Issues on Linux and Security
button Other -->

mp3riot (formerly known as


I decided to rename into mp3riot. the reason is, that the name does not clearly indicate, for what the program is best suited for. Because the program has grown so much (and because the the name should be more attractive to get more users), a renaming seems to be a must to me.

There are some important news about mp3riot / f2htmlpl. Please see the NEWS for further details.


Mp3riot (formerly known as is a command line utility that searches recursively through directories, builds a file list (with additional file information), and generates html files, plylists, etc. The output can be controlled, links can be corrected, and more. The script is mainly desigend to create Web pages, playlists, and databases for mp3-files, but can also used for other purposes.

Read the manual for further details.

Main Features:

  • supports playlists in m3u, pls, and xml format
  • supports sql output
  • creates html pages, templates can be used
  • supports advanced grouping methods
  • supports slection by date ranges, file extensions, and by random
  • supports renaming of mp3 files using id3tag information, templates or guessing can be used
  • advanced string manipulation methods
  • and much more ...


Latest version:

Older versions of mp3riot /

For Windows-Users:

You can also download a windows executable compiled with perl2exe. Then you need not to install perl. But I have not testet the functionality of the executable in detail. So it is best to use perl and the source of mp3riot!

Windows binaries of mp3riot:


perl mp3riot [options]

  • -h, --help: Show this screen and exit
  • -k, --mkconf:Use an assistant to write a config file
  • -o, --os win/unix: Default "unix", otherwise windows
  • -Q, --sortby value: Default is NAME (the filename). You can sort the filelist by the following criteria: URLNAME, SHOWNAME, DIR, NAME, TITLE, ARTIST, ALBUM, YEAR, COMMENT, GENRE, TRACKNUM, SIZE, MODTIME, VBR, BITRATE, FREQUENCY, MINUTES, SECONDS, FIRSTCHAR
  • -n, --doublicates: Check for doublicates of files by their filename
  • -D, --md5doublicates: Check for doublicates of files by their MD5 sum
  • -V, --seekvalues <n,+-n,n>: Three values that have to be seperated by ",". This is an useful option for --md5doublicates. The first one is the offset in bytes, the second is the number of bytes to seek (and the direction), and the last value tells the program where to start from (1 means to start from the begining of a file, 2 means to start from the end of a file. So, a combination of 1000,-1128,2 tells the programm to start 1128 bytes before the file ends (id3v1 tag is 128 bytes long!) and use 1000 bytes for calculation of md5 sums.
  • -b, --dbfile file: Write database to a file for searching it
  • -m --m3u file: Write a m3u playlist file. Directory and filename or GROUPPATH for writing m3u files for groups.
  • -X --xml file: Write a xml playlist file. Directory and filename or GROUPPATH for writing xml files for groups.
  • -L --pls file: Write a pls playlist file. Directory and filename or GROUPPATH for writing pls files for groups.
  • -W, --b4s file: Write a b4s playlist file. Directory and filename or GROUPPATH for writing b4s files for groups.
  • -t, --html file: Write a html file. Directory and filename or GROUPPATH for writing html files for groups.
  • -a, --http name: Define the http address for url
  • -r, --remove: Remove id3tags (do you know what you are doing?)
  • -i, --mp3info: Use mp3/ogg info for html output
  • -e, --ext: Remove file extensions in html output
  • -f, --filesize: Use filesize for html output
  • -c, --check ext: Select files by their extension(s) (e.g. mp3). For every extension use a seperate flag!
  • -z, --skip number: Skip n elements of mount/directories/names
  • -p, --conf file: Use a config file
  • -w, --utf8 file: File with UTF-8 code for replacements in links
  • -q, --nocs: Do sorting not case sensitive
  • -j, --statfile file: Write statistics to file
  • -d, --dir directory: Define the (multiple) directory(ies) the mp3s are stored in. For every directory use a seperate flag!
  • -g, --sql file: Filename to store sql table in (only for mp3 and ogg!)
  • -y, --replace file: Name of replacement file; in the file use <string_1>=<string_2> to transform <string_1> into <string_2>; special characters like a backslash have to be preceeded by a backslash "\\" (used for directories)
  • -s, --seperate path: Write seperate html files for every character
  • -R, --rename: Renames mp3 and ogg file using their id3tag. The use of rename_template in the configfile is optional. If rename_template is not used, the program tries to create a filename like: ARTIST - ALBUM - TRACKNUMBER - TITLE by using the id3tag. It assumes, that the filenames have a similar format and tries to guess, whether the id3tag has enough information to create a better filename. Old and new filenames are stored in RENAME.bak
  • -B, --renameback: Renames files back using the file RENAME.bak
  • -T, --templatesHtml templates are used. They have to be defined in the conmfig file using the commands html_head, html_change, html_body, html_footer, html_sep_head. See the README for avalable templates!
  • -G, --groupfile file: Filename for grouping information: <groupname1>=<TYPE>=<string1>,<string2>,...
  • -P, --grouppath path: The path, where to write the html files for group
  • -O, --older number: Only files are selected, having a modification time higher than the specified days
  • -Y, --younger number: Only files are selected, having a modification time less than the specified days
  • -I, --id3tag: Use the id3 tag to get infos
  • -S, --random number: Percentage of file to select randomly (e.g. 50 to select 50% of files/every second file)
You can use nearly all commands in a config file (and it is the best to do it this way!). The syntax then changes sligthly, so that, for example, --dir changes to dir=
Additionally, in the config file it is possible to use the commands:
  • exec= param: Execute system command. This command can be used multiple times
  • rename_template=string:string with templates for renaming files by their id3tag (to be used together with --rename)
    The following rename templates are available: **TITLE**, **ARTIST**, **ALBUM**, **YEAR**, **COMMENT**, **GENRE**. **TRACKNUM**
  • html_head= string: Html code for the head
  • html_change= string: Html code if the first character between two file names change
  • html_body= string: Html code for each filename
  • html_footer= string: Html code for the foot
  • html_sep_head= string: Html code for the head seperate html files by first character
    The following html templates are available: **SUMOFFILES**, **SUMOFMEGS**, **DATE**, **URLNAME**, **SHOWNAME**, **DIR**, **NAME**, **TITLE**, **ARTIST**, **ALBUM**, **YEAR**, **COMMENT**, **GENRE**, **TRACKNUM**, **SIZE**, **MODTIME**, **VBR**, **BITRATE**, **FREQUENCY**, **MINUTES**, **SECONDS**, **HTMLINDEX**, **FIRSTCHAR**


