Issues on Linux and Security
button Other -->

mp3riot (formerly known as


I decided to rename into mp3riot. the reason is, that the name does not clearly indicate, for what the program is best suited for. Because the program has grown so much (and because the the name should be more attractive to get more users), a renaming seems to be a must to me.

There are some important news about mp3riot / f2htmlpl. Please see the NEWS for further details.


Mp3riot (formerly known as is a command line utility that searches recursively through directories, builds a file list (with additional file information), and generates html files, plylists, etc. The output can be controlled, links can be corrected, and more. The script is mainly desigend to create Web pages, playlists, and databases for mp3-files, but can also used for other purposes.

Read the manual for further details.

Main Features:

  • supports playlists in m3u, pls, and xml format
  • supports sql output
  • creates html pages, templates can be used
  • supports advanced grouping methods
  • supports slection by date ranges, file extensions, and by random
  • supports renaming of mp3 files using id3tag information, templates or guessing can be used
  • advanced string manipulation methods
  • and much more ...


Latest version:

Older versions of mp3riot /

For Windows-Users:

You can also download a windows executable compiled with perl2exe. Then you need not to install perl. But I have not testet the functionality of the executable in detail. So it is best to use perl and the source of mp3riot!

Windows binaries of mp3riot:


perl mp3riot [options]

  • -h, --help: Show this screen and exit
  • -k, --mkconf:Use an assistant to write a config file
  • -o, --os win/unix: Default "unix", otherwise windows
  • -Q, --sortby value: Default is NAME (the filename). You can sort the filelist by the following criteria: URLNAME, SHOWNAME, DIR, NAME, TITLE, ARTIST, ALBUM, YEAR, COMMENT, GENRE, TRACKNUM, SIZE, MODTIME, VBR, BITRATE, FREQUENCY, MINUTES, SECONDS, FIRSTCHAR
  • -n, --doublicates: Check for doublicates of files by their filename
  • -D, --md5doublicates: Check for doublicates of files by their MD5 sum
  • -V, --seekvalues <n,+-n,n>: Three values that have to be seperated by ",". This is an useful option for --md5doublicates. The first one is the offset in bytes, the second is the number of bytes to seek (and the direction), and the last value tells the program where to start from (1 means to start from the begining of a file, 2 means to start from the end of a file. So, a combination of 1000,-1128,2 tells the programm to start 1128 bytes before the file ends (id3v1 tag is 128 bytes long!) and use 1000 bytes for calculation of md5 sums.
  • -b, --dbfile file: Write database to a file for searching it
  • -m --m3u file: Write a m3u playlist file. Directory and filename or GROUPPATH for writing m3u files for groups.
  • -X --xml file: Write a xml playlist file. Directory and filename or GROUPPATH for writing xml files for groups.
  • -L --pls file: Write a pls playlist file. Directory and filename or GROUPPATH for writing pls files for groups.
  • -W, --b4s file: Write a b4s playlist file. Directory and filename or GROUPPATH for writing b4s files for groups.
  • -t, --html file: Write a html file. Directory and filename or GROUPPATH for writing html files for groups.
  • -a, --http name: Define the http address for url
  • -r, --remove: Remove id3tags (do you know what you are doing?)
  • -i, --mp3info: Use mp3/ogg info for html output
  • -e, --ext: Remove file extensions in html output
  • -f, --filesize: Use filesize for html output
  • -c, --check ext: Select files by their extension(s) (e.g. mp3). For every extension use a seperate flag!
  • -z, --skip number: Skip n elements of mount/directories/names
  • -p, --conf file: Use a config file
  • -w, --utf8 file: File with UTF-8 code for replacements in links
  • -q, --nocs: Do sorting not case sensitive
  • -j, --statfile file: Write statistics to file
  • -d, --dir directory: Define the (multiple) directory(ies) the mp3s are stored in. For every directory use a seperate flag!
  • -g, --sql file: Filename to store sql table in (only for mp3 and ogg!)
  • -y, --replace file: Name of replacement file; in the file use <string_1>=<string_2> to transform <string_1> into <string_2>; special characters like a backslash have to be preceeded by a backslash "\\" (used for directories)
  • -s, --seperate path: Write seperate html files for every character
  • -R, --rename: Renames mp3 and ogg file using their id3tag. The use of rename_template in the configfile is optional. If rename_template is not used, the program tries to create a filename like: ARTIST - ALBUM - TRACKNUMBER - TITLE by using the id3tag. It assumes, that the filenames have a similar format and tries to guess, whether the id3tag has enough information to create a better filename. Old and new filenames are stored in RENAME.bak
  • -B, --renameback: Renames files back using the file RENAME.bak
  • -T, --templatesHtml templates are used. They have to be defined in the conmfig file using the commands html_head, html_change, html_body, html_footer, html_sep_head. See the README for avalable templates!
  • -G, --groupfile file: Filename for grouping information: <groupname1>=<TYPE>=<string1>,<string2>,...
  • -P, --grouppath path: The path, where to write the html files for group
  • -O, --older number: Only files are selected, having a modification time higher than the specified days
  • -Y, --younger number: Only files are selected, having a modification time less than the specified days
  • -I, --id3tag: Use the id3 tag to get infos
  • -S, --random number: Percentage of file to select randomly (e.g. 50 to select 50% of files/every second file)
You can use nearly all commands in a config file (and it is the best to do it this way!). The syntax then changes sligthly, so that, for example, --dir changes to dir=
Additionally, in the config file it is possible to use the commands:
  • exec= param: Execute system command. This command can be used multiple times
  • rename_template=string:string with templates for renaming files by their id3tag (to be used together with --rename)
    The following rename templates are available: **TITLE**, **ARTIST**, **ALBUM**, **YEAR**, **COMMENT**, **GENRE**. **TRACKNUM**
  • html_head= string: Html code for the head
  • html_change= string: Html code if the first character between two file names change
  • html_body= string: Html code for each filename
  • html_footer= string: Html code for the foot
  • html_sep_head= string: Html code for the head seperate html files by first character
    The following html templates are available: **SUMOFFILES**, **SUMOFMEGS**, **DATE**, **URLNAME**, **SHOWNAME**, **DIR**, **NAME**, **TITLE**, **ARTIST**, **ALBUM**, **YEAR**, **COMMENT**, **GENRE**, **TRACKNUM**, **SIZE**, **MODTIME**, **VBR**, **BITRATE**, **FREQUENCY**, **MINUTES**, **SECONDS**, **HTMLINDEX**, **FIRSTCHAR**


