Issues on Linux and Security
button Other -->

mp3riot (formerly known as


I decided to rename into mp3riot. the reason is, that the name does not clearly indicate, for what the program is best suited for. Because the program has grown so much (and because the the name should be more attractive to get more users), a renaming seems to be a must to me.

There are some important news about mp3riot / f2htmlpl. Please see the NEWS for further details.


Mp3riot (formerly known as is a command line utility that searches recursively through directories, builds a file list (with additional file information), and generates html files, plylists, etc. The output can be controlled, links can be corrected, and more. The script is mainly desigend to create Web pages, playlists, and databases for mp3-files, but can also used for other purposes.

Read the manual for further details.

Main Features:

  • supports playlists in m3u, pls, and xml format
  • supports sql output
  • creates html pages, templates can be used
  • supports advanced grouping methods
  • supports slection by date ranges, file extensions, and by random
  • supports renaming of mp3 files using id3tag information, templates or guessing can be used
  • advanced string manipulation methods
  • and much more ...


Latest version:

Older versions of mp3riot /

For Windows-Users:

You can also download a windows executable compiled with perl2exe. Then you need not to install perl. But I have not testet the functionality of the executable in detail. So it is best to use perl and the source of mp3riot!

Windows binaries of mp3riot:


perl mp3riot [options]

  • -h, --help: Show this screen and exit
  • -k, --mkconf:Use an assistant to write a config file
  • -o, --os win/unix: Default "unix", otherwise windows
  • -Q, --sortby value: Default is NAME (the filename). You can sort the filelist by the following criteria: URLNAME, SHOWNAME, DIR, NAME, TITLE, ARTIST, ALBUM, YEAR, COMMENT, GENRE, TRACKNUM, SIZE, MODTIME, VBR, BITRATE, FREQUENCY, MINUTES, SECONDS, FIRSTCHAR
  • -n, --doublicates: Check for doublicates of files by their filename
  • -D, --md5doublicates: Check for doublicates of files by their MD5 sum
  • -V, --seekvalues <n,+-n,n>: Three values that have to be seperated by ",". This is an useful option for --md5doublicates. The first one is the offset in bytes, the second is the number of bytes to seek (and the direction), and the last value tells the program where to start from (1 means to start from the begining of a file, 2 means to start from the end of a file. So, a combination of 1000,-1128,2 tells the programm to start 1128 bytes before the file ends (id3v1 tag is 128 bytes long!) and use 1000 bytes for calculation of md5 sums.
  • -b, --dbfile file: Write database to a file for searching it
  • -m --m3u file: Write a m3u playlist file. Directory and filename or GROUPPATH for writing m3u files for groups.
  • -X --xml file: Write a xml playlist file. Directory and filename or GROUPPATH for writing xml files for groups.
  • -L --pls file: Write a pls playlist file. Directory and filename or GROUPPATH for writing pls files for groups.
  • -W, --b4s file: Write a b4s playlist file. Directory and filename or GROUPPATH for writing b4s files for groups.
  • -t, --html file: Write a html file. Directory and filename or GROUPPATH for writing html files for groups.
  • -a, --http name: Define the http address for url
  • -r, --remove: Remove id3tags (do you know what you are doing?)
  • -i, --mp3info: Use mp3/ogg info for html output
  • -e, --ext: Remove file extensions in html output
  • -f, --filesize: Use filesize for html output
  • -c, --check ext: Select files by their extension(s) (e.g. mp3). For every extension use a seperate flag!
  • -z, --skip number: Skip n elements of mount/directories/names
  • -p, --conf file: Use a config file
  • -w, --utf8 file: File with UTF-8 code for replacements in links
  • -q, --nocs: Do sorting not case sensitive
  • -j, --statfile file: Write statistics to file
  • -d, --dir directory: Define the (multiple) directory(ies) the mp3s are stored in. For every directory use a seperate flag!
  • -g, --sql file: Filename to store sql table in (only for mp3 and ogg!)
  • -y, --replace file: Name of replacement file; in the file use <string_1>=<string_2> to transform <string_1> into <string_2>; special characters like a backslash have to be preceeded by a backslash "\\" (used for directories)
  • -s, --seperate path: Write seperate html files for every character
  • -R, --rename: Renames mp3 and ogg file using their id3tag. The use of rename_template in the configfile is optional. If rename_template is not used, the program tries to create a filename like: ARTIST - ALBUM - TRACKNUMBER - TITLE by using the id3tag. It assumes, that the filenames have a similar format and tries to guess, whether the id3tag has enough information to create a better filename. Old and new filenames are stored in RENAME.bak
  • -B, --renameback: Renames files back using the file RENAME.bak
  • -T, --templatesHtml templates are used. They have to be defined in the conmfig file using the commands html_head, html_change, html_body, html_footer, html_sep_head. See the README for avalable templates!
  • -G, --groupfile file: Filename for grouping information: <groupname1>=<TYPE>=<string1>,<string2>,...
  • -P, --grouppath path: The path, where to write the html files for group
  • -O, --older number: Only files are selected, having a modification time higher than the specified days
  • -Y, --younger number: Only files are selected, having a modification time less than the specified days
  • -I, --id3tag: Use the id3 tag to get infos
  • -S, --random number: Percentage of file to select randomly (e.g. 50 to select 50% of files/every second file)
You can use nearly all commands in a config file (and it is the best to do it this way!). The syntax then changes sligthly, so that, for example, --dir changes to dir=
Additionally, in the config file it is possible to use the commands:
  • exec= param: Execute system command. This command can be used multiple times
  • rename_template=string:string with templates for renaming files by their id3tag (to be used together with --rename)
    The following rename templates are available: **TITLE**, **ARTIST**, **ALBUM**, **YEAR**, **COMMENT**, **GENRE**. **TRACKNUM**
  • html_head= string: Html code for the head
  • html_change= string: Html code if the first character between two file names change
  • html_body= string: Html code for each filename
  • html_footer= string: Html code for the foot
  • html_sep_head= string: Html code for the head seperate html files by first character
    The following html templates are available: **SUMOFFILES**, **SUMOFMEGS**, **DATE**, **URLNAME**, **SHOWNAME**, **DIR**, **NAME**, **TITLE**, **ARTIST**, **ALBUM**, **YEAR**, **COMMENT**, **GENRE**, **TRACKNUM**, **SIZE**, **MODTIME**, **VBR**, **BITRATE**, **FREQUENCY**, **MINUTES**, **SECONDS**, **HTMLINDEX**, **FIRSTCHAR**


