Issues on Linux and Security
button Other -->

mp3riot (formerly known as


I decided to rename into mp3riot. the reason is, that the name does not clearly indicate, for what the program is best suited for. Because the program has grown so much (and because the the name should be more attractive to get more users), a renaming seems to be a must to me.

There are some important news about mp3riot / f2htmlpl. Please see the NEWS for further details.


Mp3riot (formerly known as is a command line utility that searches recursively through directories, builds a file list (with additional file information), and generates html files, plylists, etc. The output can be controlled, links can be corrected, and more. The script is mainly desigend to create Web pages, playlists, and databases for mp3-files, but can also used for other purposes.

Read the manual for further details.

Main Features:

  • supports playlists in m3u, pls, and xml format
  • supports sql output
  • creates html pages, templates can be used
  • supports advanced grouping methods
  • supports slection by date ranges, file extensions, and by random
  • supports renaming of mp3 files using id3tag information, templates or guessing can be used
  • advanced string manipulation methods
  • and much more ...


Latest version:

Older versions of mp3riot /

For Windows-Users:

You can also download a windows executable compiled with perl2exe. Then you need not to install perl. But I have not testet the functionality of the executable in detail. So it is best to use perl and the source of mp3riot!

Windows binaries of mp3riot:


perl mp3riot [options]

  • -h, --help: Show this screen and exit
  • -k, --mkconf:Use an assistant to write a config file
  • -o, --os win/unix: Default "unix", otherwise windows
  • -Q, --sortby value: Default is NAME (the filename). You can sort the filelist by the following criteria: URLNAME, SHOWNAME, DIR, NAME, TITLE, ARTIST, ALBUM, YEAR, COMMENT, GENRE, TRACKNUM, SIZE, MODTIME, VBR, BITRATE, FREQUENCY, MINUTES, SECONDS, FIRSTCHAR
  • -n, --doublicates: Check for doublicates of files by their filename
  • -D, --md5doublicates: Check for doublicates of files by their MD5 sum
  • -V, --seekvalues <n,+-n,n>: Three values that have to be seperated by ",". This is an useful option for --md5doublicates. The first one is the offset in bytes, the second is the number of bytes to seek (and the direction), and the last value tells the program where to start from (1 means to start from the begining of a file, 2 means to start from the end of a file. So, a combination of 1000,-1128,2 tells the programm to start 1128 bytes before the file ends (id3v1 tag is 128 bytes long!) and use 1000 bytes for calculation of md5 sums.
  • -b, --dbfile file: Write database to a file for searching it
  • -m --m3u file: Write a m3u playlist file. Directory and filename or GROUPPATH for writing m3u files for groups.
  • -X --xml file: Write a xml playlist file. Directory and filename or GROUPPATH for writing xml files for groups.
  • -L --pls file: Write a pls playlist file. Directory and filename or GROUPPATH for writing pls files for groups.
  • -W, --b4s file: Write a b4s playlist file. Directory and filename or GROUPPATH for writing b4s files for groups.
  • -t, --html file: Write a html file. Directory and filename or GROUPPATH for writing html files for groups.
  • -a, --http name: Define the http address for url
  • -r, --remove: Remove id3tags (do you know what you are doing?)
  • -i, --mp3info: Use mp3/ogg info for html output
  • -e, --ext: Remove file extensions in html output
  • -f, --filesize: Use filesize for html output
  • -c, --check ext: Select files by their extension(s) (e.g. mp3). For every extension use a seperate flag!
  • -z, --skip number: Skip n elements of mount/directories/names
  • -p, --conf file: Use a config file
  • -w, --utf8 file: File with UTF-8 code for replacements in links
  • -q, --nocs: Do sorting not case sensitive
  • -j, --statfile file: Write statistics to file
  • -d, --dir directory: Define the (multiple) directory(ies) the mp3s are stored in. For every directory use a seperate flag!
  • -g, --sql file: Filename to store sql table in (only for mp3 and ogg!)
  • -y, --replace file: Name of replacement file; in the file use <string_1>=<string_2> to transform <string_1> into <string_2>; special characters like a backslash have to be preceeded by a backslash "\\" (used for directories)
  • -s, --seperate path: Write seperate html files for every character
  • -R, --rename: Renames mp3 and ogg file using their id3tag. The use of rename_template in the configfile is optional. If rename_template is not used, the program tries to create a filename like: ARTIST - ALBUM - TRACKNUMBER - TITLE by using the id3tag. It assumes, that the filenames have a similar format and tries to guess, whether the id3tag has enough information to create a better filename. Old and new filenames are stored in RENAME.bak
  • -B, --renameback: Renames files back using the file RENAME.bak
  • -T, --templatesHtml templates are used. They have to be defined in the conmfig file using the commands html_head, html_change, html_body, html_footer, html_sep_head. See the README for avalable templates!
  • -G, --groupfile file: Filename for grouping information: <groupname1>=<TYPE>=<string1>,<string2>,...
  • -P, --grouppath path: The path, where to write the html files for group
  • -O, --older number: Only files are selected, having a modification time higher than the specified days
  • -Y, --younger number: Only files are selected, having a modification time less than the specified days
  • -I, --id3tag: Use the id3 tag to get infos
  • -S, --random number: Percentage of file to select randomly (e.g. 50 to select 50% of files/every second file)
You can use nearly all commands in a config file (and it is the best to do it this way!). The syntax then changes sligthly, so that, for example, --dir changes to dir=
Additionally, in the config file it is possible to use the commands:
  • exec= param: Execute system command. This command can be used multiple times
  • rename_template=string:string with templates for renaming files by their id3tag (to be used together with --rename)
    The following rename templates are available: **TITLE**, **ARTIST**, **ALBUM**, **YEAR**, **COMMENT**, **GENRE**. **TRACKNUM**
  • html_head= string: Html code for the head
  • html_change= string: Html code if the first character between two file names change
  • html_body= string: Html code for each filename
  • html_footer= string: Html code for the foot
  • html_sep_head= string: Html code for the head seperate html files by first character
    The following html templates are available: **SUMOFFILES**, **SUMOFMEGS**, **DATE**, **URLNAME**, **SHOWNAME**, **DIR**, **NAME**, **TITLE**, **ARTIST**, **ALBUM**, **YEAR**, **COMMENT**, **GENRE**, **TRACKNUM**, **SIZE**, **MODTIME**, **VBR**, **BITRATE**, **FREQUENCY**, **MINUTES**, **SECONDS**, **HTMLINDEX**, **FIRSTCHAR**