mp3riot 1.3-20041220

  • extended grouping fuction for all playlistfiles
  • renaming of special characters for filenames og groups
  • support of b4s playlistformat
  • sorting of filelist by various criterias of id3tag, mp3 and
  • file information (e.g. ARTIST, BITRATE etc.)
  • extended output of doublicate function by diretory names
  • added FIRSTCHAR as a value for grouping

mp3riot 1.2-20041007

  • Fixed bug in sql output
  • Flexible search for doublicate files using md5 sums
  • search for doublicates by filenames seperated from search function
  • fixed bug in xml output
  • filesize in html output is now rouded
  • replaced progress bar by counter in percentage
  • added counter for collected files
  • fixed bug in index in html output
  • fixed bug in html output for grouping
  • extended grouping function by new type EQUAL
  • bugfix in pls output

mp3riot 1.1-20030728

  • Renamed into mp3riot
  • Fixed output of playlist in M3U format, so that the M3U file is now containing full information
  • Fixed bug for retreaving the TITLE of an id3tag
  • Added output of playlist in XML format
  • Added output of playlist in PLS format
  • Added random fileselection for random playlists
  • Added the tracknumber for sql output
  • Added **TRACKNUM** (tracknumber) and as a template variable for html output
  • Added TRACKNUM (tracknumber) as a variable for groupings
  • Added tracknumber and comment for db output
  • Fixed bug in renaming function when special characters are present in the id3tag
  • Added rename_template to do renaming of files using their id3tag in a flexible way
  • Fixed a bug in renameback 1.0-20030319

  • Fixed some smaller bugs
  • Rebuild the internal data structure completely
  • Removed option for fast sorting (not necessary any more)
  • Implemented selection of files by their modification time (younger and/or older than days from now)
  • Implemented grouping of files by string matching between group defninitions by various types
  • Implemented variable html-code dsefinitions and templates
  • Changed definition for string replacement
  • now comes with a new version of from MP3-Info-1.02 by Chris Nandor
  • The use of the id3tag for sql and html output is now optional
  • Manpage is not supported any more. 0.9-20030313