mp3riot 1.3-20041220

  • extended grouping fuction for all playlistfiles
  • renaming of special characters for filenames og groups
  • support of b4s playlistformat
  • sorting of filelist by various criterias of id3tag, mp3 and
  • file information (e.g. ARTIST, BITRATE etc.)
  • extended output of doublicate function by diretory names
  • added FIRSTCHAR as a value for grouping

mp3riot 1.2-20041007

  • Fixed bug in sql output
  • Flexible search for doublicate files using md5 sums
  • search for doublicates by filenames seperated from search function
  • fixed bug in xml output
  • filesize in html output is now rouded
  • replaced progress bar by counter in percentage
  • added counter for collected files
  • fixed bug in index in html output
  • fixed bug in html output for grouping
  • extended grouping function by new type EQUAL
  • bugfix in pls output

mp3riot 1.1-20030728

  • Renamed into mp3riot
  • Fixed output of playlist in M3U format, so that the M3U file is now containing full information
  • Fixed bug for retreaving the TITLE of an id3tag
  • Added output of playlist in XML format
  • Added output of playlist in PLS format
  • Added random fileselection for random playlists
  • Added the tracknumber for sql output
  • Added **TRACKNUM** (tracknumber) and as a template variable for html output
  • Added TRACKNUM (tracknumber) as a variable for groupings
  • Added tracknumber and comment for db output
  • Fixed bug in renaming function when special characters are present in the id3tag
  • Added rename_template to do renaming of files using their id3tag in a flexible way
  • Fixed a bug in renameback 1.0-20030319

