Issues on Linux and Security
button Other -->

mp3riot (formerly known as


I decided to rename into mp3riot. the reason is, that the name does not clearly indicate, for what the program is best suited for. Because the program has grown so much (and because the the name should be more attractive to get more users), a renaming seems to be a must to me.

There are some important news about mp3riot / f2htmlpl. Please see the NEWS for further details.


Mp3riot (formerly known as is a command line utility that searches recursively through directories, builds a file list (with additional file information), and generates html files, plylists, etc. The output can be controlled, links can be corrected, and more. The script is mainly desigend to create Web pages, playlists, and databases for mp3-files, but can also used for other purposes.

Read the manual for further details.

Main Features:

  • supports playlists in m3u, pls, and xml format
  • supports sql output
  • creates html pages, templates can be used
  • supports advanced grouping methods
  • supports slection by date ranges, file extensions, and by random
  • supports renaming of mp3 files using id3tag information, templates or guessing can be used
  • advanced string manipulation methods
  • and much more ...


Latest version:

Older versions of mp3riot /

For Windows-Users:

You can also download a windows executable compiled with perl2exe. Then you need not to install perl. But I have not testet the functionality of the executable in detail. So it is best to use perl and the source of mp3riot!

Windows binaries of mp3riot:


perl mp3riot [options]

  • -h, --help: Show this screen and exit
  • -k, --mkconf:Use an assistant to write a config file
  • -o, --os win/unix: Default "unix", otherwise windows
  • -Q, --sortby value: Default is NAME (the filename). You can sort the filelist by the following criteria: URLNAME, SHOWNAME, DIR, NAME, TITLE, ARTIST, ALBUM, YEAR, COMMENT, GENRE, TRACKNUM, SIZE, MODTIME, VBR, BITRATE, FREQUENCY, MINUTES, SECONDS, FIRSTCHAR
  • -n, --doublicates: Check for doublicates of files by their filename
  • -D, --md5doublicates: Check for doublicates of files by their MD5 sum
  • -V, --seekvalues <n,+-n,n>: Three values that have to be seperated by ",". This is an useful option for --md5doublicates. The first one is the offset in bytes, the second is the number of bytes to seek (and the direction), and the last value tells the program where to start from (1 means to start from the begining of a file, 2 means to start from the end of a file. So, a combination of 1000,-1128,2 tells the programm to start 1128 bytes before the file ends (id3v1 tag is 128 bytes long!) and use 1000 bytes for calculation of md5 sums.
  • -b, --dbfile file: Write database to a file for searching it
  • -m --m3u file: Write a m3u playlist file. Directory and filename or GROUPPATH for writing m3u files for groups.
  • -X --xml file: Write a xml playlist file. Directory and filename or GROUPPATH for writing xml files for groups.
  • -L --pls file: Write a pls playlist file. Directory and filename or GROUPPATH for writing pls files for groups.
  • -W, --b4s file: Write a b4s playlist file. Directory and filename or GROUPPATH for writing b4s files for groups.
  • -t, --html file: Write a html file. Directory and filename or GROUPPATH for writing html files for groups.
  • -a, --http name: Define the http address for url
  • -r, --remove: Remove id3tags (do you know what you are doing?)
  • -i, --mp3info: Use mp3/ogg info for html output
  • -e, --ext: Remove file extensions in html output
  • -f, --filesize: Use filesize for html output
  • -c, --check ext: Select files by their extension(s) (e.g. mp3). For every extension use a seperate flag!
  • -z, --skip number: Skip n elements of mount/directories/names
  • -p, --conf file: Use a config file
  • -w, --utf8 file: File with UTF-8 code for replacements in links
  • -q, --nocs: Do sorting not case sensitive
  • -j, --statfile file: Write statistics to file
  • -d, --dir directory: Define the (multiple) directory(ies) the mp3s are stored in. For every directory use a seperate flag!
  • -g, --sql file: Filename to store sql table in (only for mp3 and ogg!)
  • -y, --replace file: Name of replacement file; in the file use <string_1>=<string_2> to transform <string_1> into <string_2>; special characters like a backslash have to be preceeded by a backslash "\\" (used for directories)
  • -s, --seperate path: Write seperate html files for every character
  • -R, --rename: Renames mp3 and ogg file using their id3tag. The use of rename_template in the configfile is optional. If rename_template is not used, the program tries to create a filename like: ARTIST - ALBUM - TRACKNUMBER - TITLE by using the id3tag. It assumes, that the filenames have a similar format and tries to guess, whether the id3tag has enough information to create a better filename. Old and new filenames are stored in RENAME.bak
  • -B, --renameback: Renames files back using the file RENAME.bak
  • -T, --templatesHtml templates are used. They have to be defined in the conmfig file using the commands html_head, html_change, html_body, html_footer, html_sep_head. See the README for avalable templates!
  • -G, --groupfile file: Filename for grouping information: <groupname1>=<TYPE>=<string1>,<string2>,...
  • -P, --grouppath path: The path, where to write the html files for group
  • -O, --older number: Only files are selected, having a modification time higher than the specified days
  • -Y, --younger number: Only files are selected, having a modification time less than the specified days
  • -I, --id3tag: Use the id3 tag to get infos
  • -S, --random number: Percentage of file to select randomly (e.g. 50 to select 50% of files/every second file)
You can use nearly all commands in a config file (and it is the best to do it this way!). The syntax then changes sligthly, so that, for example, --dir changes to dir=
Additionally, in the config file it is possible to use the commands:
  • exec= param: Execute system command. This command can be used multiple times
  • rename_template=string:string with templates for renaming files by their id3tag (to be used together with --rename)
    The following rename templates are available: **TITLE**, **ARTIST**, **ALBUM**, **YEAR**, **COMMENT**, **GENRE**. **TRACKNUM**
  • html_head= string: Html code for the head
  • html_change= string: Html code if the first character between two file names change
  • html_body= string: Html code for each filename
  • html_footer= string: Html code for the foot
  • html_sep_head= string: Html code for the head seperate html files by first character
    The following html templates are available: **SUMOFFILES**, **SUMOFMEGS**, **DATE**, **URLNAME**, **SHOWNAME**, **DIR**, **NAME**, **TITLE**, **ARTIST**, **ALBUM**, **YEAR**, **COMMENT**, **GENRE**, **TRACKNUM**, **SIZE**, **MODTIME**, **VBR**, **BITRATE**, **FREQUENCY**, **MINUTES**, **SECONDS**, **HTMLINDEX**, **FIRSTCHAR**