mp3riot 1.3-20041220

  • extended grouping fuction for all playlistfiles
  • renaming of special characters for filenames og groups
  • support of b4s playlistformat
  • sorting of filelist by various criterias of id3tag, mp3 and
  • file information (e.g. ARTIST, BITRATE etc.)
  • extended output of doublicate function by diretory names
  • added FIRSTCHAR as a value for grouping

mp3riot 1.2-20041007

  • Fixed bug in sql output
  • Flexible search for doublicate files using md5 sums
  • search for doublicates by filenames seperated from search function
  • fixed bug in xml output
  • filesize in html output is now rouded
  • replaced progress bar by counter in percentage
  • added counter for collected files
  • fixed bug in index in html output
  • fixed bug in html output for grouping
  • extended grouping function by new type EQUAL
  • bugfix in pls output

mp3riot 1.1-20030728

  • Renamed into mp3riot
  • Fixed output of playlist in M3U format, so that the M3U file is now containing full information
  • Fixed bug for retreaving the TITLE of an id3tag
  • Added output of playlist in XML format
  • Added output of playlist in PLS format
  • Added random fileselection for random playlists
  • Added the tracknumber for sql output
  • Added **TRACKNUM** (tracknumber) and as a template variable for html output
  • Added TRACKNUM (tracknumber) as a variable for groupings
  • Added tracknumber and comment for db output
  • Fixed bug in renaming function when special characters are present in the id3tag
  • Added rename_template to do renaming of files using their id3tag in a flexible way
  • Fixed a bug in renameback 1.0-20030319

  • Fixed some smaller bugs
  • Rebuild the internal data structure completely
  • Removed option for fast sorting (not necessary any more)
  • Implemented selection of files by their modification time (younger and/or older than days from now)
  • Implemented grouping of files by string matching between group defninitions by various types
  • Implemented variable html-code dsefinitions and templates
  • Changed definition for string replacement
  • now comes with a new version of from MP3-Info-1.02 by Chris Nandor
  • The use of the id3tag for sql and html output is now optional
  • Manpage is not supported any more. 0.9-20030313

  • Fixed a commandline parameter bug where the parameters were handled non case sensitive. Now there are handled case sensitive. As a result the functions RENAME and RENAMEBACK did not work when called with the short command line argument.
  • Fixed a commandline parameter bug that occured with Perl 5.8.0 and Getopt::Long 2.32. The -s flag in line 1 of the perl script causes the program to count the command line parameters in an usual way, so that command line parameters got disturbed and did not work any more. 0.8-20021105

