas updated polarssl(code execution) and tiff(multiple vulnerabilities). Debian-LTShas updated eglibc(multiple vulnerabilities) and linux-2.6(multiple vulnerabilities). Fedorahas updated claws-mail(F23: stack-based buffer overflow), nginx(F22: denial of service), and prosody(F23: insecure handling of dialback keys). Mageiahas updated cakephp(denial of service), cgit(three vulnerabilities), curl(authentication bypass), cyrus-imapd(two vulnerabilities), docker/golang(two vulnerabilities), gajim(man-in-the-middle), imlib2(denial of service), java-1.8.0-openjdk/copy-jdk-configs/lua-lunit/lua-posix(multiple vulnerabilities), krb5(three vulnerabilities), phpmyadmin/phpseclib(multiple vulnerabilities), and socat(man-in-the-middle). openSUSEhas updated curl(Leap42.1; 13.2; 13.1: authentication bypass), mariadb(Leap42.1; 13.2: multiple vulnerabilities), mysql(Leap42.1, 13.2; 13.1: multiple vulnerabilities), nginx(Leap42.1: denial of service), openssl(13.2: man-in-the-middle), php5(Leap42.1: two vulnerabilities), phpMyAdmin(Leap42.1, 13.2: multiple vulnerabilities), rubygem-actionpack-3_2(13.2: multiple vulnerabilities), rubygem-actionpack-4_2(Leap42.1: multiple vulnerabilities), rubygem-rails-html-sanitizer(Leap42.1: multiple vulnerabilities), and phpmyadmin(13.1: multiple vulnerabilities). Red Hathas updated openstack-swift(RHELOSP5 for RHEL6; RHELOSP5 for RHEL7; RHELOSP6 for RHEL7: denial of service) and python-django(RHELOSP6 for RHEL7: information disclosure). SUSEhas updated kernel(SLE11-SP3: multiple vulnerabilities).
Security advisories for Monday

The 4.5-rc3kernel prepatch is out. "It's slightly bigger than I'd like, but not excessively so (and not unusually so). Most of the patches are pretty small, although the diff is utterly dominated by the (big) removal a couple of staging rdma drivers that just weren't going anywhere. Those removal patches are 90% of the bulk of the diff."
Kernel prepatch 4.5-rc3

The CoreOS project has announcedversion 1.0 of its rktcontainer manager. As part of the release, rkt's command-line interface and on-disk format have been declared stable. The announcement also highlights a number of new security features, including "KVM-based container isolation, SELinux support, TPM integration, image signature validation, and privilege separation"and notes that rkt will run Docker images.
The rkt container manager reaches 1.0

Arch Linuxhas updated libbsd(denial of service). Debianhas updated krb5(multiple vulnerabilities). Fedorahas updated nettle(F23: improper cryptographic calculations), salt(F22: information leak), and webkitgtk4(F23: multiple vulnerabilities). SUSEhas updated MozillaFirefox, MozillaFirefox-branding-SLE, mozilla-nss(SLE12: multiple vulnerabilities) and MozillaFirefox, MozillaFirefox-branding-SLED, mozilla-nss(SLE11: multiple vulnerabilities).
Friday's security updates

Over at, Eric Brown looksat the newly announced Ubuntu Touch tablet. The hardware: "The Aquaris M10 is equipped with a 64-bit, quad-core, Cortex-A53 MediaTek MT8163A system-on-chip clocked to 1.5GHz, along with a high-powered ARM Mali-T720 MP2 GPU. The tablet ships with 2GB of RAM, 16GB flash, and a microSD slot."It is said to have 1920x1200 resolution and an 8 megapixel camera capable of HD recording. The interface will change to take advantage of larger displays and additional input devices (e.g. keyboard, mouse). "It appears that the upcoming Ubuntu 16.04 ?Xenial Xerus? LTS release due in April will be the first true convergence release. According to PC World, it will still be optional, however, with a traditional Unity 7 build with available alongside the newly converged Unity 8 with the new Mir display server. The new tablet, and Unity 8,will feature Ubuntu Touch?s Scopes interface, which presents frequently used content and services as an alternative to traditional apps. In addition to automatically changing the interface in response to new screens and input devices, Ubuntu is also providing convergence on the application development level. Developers are already developing single apps that can automatically morph into desktop, phone, and tablet formats."
First Ubuntu Touch Tablet Brings Convergence at Last (

Debian-LTShas updated openjdk-6(multiple vulnerabilities). Fedorahas updated nodejs-is-my-json-valid(F23: denial of service), phpmyadmin(F23: multiple vulnerabilities), and prosody(F22: insecure key handling). Gentoohas updated qemu(multiple vulnerabilities). Slackwarehas updated mozilla(unspecified), mplayer(file contents leak), openssl(cipher downgrade), and php(three vulnerabilities).
Thursday's security advisories

JasPer 'jas_matrix_create()' Function Integer Overflow Vulnerability
Vuln: JasPer 'jas_matrix_create()' Function Integer Overflow Vulnerability

Oracle Java SE CVE-2015-2625 Remote Security Vulnerability
Vuln: Oracle Java SE CVE-2015-2625 Remote Security Vulnerability

Linux Kernel CVE-2015-7990 Incomplete Fix Null Pointer Deference Denial of Service Vulnerability
Vuln: Linux Kernel CVE-2015-7990 Incomplete Fix Null Pointer Deference Denial of Service Vulnerability

Linux Kernel 'btrfs/inode.c' Information Disclosure Vulnerability
Vuln: Linux Kernel 'btrfs/inode.c' Information Disclosure Vulnerability

Duplicator Wordpress Plugin - Source Code And Database Dump Via CSRF Vulnerability
Bugtraq: Duplicator Wordpress Plugin - Source Code And Database Dump Via CSRF Vulnerability

Re: [FD] [CVE-2016-0602, CVE-2016-0603] Executable installers are vulnerable^WEVIL (case 24): Oracle Java 6/7/8 SE and VirtualBox
Bugtraq: Re: [FD] [CVE-2016-0602, CVE-2016-0603] Executable installers are vulnerable^WEVIL (case 24): Oracle Java 6/7/8 SE and VirtualBox

Re: OLE DB Provider for Oracle multiple DLL side loading vulnerabilities
Bugtraq: Re: OLE DB Provider for Oracle multiple DLL side loading vulnerabilities

MapsUpdateTask Task DLL side loading vulnerability
Bugtraq: MapsUpdateTask Task DLL side loading vulnerability

News, Infocus, Columns, Vulnerabilities, Bugtraq ...
More rss feeds from SecurityFocus