mp3riot 1.3-20041220

  • extended grouping fuction for all playlistfiles
  • renaming of special characters for filenames og groups
  • support of b4s playlistformat
  • sorting of filelist by various criterias of id3tag, mp3 and
  • file information (e.g. ARTIST, BITRATE etc.)
  • extended output of doublicate function by diretory names
  • added FIRSTCHAR as a value for grouping

mp3riot 1.2-20041007

  • Fixed bug in sql output
  • Flexible search for doublicate files using md5 sums
  • search for doublicates by filenames seperated from search function
  • fixed bug in xml output
  • filesize in html output is now rouded
  • replaced progress bar by counter in percentage
  • added counter for collected files
  • fixed bug in index in html output
  • fixed bug in html output for grouping
  • extended grouping function by new type EQUAL
  • bugfix in pls output

mp3riot 1.1-20030728

  • Renamed into mp3riot
  • Fixed output of playlist in M3U format, so that the M3U file is now containing full information
  • Fixed bug for retreaving the TITLE of an id3tag
  • Added output of playlist in XML format
  • Added output of playlist in PLS format
  • Added random fileselection for random playlists
  • Added the tracknumber for sql output
  • Added **TRACKNUM** (tracknumber) and as a template variable for html output
  • Added TRACKNUM (tracknumber) as a variable for groupings
  • Added tracknumber and comment for db output
  • Fixed bug in renaming function when special characters are present in the id3tag
  • Added rename_template to do renaming of files using their id3tag in a flexible way
  • Fixed a bug in renameback 1.0-20030319

  • Fixed some smaller bugs
  • Rebuild the internal data structure completely
  • Removed option for fast sorting (not necessary any more)
  • Implemented selection of files by their modification time (younger and/or older than days from now)
  • Implemented grouping of files by string matching between group defninitions by various types
  • Implemented variable html-code dsefinitions and templates
  • Changed definition for string replacement
  • now comes with a new version of from MP3-Info-1.02 by Chris Nandor
  • The use of the id3tag for sql and html output is now optional
  • Manpage is not supported any more. 0.9-20030313