  • Some changes in the documentation.
  • New option to rename files using their id3tag.
  • New option to rename files back.
  • Some code fixes.
  • Usage of the replace option has changed. 0.7-20021016

  • Bug for the option "check" in config file and configuration wizard fixed
  • Bug for the check of the mp3 extension when mp3info was enabled fixed.
  • Bug of sum of megs in html output fixed.
  • Bug in mp3table.sql fixed.
  • Basic ogg vorbis support implemented (thanks to Jens Burkal). 0.6-20020718

  • New method (experimental) for faster sorting. Useful for indexing huge number of files or mp3 files with additional information.
  • New option for checking for dublicates of filenames.
  • Now comes wioth a new version of from MP3-Info-1.01 by Chris Nandor. 0.5-20020626

  • Fixed problem with sql data output when files contain the charakter " ' ".
  • Name of option "hex" changed to "utf8".
  • Implemeted progress bar for prepating html files.
  • More information about what the program is doing. 0.4-20011127

  • Now f2html comes with a new version of from MP3-Info-0.91 by Chris Nandor.
  • Minor Bugfixes.
  • New option to create sql database.
  • New option to create a config file. 0.3-20010628

  • Some checks and corrections for pathnames.
  • Only existing characters are written out at the top of a html file.
  • Rewrite of sum of files and sizes. Important for writing seperate html files for every character.
  • The option -q has been implemented and allows for doing the procedures in a non case sensitive way.
  • The option -j has been implemented. A html file with statistics can be written out. 0.2-20010117

  • The manual has been updated.
  • The option -c has been updated. Now this option can be used more than only one time. So one is able to select file by different extensions. 0.1-20001127

  • Initial release.

back to top

button Whats New
[2005-02-18] mp3riot version 1.3 released
[2004-10-08] mp3riot version 1.2 is out.
[2004-04-30] Added section Bridging
[2004-01-09] working progress on mp3riot version 1.2
The 4.1-rc1prepatch is out. Linus says: "No earth-shattering new features come to mind, even if initial support for ACPI on arm64 looks funny. Depending on what you care about, your notion of 'big new feature' may differ from mine, of course. There's a lot of work all over, and some of it might just make a big difference to your use cases."What he doesn't mention is that, in the end, kdbus was not merged for this development cycle.
Kernel prepatch 4.1-rc1

Debian 8, codenamed "Jessie", has been released. It comes with a wide array of upgraded packages including GNOME 3.14, KDE Plasma Workspaces and KDE Applications 4.11.13, Python 2.7.9 and 3.4.2, Perl 5.20.2, PHP 5.6.7, PostgreSQL 9.4.1, MariaDB 10.0.16 and MySQL 5.5.42, Linux 3.16.7-ctk9, and lots more. "With this broad selection of packages and its traditional wide architecture support, Debian once again stays true to its goal of being the universal operating system. It is suitable for many different use cases: from desktop systems to netbooks; from development servers to cluster systems; and for database, web, or storage servers. At the same time, additional quality assurance efforts like automatic installation and upgrade tests for all packages in Debian's archive ensure that "Jessie"fulfills the high expectations that users have of a stable Debian release."
Debian 8 "Jessie"released

The Rust blog has posted a guideto using Rust's foreign function interface (FFI) with C code. Highlighted in particular are Rust's safe abstractions, which are said to impose no costs. "Most features in Rust tie into its core concept of ownership, and the FFI is no exception. When binding a C library in Rust you not only have the benefit of zero overhead, but you are also able to make it safer than C can! Bindings can leverage the ownership and borrowing principles in Rust to codify comments typically found in a C header about how its API should be used."
Rust Once, Run Everywhere

Arch Linuxhas updated powerdns(denial of service) and powerdns-recursor(denial of service). Debian-LTShas updated subversion(multiple vulnerabilities). Fedorahas updated lcms(F20: denial of service) and php(F21: multiple vulnerabilities). Mageiahas updated chromium-browser-stable(M4: multiple vulnerabilities), chrony(M4: multiple vulnerabilities), lftp(M4: SSL server spoofing), libksba(M4: denial of service), ntop(M4: cross-site scripting), setup(M4: information disclosure), and t1utils(M4: multiple vulnerabilities). openSUSEhas updated firefox(13.1; 13.2: code execution) and socat(13.1: denial of service). Oraclehas updated kernel(kernel 3.8.18 (O6, O7); kernel 2.6.39 (O5, O6); kernel 2.6.32 (O5, O6): multiple vulnerabilities). Red Hathas updated novnc(RHEL OSP4: VNC session hijacking). Ubuntuhas updated firefox(code execution), usb-creator(12.04, 14.04, 14.10; 15.04: privilege escalation), and wpa_supplicant(14.04, 14.10: code execution).
Friday's security updates