  • Fixed a commandline parameter bug where the parameters were handled non case sensitive. Now there are handled case sensitive. As a result the functions RENAME and RENAMEBACK did not work when called with the short command line argument.
  • Fixed a commandline parameter bug that occured with Perl 5.8.0 and Getopt::Long 2.32. The -s flag in line 1 of the perl script causes the program to count the command line parameters in an usual way, so that command line parameters got disturbed and did not work any more. 0.8-20021105

  • Some changes in the documentation.
  • New option to rename files using their id3tag.
  • New option to rename files back.
  • Some code fixes.
  • Usage of the replace option has changed. 0.7-20021016

  • Bug for the option "check" in config file and configuration wizard fixed
  • Bug for the check of the mp3 extension when mp3info was enabled fixed.
  • Bug of sum of megs in html output fixed.
  • Bug in mp3table.sql fixed.
  • Basic ogg vorbis support implemented (thanks to Jens Burkal). 0.6-20020718

  • New method (experimental) for faster sorting. Useful for indexing huge number of files or mp3 files with additional information.
  • New option for checking for dublicates of filenames.
  • Now comes wioth a new version of from MP3-Info-1.01 by Chris Nandor. 0.5-20020626

  • Fixed problem with sql data output when files contain the charakter " ' ".
  • Name of option "hex" changed to "utf8".
  • Implemeted progress bar for prepating html files.
  • More information about what the program is doing. 0.4-20011127

  • Now f2html comes with a new version of from MP3-Info-0.91 by Chris Nandor.
  • Minor Bugfixes.
  • New option to create sql database.
  • New option to create a config file. 0.3-20010628

  • Some checks and corrections for pathnames.
  • Only existing characters are written out at the top of a html file.
  • Rewrite of sum of files and sizes. Important for writing seperate html files for every character.
  • The option -q has been implemented and allows for doing the procedures in a non case sensitive way.
  • The option -j has been implemented. A html file with statistics can be written out. 0.2-20010117

  • The manual has been updated.
  • The option -c has been updated. Now this option can be used more than only one time. So one is able to select file by different extensions. 0.1-20001127

  • Initial release.

back to top

button Whats New
[2005-02-18] mp3riot version 1.3 released
[2004-10-08] mp3riot version 1.2 is out.
[2004-04-30] Added section Bridging
[2004-01-09] working progress on mp3riot version 1.2
Arch Linuxhas updated firefox(multiple vulnerabilities). CentOShas updated firefox(C5; C6; C7: multiple vulnerabilities) and thunderbird(C5; C6; C7: multiple vulnerabilities). Debian-LTShas updated openjdk-6(multiple vulnerabilities) and zendframework(XML External Entity attack). Fedorahas updated maradns(F21; F22: denial of service), openssh(F21: multiple vulnerabilities), php-guzzle-Guzzle(F21; F22: XML External Entity attack), php-twig(F22: code execution), php-ZendFramework2(F21; F22: XML External Entity attack), rt(F21; F22: cross-site scripting), and rubygem-rack(F21: denial of service). Mageiahas updated drupal(M4,5: multiple vulnerabilities), python-django, python-django14(M4,5: multiple vulnerabilities), subversion(M4,5: multiple vulnerabilities), thunderbird(M4,5: multiple vulnerabilities), and vlc(M4,5: code execution). Oraclehas updated firefox(O5; O6; O7: multiple vulnerabilities). Red Hathas updated firefox(RHEL: multiple vulnerabilities). SUSEhas updated MozillaFirefox, mozilla-nss(SLE11: multiple vulnerabilities). Ubuntuhas updated cups-filters(15.04: unintended printer access) and firefox(12.04, 14.04, 15.04: multiple vulnerabilities).
Friday's security updates

The Electronic Frontier Foundation has announcedthe recipients of its Pioneer Awards for 2015: Caspar Bowden, The Citizen Lab, Annriette Esterhuysen and the Association for Progressive Communications, and Kathy Sierra. "This extraordinary group of winners have all focused on the users, striving to give everyone the access, power, community, and protection they need in order to create and participate in our digital world."
The 2015 EFF Pioneer Awards

KDE.News looks at KDE sprintsand their benefits. The organization is doing some fundraisingto help support its sprints, so it is trying get the word out about these code-focused events: "To start with, KDE sprints are intensive sessions centered around coding. They take place in person over several days, during which time skillful developers eat, drink and sleep code. There are breaks to refresh and gain perspective, but mostly sprints involve hard, focused work. All of this developer time and effort is unpaid. However travel expenses for some developers are covered by KDE. KDE is a frugal organization with comparatively low administrative costs, and only one paid person who works part time. So the money donated for sprints goes to cover actual expenses. Who gets the money? Almost all of it goes to transportation companies."
KDE Sprints - who wins? (KDE.News)