mp3riot 1.3-20041220

  • extended grouping fuction for all playlistfiles
  • renaming of special characters for filenames og groups
  • support of b4s playlistformat
  • sorting of filelist by various criterias of id3tag, mp3 and
  • file information (e.g. ARTIST, BITRATE etc.)
  • extended output of doublicate function by diretory names
  • added FIRSTCHAR as a value for grouping

mp3riot 1.2-20041007

  • Fixed bug in sql output
  • Flexible search for doublicate files using md5 sums
  • search for doublicates by filenames seperated from search function
  • fixed bug in xml output
  • filesize in html output is now rouded
  • replaced progress bar by counter in percentage
  • added counter for collected files
  • fixed bug in index in html output
  • fixed bug in html output for grouping
  • extended grouping function by new type EQUAL
  • bugfix in pls output

mp3riot 1.1-20030728

  • Renamed into mp3riot
  • Fixed output of playlist in M3U format, so that the M3U file is now containing full information
  • Fixed bug for retreaving the TITLE of an id3tag
  • Added output of playlist in XML format
  • Added output of playlist in PLS format
  • Added random fileselection for random playlists
  • Added the tracknumber for sql output
  • Added **TRACKNUM** (tracknumber) and as a template variable for html output
  • Added TRACKNUM (tracknumber) as a variable for groupings
  • Added tracknumber and comment for db output
  • Fixed bug in renaming function when special characters are present in the id3tag
  • Added rename_template to do renaming of files using their id3tag in a flexible way
  • Fixed a bug in renameback 1.0-20030319

  • Fixed some smaller bugs
  • Rebuild the internal data structure completely
  • Removed option for fast sorting (not necessary any more)
  • Implemented selection of files by their modification time (younger and/or older than days from now)
  • Implemented grouping of files by string matching between group defninitions by various types
  • Implemented variable html-code dsefinitions and templates
  • Changed definition for string replacement
  • now comes with a new version of from MP3-Info-1.02 by Chris Nandor
  • The use of the id3tag for sql and html output is now optional
  • Manpage is not supported any more. 0.9-20030313

  • Fixed a commandline parameter bug where the parameters were handled non case sensitive. Now there are handled case sensitive. As a result the functions RENAME and RENAMEBACK did not work when called with the short command line argument.
  • Fixed a commandline parameter bug that occured with Perl 5.8.0 and Getopt::Long 2.32. The -s flag in line 1 of the perl script causes the program to count the command line parameters in an usual way, so that command line parameters got disturbed and did not work any more. 0.8-20021105