  • Fixed a commandline parameter bug where the parameters were handled non case sensitive. Now there are handled case sensitive. As a result the functions RENAME and RENAMEBACK did not work when called with the short command line argument.
  • Fixed a commandline parameter bug that occured with Perl 5.8.0 and Getopt::Long 2.32. The -s flag in line 1 of the perl script causes the program to count the command line parameters in an usual way, so that command line parameters got disturbed and did not work any more. 0.8-20021105

  • Some changes in the documentation.
  • New option to rename files using their id3tag.
  • New option to rename files back.
  • Some code fixes.
  • Usage of the replace option has changed. 0.7-20021016

  • Bug for the option "check" in config file and configuration wizard fixed
  • Bug for the check of the mp3 extension when mp3info was enabled fixed.
  • Bug of sum of megs in html output fixed.
  • Bug in mp3table.sql fixed.
  • Basic ogg vorbis support implemented (thanks to Jens Burkal). 0.6-20020718

  • New method (experimental) for faster sorting. Useful for indexing huge number of files or mp3 files with additional information.
  • New option for checking for dublicates of filenames.
  • Now comes wioth a new version of from MP3-Info-1.01 by Chris Nandor. 0.5-20020626

  • Fixed problem with sql data output when files contain the charakter " ' ".
  • Name of option "hex" changed to "utf8".
  • Implemeted progress bar for prepating html files.
  • More information about what the program is doing. 0.4-20011127

  • Now f2html comes with a new version of from MP3-Info-0.91 by Chris Nandor.
  • Minor Bugfixes.
  • New option to create sql database.
  • New option to create a config file. 0.3-20010628

  • Some checks and corrections for pathnames.
  • Only existing characters are written out at the top of a html file.
  • Rewrite of sum of files and sizes. Important for writing seperate html files for every character.
  • The option -q has been implemented and allows for doing the procedures in a non case sensitive way.
  • The option -j has been implemented. A html file with statistics can be written out. 0.2-20010117

  • The manual has been updated.
  • The option -c has been updated. Now this option can be used more than only one time. So one is able to select file by different extensions. 0.1-20001127

  • Initial release.

back to top

button Whats New
[2005-02-18] mp3riot version 1.3 released
[2004-10-08] mp3riot version 1.2 is out.
[2004-04-30] Added section Bridging
[2004-01-09] working progress on mp3riot version 1.2 takes a lookat the Taiga project management tool. "It started with the team at Kaleidos, a Madrid-based company that builds software for both large corporations and startups. Though much of their time is spent working for clients, several times a year they break off for their own Personal Innovation Weeks (?WEEK). These are weeklong hack-a-thons dedicated to personal improvement and prototyping internal ideas of all sorts. While there, they unanimously decided to solve the biggest of their own problems: project management. Taiga was born, and by early 2014, the team at Kaleidos was already using Taiga for all their internal projects. Taiga Agile, LLC was formed in February 2014 to give the project a formal structure, and the source code was made available at GitHub."
Taiga, a new open source project management tool with focus on usability (

Debianhas updated pidgin(multiple vulnerabilities). Mageiahas updated ctags(denial of service), ejabberd(incorrectly allows unencrypted connections), iceape(multiple vulnerabilities), libxml2(denial of service), lua(code execution), openssl(multiple vulnerabilities), and phpmyadmin(cross-site scripting). Mandrivahas updated ctags(denial of service), ejabberd(incorrectly allows unencrypted connections), java-1.7.0-openjdk(multiple vulnerabilities), libxml2(denial of service), lua(code execution), openssl(multiple vulnerabilities), and phpmyadmin(cross-site scripting). Red Hathas updated kernel(RHEL6.5: denial of service). Ubuntuhas updated openjdk-7(14.10: multiple vulnerabilities).
Friday's security advisories

The openSUSE project has announcedthat the "Factory"and "Tumbleweed"distributions will merge into a single rolling distribution (called "Tumbleweed"). There is also an FAQ postingabout the merger. "With the vast improvements to the Factory development process over the last 2 years, we effectively found ourselves as a project with not one, but two rolling release distributions in addition to our main regular release distribution. GregKH signalled his intention to stop maintaining Tumbleweed as a 'rolling-released based on the current release'. It seemed a natural decision then to bring both the Factory rolling release and Tumbleweed rolling release together, so we can consolidate our efforts and make openSUSE's single rolling release as stable and effective as possible."
openSUSE Factory and Tumbleweed to merge