Debianhas updated php5(multiple vulnerabilities). Debian-LTShas updated pykerberos(authentication botch) and python-django(two vulnerabilities). Fedorahas updated mariadb(F21: unspecified). Mageiahas updated cgit(code execution from 2014). Ubuntuhas updated qemu, qemu-kvm(multiple vulnerabilities, including one from 2014).
Security updates for Thursday

The developers of the Grsecurity kernel-hardening patch set have announcedthat, due to claimed ongoing GPL and trademark violations, the public distribution of the "stable"series of patches will stop. "We decided that it is unfair to our sponsors that the above mentioned unlawful players can get away with their activity. Therefore, two weeks from now, we will cease the public dissemination of the stable series and will make it available to sponsors only. The test series, unfit in our view for production use, will however continue to be available to the public to avoid impact to the Gentoo Hardened and Arch Linux communities."
Grsecurity stable patches to be limited to sponsors

The Weekly Edition for August 27, 2015 is available.
[$] Weekly Edition for August 27, 2015

Arch Linuxhas updated gnutls(denial of service), jasper(denial of service), pcre(code execution), and python-django(denial of service). CentOShas updated httpd(C7: two vulnerabilities) and mariadb(C7: multiple vulnerabilities). Debianhas updated twig(code execution). Debian-LTShas updated ruby1.8(information disclosure) and ruby1.9.1(information disclosure). Mageiahas updated gnutls(MG4,5: two vulnerabilities), vlc(MG5: code execution), and wireshark(MG4,5: multiple vulnerabilities). Oraclehas updated thunderbird(OL7; OL6: multiple vulnerabilities). Ubuntuhas updated gdk-pixbuf(15.04, 14.04, 12.04: code execution).
Security updates for Wednesday

[Hershey font sample]At the 2015 edition of TypeConin Denver, Adobe's Frank Grie▀hammer presented his work reviving the famous Hershey fontsfrom the Mid-Century era of computing. The original fonts were tailor-made for early vector-based output devices but, although they have retained a loyal following (often as a historical curiosity), they have never before been produced as an installable digital font.
[$] Reviving the Hershey fonts

Version 1.5 of the Go languagehas been released. "This release includes significant changes to the implementation. The compiler tool chain was translated from C to Go, removing the last vestiges of C code from the Go code base. The garbage collector was completely redesigned, yielding a dramatic reduction [PDF]in garbage collection pause times. Related improvements to the scheduler allowed us to change the default GOMAXPROCSvalue (the number of concurrently executing goroutines) from 1 to the number of available CPUs. Changes to the linker enable distributing Go packages as shared libraries to link into Go programs, and building Go packages into archives or shared libraries that may be linked into or loaded by C programs (design doc)."
Go 1.5 released wishes Linuxa happy 24th birthday, with a brief timeline of Linux history. "There's some debate in the Linux community as to whether we should be celebrating Linux's birthday today or on October 5 when the first public release was made, but Linus says he is O.K. with you celebrating either one, or both! So as we say happy birthday, let's take a quick look back at the years that have passed and how far we have come."
Happy 24th birthday, Linux kernel (

KDE has releasedPlasma 5.4 with some new features. "This release of Plasma brings many nice touches for our users such as much improved high DPI support, KRunner auto-completion and many new beautiful Breeze icons. It also lays the ground for the future with a tech preview of Wayland session available. We're shipping a few new components such as an Audio Volume Plasma Widget, monitor calibration tool and the User Manager tool comes out beta."
KDE Ships Plasma 5.4.0, Feature Release for August