  • Some changes in the documentation.
  • New option to rename files using their id3tag.
  • New option to rename files back.
  • Some code fixes.
  • Usage of the replace option has changed. 0.7-20021016

  • Bug for the option "check" in config file and configuration wizard fixed
  • Bug for the check of the mp3 extension when mp3info was enabled fixed.
  • Bug of sum of megs in html output fixed.
  • Bug in mp3table.sql fixed.
  • Basic ogg vorbis support implemented (thanks to Jens Burkal). 0.6-20020718

  • New method (experimental) for faster sorting. Useful for indexing huge number of files or mp3 files with additional information.
  • New option for checking for dublicates of filenames.
  • Now comes wioth a new version of from MP3-Info-1.01 by Chris Nandor. 0.5-20020626

  • Fixed problem with sql data output when files contain the charakter " ' ".
  • Name of option "hex" changed to "utf8".
  • Implemeted progress bar for prepating html files.
  • More information about what the program is doing. 0.4-20011127

  • Now f2html comes with a new version of from MP3-Info-0.91 by Chris Nandor.
  • Minor Bugfixes.
  • New option to create sql database.
  • New option to create a config file. 0.3-20010628

  • Some checks and corrections for pathnames.
  • Only existing characters are written out at the top of a html file.
  • Rewrite of sum of files and sizes. Important for writing seperate html files for every character.
  • The option -q has been implemented and allows for doing the procedures in a non case sensitive way.
  • The option -j has been implemented. A html file with statistics can be written out. 0.2-20010117

  • The manual has been updated.
  • The option -c has been updated. Now this option can be used more than only one time. So one is able to select file by different extensions. 0.1-20001127

  • Initial release.

back to top

button Whats New
[2005-02-18] mp3riot version 1.3 released
[2004-10-08] mp3riot version 1.2 is out.
[2004-04-30] Added section Bridging
[2004-01-09] working progress on mp3riot version 1.2
In May, we notedthe problems that GIMP and other free-software projects have encountered of late with the SourceForge project-hosting service. While there are plenty of alternative hosting providers to choose from, some developers will likely always prefer to self-host their projects—precisely because an outside service provider can make just such an abrupt or surprising about-face. Gogsis one option for those taking the self-hosting approach: it provides a web-based front-end to a GitHub-like hosting service. Gogs offers quite a few features, but its choice of GitHub-like qualities may not be to everyone's tastes.
[$] Self-hosting projects with Gogs

The ownCloud 8.1 releaseis out. "This release marks significant under the hood improvements, such as increasing scalability and performance of syncing and file operations while making ownCloud a better platform for developers to build upon. Security enhancements, integrated documentation links, more control in the admin panel over external storage, LDAP and encryption make ownCloud more secure and easier to use."See the release notesfor details.
ownCloud 8.1 released

Arch Linuxhas updated ntp(denial of service). CentOShas updated firefox(C7; C6; C5: multiple vulnerabilities). Debianhas updated cups-filters(code execution) and libwmf(code execution). Gentoohas updated exiv2(denial of service), icu(code execution), libvncserver(multiple vulnerabilities), libxml2(denial of service), sqlite(three vulnerabilities), tor(denial of service), and unrtf(code execution). Red Hathas updated abrt(RHEL6: multiple vulnerabilities) and kernel(RHEL6.4: privilege escalation). Ubuntuhas updated haproxy(15.04, 14.10: information leak), kernel(15.04; 14.10; 14.04; 12.04: multiple vulnerabilities), linux-lts-trusty(12.04: multiple vulnerabilities), linux-lts-utopic(14.04: multiple vulnerabilities), linux-lts-vivid(14.04: multiple vulnerabilities), and linux-ti-omap4(12.04: privilege escalation).
Security updates for Tuesday

Greg KH has released two new stable kernels; 3.14.47and 3.10.83. Both contain important fixes.
Stable kernel updates