  • Fixed some smaller bugs
  • Rebuild the internal data structure completely
  • Removed option for fast sorting (not necessary any more)
  • Implemented selection of files by their modification time (younger and/or older than days from now)
  • Implemented grouping of files by string matching between group defninitions by various types
  • Implemented variable html-code dsefinitions and templates
  • Changed definition for string replacement
  • now comes with a new version of from MP3-Info-1.02 by Chris Nandor
  • The use of the id3tag for sql and html output is now optional
  • Manpage is not supported any more. 0.9-20030313

  • Fixed a commandline parameter bug where the parameters were handled non case sensitive. Now there are handled case sensitive. As a result the functions RENAME and RENAMEBACK did not work when called with the short command line argument.
  • Fixed a commandline parameter bug that occured with Perl 5.8.0 and Getopt::Long 2.32. The -s flag in line 1 of the perl script causes the program to count the command line parameters in an usual way, so that command line parameters got disturbed and did not work any more. 0.8-20021105

  • Some changes in the documentation.
  • New option to rename files using their id3tag.
  • New option to rename files back.
  • Some code fixes.
  • Usage of the replace option has changed. 0.7-20021016

  • Bug for the option "check" in config file and configuration wizard fixed
  • Bug for the check of the mp3 extension when mp3info was enabled fixed.
  • Bug of sum of megs in html output fixed.
  • Bug in mp3table.sql fixed.
  • Basic ogg vorbis support implemented (thanks to Jens Burkal). 0.6-20020718

  • New method (experimental) for faster sorting. Useful for indexing huge number of files or mp3 files with additional information.
  • New option for checking for dublicates of filenames.
  • Now comes wioth a new version of from MP3-Info-1.01 by Chris Nandor. 0.5-20020626

  • Fixed problem with sql data output when files contain the charakter " ' ".
  • Name of option "hex" changed to "utf8".
  • Implemeted progress bar for prepating html files.
  • More information about what the program is doing. 0.4-20011127

  • Now f2html comes with a new version of from MP3-Info-0.91 by Chris Nandor.
  • Minor Bugfixes.
  • New option to create sql database.
  • New option to create a config file. 0.3-20010628

  • Some checks and corrections for pathnames.
  • Only existing characters are written out at the top of a html file.
  • Rewrite of sum of files and sizes. Important for writing seperate html files for every character.
  • The option -q has been implemented and allows for doing the procedures in a non case sensitive way.
  • The option -j has been implemented. A html file with statistics can be written out. 0.2-20010117

  • The manual has been updated.
  • The option -c has been updated. Now this option can be used more than only one time. So one is able to select file by different extensions. 0.1-20001127

  • Initial release.

back to top

button Whats New
[2005-02-18] mp3riot version 1.3 released
[2004-10-08] mp3riot version 1.2 is out.
[2004-04-30] Added section Bridging
[2004-01-09] working progress on mp3riot version 1.2
O'Reilly has posted an excerpt from Puppet best practices, an upcoming book about the Puppet system configuration tool. It's a good place to look for those wanting an introduction to how Puppet works. "Puppet can be somewhat alien to technologists who have a background in automation scripting. Where most of our scripts scripts are procedural, Puppet is declarative. While a declarative language has many major advantages for configuration management, it does impose some interesting restrictions on the approaches we use to solve common problems."
The Puppet design philosophy (O'Reilly)

David Tschumperlé has posted an extensive summary of his work on G'MIC, an image-processing tool. One of those projects was comic colorization: "The idea is very simple: Instead of forcing the artist to do all the colorization job by himself, we just ask him to put some colored key-points here and here, inside the different image regions to fill-in. Then, the algorithm tries to guess a probable colorization of the drawing, by analyzing the contours in the image and by interpolating the given colored key-points with respect to these contours."(LWN looked at G'MICin August 2014).
Tschumperlé: My latest ten months working on G?MIC