The Ubuntu 15.04 release is out. "Ubuntu Server 15.04 includes the Kilo release of OpenStack, alongside deployment and management tools that save devops teams time when deploying distributed applications - whether on private clouds, public clouds, x86 or ARM servers, or on developer laptops. Several key server technologies, from MAAS to Ceph, have been updated to new upstream versions with a variety of new features. This release also includes the first release of snappy Ubuntu Core, a new distribution model based on transactional updates."LWN looked at Snappyin January.
Ubuntu 15.04 (Vivid Vervet) released

Ars Technica reportson a wpa_supplicant bugthat might leave Linux and other systems open to remote code execution. "That's because the code fails to check the length of incoming SSID information and writes information beyond the valid 32 octets of data to memory beyond the range it was allocated. SSID information 'is transmitted in an element that has a 8-bit length field and potential maximum payload length of 255 octets,' [wpa_supplicant maintainer Jouni] Malinen wrote, and the code 'was not sufficiently verifying the payload length on one of the code paths using the SSID received from a peer device. This can result in copying arbitrary data from an attacker to a fixed length buffer of 32 bytes (i.e., a possible overflow of up to 223 bytes). The overflow can override a couple of variables in the struct, including a pointer that gets freed. In addition, about 150 bytes (the exact length depending on architecture) can be written beyond the end of the heap allocation.'"
Wi-Fi software security bug could leave Android, Windows, Linux open to attack (Ars Technica)

Arch Linuxhas updated glibc(code execution). Fedorahas updated chrony(F21: three vulnerabilities), gnupg2(F20: denial of service), java-1.7.0-openjdk(F20: unspecified), java-1.8.0-openjdk(F21: unspecified), kernel(F21; F20: denial of service), ntp(F20: two vulnerabilities), python(F20: denial of service from 2013), spatialite-tools(F21: three vulnerabilities), and sqlite(F21: three vulnerabilities). Oraclehas updated kvm(OL5: two vulnerabilities).
Security updates for Thursday

The Weekly Edition for April 23, 2015 is available.
[$] Weekly Edition for April 23, 2015

Few readers will have failed to notice by now that the attempted merging of the kdbus interprocess communication system into the 4.1 kernel has failed to go as well as its proponents would have liked. As of this writing, the discussion continues and nothing has been merged. This article constitutes an attempt to derive a bit of light from the massive amounts of heat that have been generated so far, with a specific focus on the issue of metadata and capabilities.
[$] The kdbuswreck introducesSourcegraph. "Sourcegraph is a code search engine and browsing tool that semantically indexes all the open source code available on the web. You can search for code by repository, package, or function and click on fully linked code to read the docs, jump to definitions, and instantly find usage examples. And you can do all of this in your web browser, without having to configure any editor plugin."
Sourcegraph: A free code search tool for open source developers (

Arch Linuxhas updated firefox(code execution). CentOShas updated kernel(C6: multiple vulnerabilities), kvm(C5: two vulnerabilities), and qemu-kvm(C6: privilege escalation). Debianhas updated curl(multiple vulnerabilities) and subversion(two vulnerabilities). Debian-LTShas updated wireshark(multiple vulnerabilities). Fedorahas updated ceph-deploy(F21: information leak), firefox(F20: multiple vulnerabilities), libzip(F21; F20: code execution), mingw-gnutls(F21: denial of service), mingw-libtasn1(F21; F20: denial of service), openstack-neutron(F20: denial of service), python-virtualenv(F21; F20: insecure software download), qt5-qtwebkit(F21; F20: denial of service), and qtwebkit(F21; F20: denial of service). openSUSEhas updated Chromium(13.2, 13.1: multiple vulnerabilities). Oraclehas updated glibc(OL6: two vulnerabilities), kernel(OL6: multiple vulnerabilities), and qemu-kvm(OL6: privilege escalation). Red Hathas updated kernel(RHEL5.9: privilege escalation), kvm(RHEL5: two vulnerabilities), and qemu-kvm(RHEL6: privilege escalation). Scientific Linuxhas updated kernel(SL6: multiple vulnerabilities), kvm(SL5: two vulnerabilities), and qemu-kvm(SL6: privilege escalation). Slackwarehas updated bind(denial of service), gnupg(multiple vulnerabilities), httpd(multiple vulnerabilities), libssh(two vulnerabilities), firefox(multiple vulnerabilities), thunderbird(multiple vulnerabilities), mutt(denial of service), ntp(two vulnerabilities), openssl(multiple vulnerabilities), php(multiple vulnerabilities), ppp(two vulnerabilities), proftpd(unauthenticated copying of files), qt(multiple vulnerabilities), and seamonkey(multiple vulnerabilities). SUSEhas updated mariadb(SLE12: multiple vulnerabilities).
Security advisories for Wednesday