Arch Linuxhas updated haproxy(information leak) and openssh(restriction bypass). Debianhas updated haproxy(information leak) and iceweasel(multiple vulnerabilities). Debian-LTShas updated aptdaemon(information leak) and virtualbox-ose(multiple vulnerabilities). Fedorahas updated ansible(F22; F21: two vulnerabilities), mariadb(F22: man-in-the-middle attack), pam(F21: denial of service), and trafficserver(F22; F21: several vulnerabilities). Gentoohas updated chrony(multiple vulnerabilities). Mageiahas updated chromium-browser(MG4,5: multiple vulnerabilities), coreutils(MG4: memory handling error), curl(MG5: information disclosure), filezilla(MG4,5: cipher-downgrade attacks), firefox(MG4,5: multiple vulnerabilities), libwmf(MG4,5: multiple vulnerabilities), mysql-connector-java(MG4: information disclosure), owncloud-client(MG4,5: man-in-the-middle attack), pam(MG4,5: denial of service), pcre(MG5: information leak), php(MG4: multiple vulnerabilities), polkit(MG4,5: multiple vulnerabilities), tidy(MG4: buffer overflow), and wireshark(MG5: denial of service). openSUSEhas updated php5(13.2, 13.1: multiple vulnerabilities) and phpMyAdmin(13.2, 13.1: three vulnerabilities). Scientific Linuxhas updated firefox(SL5,6,7: multiple vulnerabilities). SUSEhas updated OpenSSL(SLE11SP3; SLED11SP3, SLES10SP4; SLES11SP2; SLES10SP4: multiple vulnerabilities). Ubuntuhas updated cups-filters(15.04, 14.10, 14.04, 12.04: code execution) and php5(15.04, 14.10, 14.04, 12.04: multiple vulnerabilities).
Security advisories for Monday

The 2015 Kernel Summit will be held October 26-28 in Seoul, South Korea; the call for discussion proposals is out now. Now would be a good time for those who would like to attend the Summit to come up with a good topic and get the discussion going. Proposals are due by July 31.
Kernel Summit 2015: Call for Proposals

Linus has released 4.2-rc1and closed the merge window for this development cycle. As Linus explains, 4.2 may, in the end, not end up being the development cycle with the most commits ever, but there is still a lot going on. "However, if you count the size in pure number of lines changed, this really seems to be the biggest rc we've ever had, with over a million lines added (and about a quarter million removed). That beats the previous champion (3.11-rc1) that was huge mainly due to Lustre being added to the staging tree."The source of the biggest chunk of those new lines is the new amdgpu graphics driver.
Kernel prepatch 4.2-rc1

Firefox 39 has been releasedfor both desktop and mobile systems. The new features include a social sharingtool for the Firefox Hellovideo chat subsystem. It is designed to make it easier to share Firefox Hello chat invitations over third-party social networks. In addition, Firefox's existing phishing-and-malware detection tool has been extended to cover downloads, support has been added for Unicode 8.0's multi-ethnic emoji characters, and there is improved support for the Accessible Rich Internet Applications (ARIA) standard.
Firefox 39 released

Arch Linuxhas updated firefox(multiple vulnerabilities) and wesnoth(information leak). Debianhas updated stunnel4(authentication bypass). Debian-LTShas updated libxml2(multiple vulnerabilities) and pykerberos(insecure authentication). Fedorahas updated drupal6(F21; F22: account hijacking) and drupal7(F21; F22: multiple vulnerabilities). openSUSEhas updated flash-player(11.4). Oraclehas updated firefox(O5; O6; O7: multiple vulnerabilities). Red Hathas updated firefox(RHEL: multiple vulnerabilities) and openstack-cinder(RHEL OSP: file disclosure). SUSEhas updated MySQL(SLE 11 SP3: cipher downgrade attack), ntp(SLE11 SP3: multiple vulnerabilities), and OpenSSL(SLE 10 Client Tools; SUSE Manager 11 SP2, Studio Onsite; SLE 11 SAP; SLE 11 SP1; SLE SM 11 SP3: multiple vulnerabilities).
Friday's security updates

CentOShas updated openssl(C5: three vulnerabilities). Debian-LTShas updated unattended-upgrades(improper package authentication).
Security advisories for Thursday

The Weekly Edition for July 2, 2015 is available.
[$] Weekly Edition for July 2, 2015

Ars Technica reportsthat the US Supreme Court rejected Google's appeal of the Google-Oracle API copyright dispute. "Despite the high court's inaction on the case, the Google-Oracle legal flap is far from resolved. That's because the appeals court sent the case back to the lower courts to determine whether Google's use of the code in Android?which it no longer uses?constitutes a "fair use."Oracle is seeking $1 billion in damages. "This is not the end of the road for this case?the Federal Circuit decision explicitly left open the possibility that the kinds of uses Google made were permissible under copyright's fair use doctrine,"said Charles Duan, the director of Public Knowledge's patent reform project."(Thanks to Martin Michlmayr)
Supreme Court won?t weigh in on Oracle-Google API copyright battle (Ars Technica)