NetworkWorld takes a lookat two VMWare projects that are aimed at running containers inside the VM. "VMware has created Photon as an OS that can run in vSphere. VMware says it?s a ?lightweight? Linux OS that has only the basic elements required to package applications in containers and run them inside virtual machines. Because of its minimalist feature set, Project Photon is meant to boot up quickly, which is a key advantage of using containers. Project Photonsupports many container image platforms, including those from Docker (which is both an open source container runtime and the name of the company that is commercializing it), as well as container images from CoreOS (called ?rkt?) and Pivotal (named ?Garden?)."VMWare also announced a beta version of Project Lightwave, "which is an identity and access management tool meant to provide an extra security layer for containers."
VMware just created its first Linux OS, and it?s container-friendly (NetworkWorld)

New stable kernel updates have been released for 3.19.5, 3.14.39, and 3.10.75. All of them contain important fixes throughout the tree.
Stable kernel updates

Arch Linuxhas updated chromium(multiple vulnerabilities), flashplugin(multiple vulnerabilities), jdk7-openjdk(multiple vulnerabilities), jre7-openjdk(multiple vulnerabilities), and jre7-openjdk-headless(multiple vulnerabilities). Debianhas updated django-markupfield(information leak) and mysql-5.5(multiple vulnerabilities). Debian-LTShas updated file(memory leak), openldap(multiple vulnerabilities), ppp(denial of service), and wesnoth-1.8(information leak). Fedorahas updated gnupg2(F21: double-free issue), groovy-sandbox(F21: privilege escalation), jenkins(F21: multiple vulnerabilities), jenkins-matrix-project-plugin(F21: privilege escalation), jenkins-script-security-plugin(F21: privilege escalation), knot(F21; F20: multiple vulnerabilities), libtasn1(F21; F20: denial of service), mediawiki(F21; F20: multiple vulnerabilities), owncloud(F21; F20: multiple vulnerabilities), perl-DBD-Firebird(F21; F20: buffer overflow), perl-Module-Signature(F21; F20: multiple vulnerabilities), perl-Test-Signature(F21; F20: multiple vulnerabilities), php-symfony(F21; F20: two vulnerabilities), postgis(F21: multiple vulnerabilities), python(F21: denial of service), rest(F21; F20: denial of service), tcpdump(F20: multiple vulnerabilities), and tor(F21; F20: denial of service). Mageiahas updated perl-DBD-Firebird(buffer overflow), perl-Module-Signature(multiple vulnerabilities), and potrace(denial of service). openSUSEhas updated xen(13.1: multiple vulnerabilities). Red Hathas updated java-1.6.0-sun(RHEL5,6,7: multiple vulnerabilities) and java-1.7.0-oracle(RHEL5,6,7: multiple vulnerabilities).
Security advisories for Monday

Version 4.0of the Ardour audio editing system is available. This release features Windows support, more flexible audio support (JACK is no longer required), a lot of user-interface work, and official OS X and Windows support.
Ardour 4.0 released

PacketFenceis a free network access control system; the 5.0 releaseis now available. Changes include a new active clustering mode, better device fingerprinting, better performance monitoring, the elimination of plaintext passwords, and more.
PacketFence 5.0 released

At his blog, Christian Schaller announcesthat Red Hat has joined the Khronos Group, the consortium behind (among other things) the OpenGL standard. Schaller notes that "the reason we are joining is because of all the important changes that are happening in Graphics and GPU compute these days and our wish to have more direct input of the direction of some of these technologies. Our efforts are likely to focus on improving the OpenGL specification by proposing some new extensions to OpenGL, and of course providing input and help with moving the new Vulkanstandard forward."
Schaller: Red Hat joins Khronos