CentOShas updated httpd(C6: denial of service) and nss(C5: two vulnerabilities). Oraclehas updated httpd(OL7; OL6: denial of service), mariadb(OL7: multiple unspecified vulnerabilities), and nss(OL5: two vulnerabilities). Red Hathas updated httpd(RHEL7; RHEL6: HTTP request smuggling), httpd24-httpd(RHSCL2: multiple vulnerabilities), libunwind(RHELOSP6: buffer overflow), mariadb(RHEL7: multiple vulnerabilities), nss(RHEL5: two vulnerabilities), openstack-neutron(RHELOSP6: denial of service), openstack-swift(RHELOSP6; RHELOSP5: arbitrary object deletion), python-django(RHELOSP6; RHELOSP5: denial of service), python-django-horizon(RHELOSP6: cross-site scripting), python-keystoneclient(RHELOSP6; RHELOSP5: two vulnerabilities), qemu-kvm-rhev(RHELOSP6; RHELOSP5: information leak), redis(RHELOSP6: code execution), and thunderbird(RHEL5,6,7: multiple vulnerabilities). Scientific Linuxhas updated httpd(SL7; SL6: denial of service), mariadb(SL7: multiple vulnerabilities), nss(SL5: two vulnerabilities), and thunderbird(SL5,6,7: multiple vulnerabilities). Ubuntuhas updated thunderbird(15.04, 14.04, 12.04: multiple vulnerabilities).
Tuesday's security updates has an interview with Dustin Kirklandof Canonical's Ubuntu Product and Strategy team, about Ubuntu on the mainframe and more. "Canonical is doing a lot of different things in the enterprise space, to solve different problems. One of the interesting works going on at Canonical is Fan networking. We all know that the world is running out of IPv4 addresses (or already has). The obvious solution to this problem is IPv6, but it?s not universally available. Kirkland said, "There are still places where IPv6 doesn't exist -- little places like Amazon web services where you end up finding lots of containers."The problem multiplies as many instances in cloud need IP addresses. "Each of those instances can run hundreds of containers, each of those containers then needs to be addressable,"said Kirkland."
Ubuntu on the Mainframe: Interview with Canonical's Dustin Kirkland (

Debian-LTShas updated extplorer(cross-site scripting), roundup(multiple vulnerabilities), and wesnoth-1.8(information leak). Mageiahas updated libcryptopp(MG4,5: information disclosure), mediawiki(MG4,5: multiple vulnerabilities), openssh(MG4,5: multiple vulnerabilities), php(MG5; MG4: multiple vulnerabilities), and x11-server(MG5: permission bypass). openSUSEhas updated wireshark(13.2: multiple vulnerabilities) and xfsprogs(13.2, 13.1: information disclosure). Red Hathas updated rh-ruby22-ruby(RHSCL2: DNS hijacking). Slackwarehas updated gnutls(denial of service). SUSEhas updated glibc(SLE11SP3,4: multiple vulnerabilities) and kvm(SLE11SP2: two vulnerabilities).
Security advisories for Monday

In the end, Linus decided to hold off one more week and release 4.2-rc8instead of the final 4.2 kernel. "It's not like there are any real outstanding issues, and I waffled between just doing the release and doing another -rc. But we did have another low-level x86 issue come up this week, and together with the fact that a number of people are on vacation, I decided that waiting an extra week isn't going to hurt. But it was close. It's a fairly small rc8, and I really feel like it could have gone either way."
Kernel prepatch 4.2-rc8

SSL/TLS RC4 CVE-2015-2808 Information Disclosure Weakness
Vuln: SSL/TLS RC4 CVE-2015-2808 Information Disclosure Weakness

Symantec Endpoint Protection Manager CVE-2015-1487 Arbitrary File Write Vulnerability
Vuln: Symantec Endpoint Protection Manager CVE-2015-1487 Arbitrary File Write Vulnerability

Linux Kernel 'perf_callchain_user_64()' Function Denial of Service Vulnerability
Vuln: Linux Kernel 'perf_callchain_user_64()' Function Denial of Service Vulnerability

Adobe Flash Player and AIR APSB15-19 Multiple Use After Free Remote Code Execution Vulnerabilities
Vuln: Adobe Flash Player and AIR APSB15-19 Multiple Use After Free Remote Code Execution Vulnerabilities

Re: UAC Bypass Vulnerability on "Windows 7" in Windows Script Host
Bugtraq: Re: UAC Bypass Vulnerability on "Windows 7"in Windows Script Host

[SECURITY] [DSA 3344-1] php5 security update
Bugtraq: [SECURITY] [DSA 3344-1] php5 security update

[security bulletin] HPSBGN03402 rev.2 - HP Performance Manager, Remote Disclosure of Information
Bugtraq: [security bulletin] HPSBGN03402 rev.2 - HP Performance Manager, Remote Disclosure of Information

UAC Bypass Vulnerability on "Windows 7" in Windows Script Host
Bugtraq: UAC Bypass Vulnerability on "Windows 7"in Windows Script Host

News, Infocus, Columns, Vulnerabilities, Bugtraq ...
More rss feeds from SecurityFocus