DockerConon June 22 and 23 was a much bigger affair than CoreOSFestor ContainerCamp. DockerCon rented out the San Francisco Marriott for the event; the keynote ballroom seats 2000. That's a pretty dramatic change from the first DockerConlast year, with roughly 500 attendees; it shows the huge growth of interest in Linux containers. Or maybe, given that it's Silicon Valley, what you're seeing is the magnetic power of $95 million in round-C funding.Subscribers can click below for a report from DockerCon by guest author Josh Berkus.
[$] News and updates from DockerCon 2015

Debianhas updated jackrabbit(information leak). Debian-LTShas updated libcrypto++(information disclosure), libmodule-signature-perl(multiple vulnerabilities), and ruby1.9.1(denial of service). Fedorahas updated abrt(F21: multiple vulnerabilities), cups-x2go(F22: multiple vulnerabilities), elfutils(F22: hardening fixes), gnome-abrt(F21: multiple vulnerabilities), kernel(F21: denial of service), libreport(F21: multiple vulnerabilities), pam(F22: denial of service), and rubygem-activesupport(F22; F21: two vulnerabilities). Mageiahas updated apache-mod_jk(MG4: information disclosure), drupal(MG4,5: multiple vulnerabilities), libvpx(MG4,5: denial of service), p7zip(MG4,5: directory traversal), postgresql(MG4: multiple vulnerabilities), and python-tornado(MG4: side-channel attack). openSUSEhas updated p7zip(13.2, 13.1: directory traversal). Oraclehas updated openssl(OL5: multiple vulnerabilities). Scientific Linuxhas updated openssl(SL5: multiple vulnerabilities).
Security advisories for Wednesday

The Linux Foundation has announcedthe R Consortium. "The R language is used by statisticians, analysts and data scientists to unlock value from data. It is a free and open source programming language for statistical computing and provides an interactive environment for data analysis, modeling and visualization. The R Consortium will complement the work of the R Foundation, a nonprofit organization based in Austria that maintains the language. The R Consortium will focus on user outreach and other projects designed to assist the R user and developer communities. Founding companies and organizations of the R Consortium include The R Foundation, Platinum members Microsoft and RStudio; Gold member TIBCO Software Inc.; and Silver members Alteryx, Google, HP, Mango Solutions, Ketchum Trading and Oracle."
Linux Foundation Announces R Consortium

redcarpet CVE-2015-5147 Stack Buffer Overflow Vulnerability
Vuln: redcarpet CVE-2015-5147 Stack Buffer Overflow Vulnerability

Novius OS 'tab' parameter Local File Include Vulnerability
Vuln: Novius OS 'tab' parameter Local File Include Vulnerability

Oracle Java SE CVE-2015-0478 Remote Security Vulnerability
Vuln: Oracle Java SE CVE-2015-0478 Remote Security Vulnerability

Oracle Java SE CVE-2015-0470 Remote Security Vulnerability
Vuln: Oracle Java SE CVE-2015-0470 Remote Security Vulnerability

[security bulletin] HPSBGN03352 rev.2 - HP Asset Manager Using RC4, Remote Disclosure of Information
Bugtraq: [security bulletin] HPSBGN03352 rev.2 - HP Asset Manager Using RC4, Remote Disclosure of Information

[security bulletin] HPSBGN03354 rev.1 - HP Connect-IT Using RC4, Remote Disclosure of Information
Bugtraq: [security bulletin] HPSBGN03354 rev.1 - HP Connect-IT Using RC4, Remote Disclosure of Information

[security bulletin] HPSBGN03361 rev.1 - HP UCMDB, HP UCMDB Configuration Manager, HP UCMDB Browser, and HP Universal Discovery running TLS, Remote Disclosure of Information
Bugtraq: [security bulletin] HPSBGN03361 rev.1 - HP UCMDB, HP UCMDB Configuration Manager, HP UCMDB Browser, and HP Universal Discovery running TLS, Remote Disclosure of Information

[security bulletin] HPSBMU03234 rev.1 - HP Vertica Analytics Platform running SSLv3, Remote Disclosure of Information
Bugtraq: [security bulletin] HPSBMU03234 rev.1 - HP Vertica Analytics Platform running SSLv3, Remote Disclosure of Information

News, Infocus, Columns, Vulnerabilities, Bugtraq ...
More rss feeds from SecurityFocus