Version 5.1 of the GNU Compiler Collection is out. "GCC 5.1 is a major release containing substantial new functionality not available in GCC 4.9.x or previous GCC releases."Some of that new functionality includes full C++14 language support, quite a few optimization improvements, partial OpenACCsupport, OpenMP 4.0 support, an experimental JIT library, and more; see the changelogfor details.
GCC 5.1 released

The Daily Dot reportsthat the Tor project is receiving some funding from the US Defense Advanced Research Projects Agency (DARPA) to improve Tor's hidden services. "The Dark Net road map moving forward is ambitious. Tor plans to double the encryption strength of hidden service?s identity key and to allow offline storage for that key, a major security upgrade. Next-generation hidden services may be run from multiple hosts to better deal with denial of service attacks and high traffic in general, a potentially big power boost that further closes the gap between the Dark Net and normal websites."
How Tor is building a new Dark Net with help from the U.S. military (The Daily Dot)

Fedora 22 Beta has been released. It comes in Workstation, Server, and Cloud editions, as well as several spins. This version replaces yum with DNF for package management, as discussed in this recent LWN article. The Cloud edition features the latest versions of rpm-ostree and rpm-ostree-toolbox and introduces the Atomic command line tool. The Server edition features a new database server role based on PostgreSQL, an updated Cockpit, and XFS as the default filesystem. The Workstation product has also seen a number of enhancements and improvements, including a redesigned GNOME Shell notification system, transitional Wayland support, and much more.
Announcing the release of Fedora 22 Beta

Arch Linuxhas updated jdk8-openjdk(multiple vulnerabilities), jre8-openjdk(multiple vulnerabilities), jre8-openjdk-headless(multiple vulnerabilities), and tcpdump(denial of service). CentOShas updated glibc(C6: two vulnerabilities). Debian-LTShas updated python-django-markupfield(information leak). Red Hathas updated glibc(RHEL6: two vulnerabilities) and kernel(RHEL6: multiple vulnerabilities). Scientific Linuxhas updated glibc(SL6: two vulnerabilities). SUSEhas updated Real Time Linux Kernel(SLERTE11 SP3: multiple vulnerabilities). Ubuntuhas updated mysql-5.5(14.10, 14.04, 12.04: multiple vulnerabilities), openjdk-6(12.04, 10.04: multiple vulnerabilities), openjdk-7(14.10, 14.04: multiple vulnerabilities), and php5(14.10, 14.04, 12.04, 10.04: multiple vulnerabilities).
Tuesday's security updates

GNU glibc CVE-2014-7817 Arbitrary Command Execution Vulnerability
Vuln: GNU glibc CVE-2014-7817 Arbitrary Command Execution Vulnerability

Linux Kernel CVE-2014-3687 Denial of Service Vulnerability
Vuln: Linux Kernel CVE-2014-3687 Denial of Service Vulnerability

Linux Kernel 'trace_syscalls.c' Multiple Local Denial of Service Vulnerabilities
Vuln: Linux Kernel 'trace_syscalls.c' Multiple Local Denial of Service Vulnerabilities

Linux Kernel 'espfix64' Local Denial of Service Vulnerability
Vuln: Linux Kernel 'espfix64' Local Denial of Service Vulnerability

TWiki Security Advisory - XSS Vulnerability - CVE-2014-9367
Bugtraq: TWiki Security Advisory - XSS Vulnerability - CVE-2014-9367

TWiki Security Advisory - XSS Vulnerability - CVE-2014-9325
Bugtraq: TWiki Security Advisory - XSS Vulnerability - CVE-2014-9325

Facebook BB #18 - IDOR Issue & Privacy Vulnerability
Bugtraq: Facebook BB #18 - IDOR Issue &Privacy Vulnerability

Mobilis MobiConnect 3G ZDServer v1.0.1.2 - Privilege Escalation Vulnerability
Bugtraq: Mobilis MobiConnect 3G ZDServer v1.0.1.2 - Privilege Escalation Vulnerability

News, Infocus, Columns, Vulnerabilities, Bugtraq ...
More rss feeds from SecurityFocus