Matthew Garrett considers the security of Linux containerson his blog. While the attack surface of containers is likely to always be larger than that of hypervisors, that difference may not matter in practice, but it's going to take some work to get there: I suspect containers canbe made sufficiently secure that the attack surface size doesn't matter. But who's going to do that work? As mentioned, modern container deployment tools make use of a number of kernel security features. But there's been something of a dearth of contributions from the companies who sell container-based services. Meaningful work here would include things like: Strong auditing and aggressive fuzzing of containers under realistic configurations Support for meaningful nesting of Linux Security Modules in namespaces Introspection of container state and (more difficult) the host OS itself in order to identify compromises These aren't easy jobs, but they're important, and I'm hoping that the lack of obvious development in areas like this is merely a symptom of the youth of the technology rather than a lack of meaningful desire to make things better. But until things improve, it's going to be far too easy to write containers off as a "convenient, cheap, secure: choose two"tradeoff. That's not a winning strategy.
Garrett: Linux Container Security

On his blog, Christian Schaller announcedthe availability of videos from the recently completed GStreamer Conference. "For those of you who like me missed this years GStreamer Conference the recorded talks are now available online thanks to Ubicast. Ubicast has been a tremendous partner for GStreamer over the years making sure we have high quality talk recordings online shortly after the conference ends. So be sure to check out this years batch of great GStreamer talks."
Schaller: GStreamer Conference 2014 talks online

Ubuntu has announced its latest release: 14.10 "Utopic Unicorn". As usual, it comes with versions for server, desktop, and cloud, along with multiple official "flavors": Kubuntu, Lubuntu, Mythbuntu, Ubuntu GNOME, Ubuntu Kylin, Ubuntu Studio, and Xubuntu. All of the varieties come with a 3.16 kernel and many more new features: "Ubuntu Desktop has seen incremental improvements, with newer versions of GTK and Qt, updates to major packages like Firefox and LibreOffice, and improvements to Unity, including improved High-DPI display support. Ubuntu Server 14.10 includes the Juno release of OpenStack, alongside deployment and management tools that save devops teams time when deploying distributed applications - whether on private clouds, public clouds, x86 or ARM servers, or on developer laptops. Several key server technologies, from MAAS to Ceph, have been updated to new upstream versions with a variety of new features."More information can be found in the release notes.
Ubuntu 14.10 (Utopic Unicorn) released

Fedorahas updated java-1.7.0-openjdk(F19: multiple vulnerabilities) and php(F20: three vulnerabilities). Mandrivahas updated php(BS1.0: code execution). Oraclehas updated java-1.8.0-openjdk(OL6: multiple vulnerabilities) and wireshark(OL5: multiple vulnerabilities). Red Hathas updated openstack-glance(OSP4: denial of service), openstack-heat(OSP4: information leak), openstack-keystone(OSP4: two vulnerabilities), openstack-neutron(OSP4: denial of service), openstack-nova(OSP4: privilege escalation), openstack-packstack(OSP4: unexpected firewall disable), and python-backports-ssl_match_hostname(OSP4: denial of service from 2013). Scientific Linuxhas updated java-1.6.0-openjdk(multiple vulnerabilities), java-1.7.0-openjdk(SL7, SL6; SL5: multiple vulnerabilities), libxml2(SL7, SL6: denial of service), openssh(SL6: two vulnerabilities), rsyslog5 and rsyslog(SL6, SL5: denial of service), trousers(SL6: denial of service from 2012), and wireshark(SL7, SL6; SL5: multiple vulnerabilities). SUSEhas updated kernel(SLE11SP3; SLE11SP3: multiple vulnerabilities, one from 2013). Ubuntuhas updated openjdk-7(14.04: multiple vulnerabilities) and pollinate(14.04: certificate refresh).
Security updates for Thursday

Here's a lengthy ars technica retrospectiveon Ubuntu's first ten years. "As you'll soon see in this look at the desktop distro through the years, Linux observers sensed there was something special about Ubuntu nearly from the start. However, while a Linux OS that genuinely had users in mind was quickly embraced, Ubuntu's ten-year journey since is a microcosm of the major Linux events of the last decade?encompassing everything from privacy concerns and Windows resentment to server expansion and hopes of convergence."
Ten years of Ubuntu (ars technica)

The Weekly Edition for October 23, 2014 is available.
[$] Weekly Edition for October 23, 2014