Arch Linuxhas updated php(multiple vulnerabilities). Debian-LTShas updated tzdata(unspecified vulnerability). Gentoohas updated adobe-flash(multiple vulnerabilities) and xorg-server(multiple vulnerabilities). openSUSEhas updated icecast(13.1, 13.2:denial of service) and ntop(13.1, 13.2: cross-site scripting). Red Hathas updated java-1.8.0-oracle(RHEL6,7: multiple vulnerabilities), novnc(RHEL6 OSP; RHEL7 OSP: VNC session hijacking), openstack-foreman-installer(RHEL6 OSP: root command execution), openstack-glance(RHEL6 OSP; RHEL7 OSP: denial of service), openstack-nova(RHEL6 OSP; RHEL7 OSP: multiple vulnerabilities), openstack-packstack, openstack-puppet-modules(RHEL6 OSP; RHEL7 OSP: root command execution), openstack-swift(RHEL6 OSP; RHEL7 OSP: metadata constraint bypass), python-django-horizon, python-django-openstack-auth(RHEL6 OSP; RHEL7 OSP: denial of service), and redhat-access-plugin-openstack(RHEL6 OSP; RHEL7 OSP: information disclosure). Ubuntuhas updated apport(14.04, 14.10: privilege escalation).
Friday's security updates

It has been roughly a year and a half since the last release of the GNU Hurdoperating system, so it may be of interest to some readers that GNU Hurd 0.6 has been released along with GNU Mach 1.5(the microkernel that Hurd runs on) and GNU MIG 1.5(the Mach Interface Generator, which generates code to handle remote procedure calls). New features include procfs and random translators; cleanups and stylistic fixes, some of which came from static analysis; message dispatching improvements; integer hashing performance improvements; a split of the init server into a startup server and an init program based on System V init; and more. "GNU Hurd runs on 32-bit x86 machines. A version running on 64-bit x86 (x86_64) machines is in progress. Volunteers interested in ports to other architectures are sought; please contact us (see below) if you'd like to help. To compile the Hurd, you need a toolchain configured to target i?86-gnu; you cannot use a toolchain targeting GNU/Linux. Also note that you cannot run the Hurd "in isolation": you'll need to add further components such as the GNU Mach microkernel and the GNU C Library (glibc), to turn it into a runnable system."
GNU Hurd 0.6 released

On his blog, Josh Boyer looksat the choice of the 4.0 kernel for Fedora 22. While the underpinnings of the live kernel patching feature have been merged, even when it is fully operational it is probably not something that Fedora (and perhaps other distributions) will use often (or at all). "In reality, we might not ever really leverage the live patching functionality in Fedora itself. It is understandable that people want to patch their kernel without rebooting, but the mechanism is mostly targeted at small bugfixes and security patches. You cannot, for example, live patch from version 4.0 to 4.1. Given that the Fedora kernel rebases both from stable kernel (e.g. 3.19.2 to 3.19.3) and major release kernels over the lifetime of a Fedora release, we don't have much opportunity to build the live patches."
Boyer: Fedora 22 and Kernel 4.0

Debianhas updated gst-plugins-bad0.10(code execution), inspircd(code execution from 2012), movabletype-opensource(code execution), and ppp(denial of service). Debian-LTShas updated ruby1.9.1(three vulnerabilities). Mageiahas updated java-1.7.0-openjdk(multiple vulnerabilities), mono(three SSL/TLS vulnerabilities), and python-dulwich(two code execution flaws). openSUSEhas updated flash-player(11.4: 45 vulnerabilities) and rubygem-rest-client(13.2, 13.1: plaintext password logging). Oraclehas updated java-1.6.0-openjdk(OL5: unspecified vulnerabilities) and java-1.7.0-openjdk(OL5: unspecified vulnerabilities). Red Hathas updated chromium-browser(RHEL6: multiple vulnerabilities), java-1.6.0-openjdk(RHEL5,6&7: multiple vulnerabilities), java-1.7.0-openjdk(RHEL5; RHEL6&7: multiple vulnerabilities), and java-1.8.0-openjdk(RHEL6&7: multiple vulnerabilities). Scientific Linuxhas updated java-1.6.0-openjdk(SL5,6&7: multiple vulnerabilities), java-1.7.0-openjdk(SL5; SL6&7: multiple vulnerabilities), and java-1.8.0-openjdk(SL6&7: multiple vulnerabilities). SUSEhas updated flash-player(SLE11SP3: 22 vulnerabilities).
Security updates for Thursday