In a talk entitled "Lies, Damned Lies, and Remotely Hosted Encrypted Data", Kolab Systems CEO Georg Greve outlined the thinking and investigation that the company did before deciding on where to store its customers' encrypted data. The talk, which was given at LinuxCon Europein Düsseldorf, Germany, looked at various decisions that need to be made when determining where and how to store data on the internet. It comes down to a number of factors, including the legal framework of the country in question and physical security for the systems storing the data.
[$] Where to store your encrypted data

CentOShas updated libxml2(C7: denial of service), qemu-kvm(C7: information leak), rsyslog(C5: denial of service), and wireshark(C7; C5: multiple vulnerabilities). Fedorahas updated bugzilla(F20; F19: multiple vulnerabilities), java-1.8.0-openjdk(F19: multiple vulnerabilities), and perl-Mojolicious(F20; F19: parameter injection attack). openSUSEhas updated getmail(13.1, 12.3: multiple vulnerabilities) and wpa_supplicant(13.1; 12.3: command execution). Oraclehas updated kernel(OL6: multiple vulnerabilities), rsyslog(OL6: denial of service), rsyslog7(OL6: denial of service), and wireshark(OL7; OL6: multiple vulnerabilities). Red Hathas updated wireshark(RHEL6,7; RHEL5: multiple vulnerabilities).
Security advisories for Wednesday

[Thomas Gleixner]In a followup to last year's report on the future of realtime Linux, Thomas Gleixner once again summarized the status of the long-running patch set. The intervening year did not result in the industry stepping up to fund further work, which led Gleixner to declare that realtime Linux is now just his hobby. That means new releases will be done as his time allows and may eventually lead to dropping the patch set altogether if the widening gap between mainline and realtime grows too large. Subscribers can click below for the full report of Gleixner's talk at this year's Linux Plumbers Conference.
[$] The future of the realtime patch set

Debianhas updated mysql-5.5(multiple vulnerabilities). Mandrivahas updated bugzilla(multiple vulnerabilities), kernel(multiple vulnerabilities), mediawiki(cross-site scripting), perl(denial of service), python(buffer overflow), and rsyslog(two vulnerabilities). Oraclehas updated qemu-kvm(OL7: information leak) and rsyslog5(OL5: denial of service). Red Hathas updated qemu-kvm(RHEL7: information leak) and rsyslog(RHEL5,6: denial of service). Scientific Linuxhas updated qemu-kvm(SL7: information leak). Slackwarehas updated openssh(SSHFP-checking disabled).
Tuesday's security updates

Version 24.4 of the Emacs editor is out. New features this time around include a built-in web browser (unfortunately named "eww"), better multi-monitor support, the ability to save and restore the state of frames and windows, digital signatures on Emacs Lisp packages, access control list support, and much more. See the NEWS filefor all the details.
Emacs 24.4 released

The Debian Project recently learned that community member Peter Miller died last July. "Peter was a relative newcomer to the Debian project, but his contributions to Free and Open Source Software goes back the the late 1980s. Peter was significant contributor to GNU gettext as well as being the main upstream author and maintainer of other projects that ship as part of Debian, including, but not limited to srecord, aegis and cook. Peter was also the author of the paper "Recursive Make Considered Harmful"."
Debian Project mourns the loss of Peter Miller

Node.js qs Module Denial of Service Vulnerability
Vuln: Node.js qs Module Denial of Service Vulnerability

systemd-shim Local Denial of Service Vulnerability
Vuln: systemd-shim Local Denial of Service Vulnerability

Microsoft Windows CVE-2014-6352 OLE Remote Code Execution Vulnerability
Vuln: Microsoft Windows CVE-2014-6352 OLE Remote Code Execution Vulnerability

GNU glibc '__gconv_translit_find()' Function Local Heap Based Buffer Overflow Vulnerability
Vuln: GNU glibc '__gconv_translit_find()' Function Local Heap Based Buffer Overflow Vulnerability

[ MDVSA-2014:209 ] java-1.7.0-openjdk
Bugtraq: [ MDVSA-2014:209 ] java-1.7.0-openjdk

[ MDVSA-2014:208 ] phpmyadmin
Bugtraq: [ MDVSA-2014:208 ] phpmyadmin

[ MDVSA-2014:207 ] ejabberd
Bugtraq: [ MDVSA-2014:207 ] ejabberd

[ MDVSA-2014:206 ] ctags
Bugtraq: [ MDVSA-2014:206 ] ctags

News, Infocus, Columns, Vulnerabilities, Bugtraq ...
More rss feeds from SecurityFocus