The Weekly Edition for April 16, 2015 is available.
[$] Weekly Edition for April 16, 2015

[simple directed graph using fdp]In the first two installments in this series on plotting tools (which covered gnuplotand matplotlib), we introduced tools for creating plots and graphs, and used the terms interchangeably to refer to the typical scientific plot relating one set of quantities to another. In this article we use the term "graph"in its mathematical, graph-theorycontext, meaning a set of nodes connected by edges. There is a strong family resemblance among graph-theory graphs, flowcharts, and network diagrams—so much so that some of the same tools can be coerced into creating all of them. We will now survey several mature free-software systems for building these types of visualizations. At least one of these tools will likely be useful if you are ever in need of an automated way to diagram source-code interdependencies, make an organizational chart, visualize a computer network, or organize a sports tournament. We will start with a graphical charting tool and a flexible graphing system that can easily be called by other programs.
[$] Plotting tools for networks, part I

CentOShas updated java-1.6.0-openjdk(C7; C6; C5: multiple vulnerabilities), java-1.7.0-openjdk(C7; C6; C5: multiple vulnerabilities), and java-1.8.0-openjdk(C7; C6: multiple vulnerabilities). Debian-LTShas updated libvncserver(multiple vulnerabilities) and libx11(code execution). Mageiahas updated arj(multiple vulnerabilities), asterisk(SSL server spoofing), flash-player-plugin(multiple vulnerabilities), glusterfs(denial of service), librsync(file checksum collision), ntp(two vulnerabilities), qemu(denial of service), quassel(denial of service), shibboleth-sp(denial of service), socat(denial of service), tor(denial of service), and wesnoth(information leak). Oraclehas updated java-1.6.0-openjdk(OL6: multiple vulnerabilities), java-1.7.0-openjdk(OL6: multiple vulnerabilities), and java-1.8.0-openjdk(OL6: multiple vulnerabilities). Red Hathas updated flash-plugin(RHEL5,6 Supplementary: multiple vulnerabilities). SUSEhas updated Adobe Flash Player(SLEWE12, SLED12: multiple vulnerabilities).
Security advisories for Wednesday

OpenIPMI 'ipmievd' Daemon PID Files Insecure File Permissions Vulnerability
Vuln: OpenIPMI 'ipmievd' Daemon PID Files Insecure File Permissions Vulnerability

python-fedora Open Redirection and Cross Site Scripting Vulnerabilities
Vuln: python-fedora Open Redirection and Cross Site Scripting Vulnerabilities

Linux Kernel 'mpt2sas' Local Privilege Escalation and Information Disclosure Vulnerabilities
Vuln: Linux Kernel 'mpt2sas' Local Privilege Escalation and Information Disclosure Vulnerabilities

X.Org libFS 'FSOpenServer()' Memory Corruption Vulnerability
Vuln: X.Org libFS 'FSOpenServer()' Memory Corruption Vulnerability

PayPal Inc Bug Bounty #113 - Client Side Cross Site Scripting Vulnerability
Bugtraq: PayPal Inc Bug Bounty #113 - Client Side Cross Site Scripting Vulnerability

Ebay Inc Xcom #7 - (Policy) Persistent Vulnerability
Bugtraq: Ebay Inc Xcom #7 - (Policy) Persistent Vulnerability

Ebay Inc Xcom #6 - Persistent POST Inject Vulnerability
Bugtraq: Ebay Inc Xcom #6 - Persistent POST Inject Vulnerability

Ebay Inc Xcom #4 - (Item Preview) Persistent Vulnerability
Bugtraq: Ebay Inc Xcom #4 - (Item Preview) Persistent Vulnerability

News, Infocus, Columns, Vulnerabilities, Bugtraq ...
More rss feeds from SecurityFocus