Issues on Linux and Security
button Other -->

mp3riot (formerly known as


I decided to rename into mp3riot. the reason is, that the name does not clearly indicate, for what the program is best suited for. Because the program has grown so much (and because the the name should be more attractive to get more users), a renaming seems to be a must to me.

There are some important news about mp3riot / f2htmlpl. Please see the NEWS for further details.


Mp3riot (formerly known as is a command line utility that searches recursively through directories, builds a file list (with additional file information), and generates html files, plylists, etc. The output can be controlled, links can be corrected, and more. The script is mainly desigend to create Web pages, playlists, and databases for mp3-files, but can also used for other purposes.

Read the manual for further details.

Main Features:

  • supports playlists in m3u, pls, and xml format
  • supports sql output
  • creates html pages, templates can be used
  • supports advanced grouping methods
  • supports slection by date ranges, file extensions, and by random
  • supports renaming of mp3 files using id3tag information, templates or guessing can be used
  • advanced string manipulation methods
  • and much more ...


Latest version:

Older versions of mp3riot /

For Windows-Users:

You can also download a windows executable compiled with perl2exe. Then you need not to install perl. But I have not testet the functionality of the executable in detail. So it is best to use perl and the source of mp3riot!

Windows binaries of mp3riot:


perl mp3riot [options]

  • -h, --help: Show this screen and exit
  • -k, --mkconf:Use an assistant to write a config file
  • -o, --os win/unix: Default "unix", otherwise windows
  • -Q, --sortby value: Default is NAME (the filename). You can sort the filelist by the following criteria: URLNAME, SHOWNAME, DIR, NAME, TITLE, ARTIST, ALBUM, YEAR, COMMENT, GENRE, TRACKNUM, SIZE, MODTIME, VBR, BITRATE, FREQUENCY, MINUTES, SECONDS, FIRSTCHAR
  • -n, --doublicates: Check for doublicates of files by their filename
  • -D, --md5doublicates: Check for doublicates of files by their MD5 sum
  • -V, --seekvalues <n,+-n,n>: Three values that have to be seperated by ",". This is an useful option for --md5doublicates. The first one is the offset in bytes, the second is the number of bytes to seek (and the direction), and the last value tells the program where to start from (1 means to start from the begining of a file, 2 means to start from the end of a file. So, a combination of 1000,-1128,2 tells the programm to start 1128 bytes before the file ends (id3v1 tag is 128 bytes long!) and use 1000 bytes for calculation of md5 sums.
  • -b, --dbfile file: Write database to a file for searching it
  • -m --m3u file: Write a m3u playlist file. Directory and filename or GROUPPATH for writing m3u files for groups.
  • -X --xml file: Write a xml playlist file. Directory and filename or GROUPPATH for writing xml files for groups.
  • -L --pls file: Write a pls playlist file. Directory and filename or GROUPPATH for writing pls files for groups.
  • -W, --b4s file: Write a b4s playlist file. Directory and filename or GROUPPATH for writing b4s files for groups.
  • -t, --html file: Write a html file. Directory and filename or GROUPPATH for writing html files for groups.
  • -a, --http name: Define the http address for url
  • -r, --remove: Remove id3tags (do you know what you are doing?)
  • -i, --mp3info: Use mp3/ogg info for html output
  • -e, --ext: Remove file extensions in html output
  • -f, --filesize: Use filesize for html output
  • -c, --check ext: Select files by their extension(s) (e.g. mp3). For every extension use a seperate flag!
  • -z, --skip number: Skip n elements of mount/directories/names
  • -p, --conf file: Use a config file
  • -w, --utf8 file: File with UTF-8 code for replacements in links
  • -q, --nocs: Do sorting not case sensitive
  • -j, --statfile file: Write statistics to file
  • -d, --dir directory: Define the (multiple) directory(ies) the mp3s are stored in. For every directory use a seperate flag!
  • -g, --sql file: Filename to store sql table in (only for mp3 and ogg!)
  • -y, --replace file: Name of replacement file; in the file use <string_1>=<string_2> to transform <string_1> into <string_2>; special characters like a backslash have to be preceeded by a backslash "\\" (used for directories)
  • -s, --seperate path: Write seperate html files for every character
  • -R, --rename: Renames mp3 and ogg file using their id3tag. The use of rename_template in the configfile is optional. If rename_template is not used, the program tries to create a filename like: ARTIST - ALBUM - TRACKNUMBER - TITLE by using the id3tag. It assumes, that the filenames have a similar format and tries to guess, whether the id3tag has enough information to create a better filename. Old and new filenames are stored in RENAME.bak
  • -B, --renameback: Renames files back using the file RENAME.bak
  • -T, --templatesHtml templates are used. They have to be defined in the conmfig file using the commands html_head, html_change, html_body, html_footer, html_sep_head. See the README for avalable templates!
  • -G, --groupfile file: Filename for grouping information: <groupname1>=<TYPE>=<string1>,<string2>,...
  • -P, --grouppath path: The path, where to write the html files for group
  • -O, --older number: Only files are selected, having a modification time higher than the specified days
  • -Y, --younger number: Only files are selected, having a modification time less than the specified days
  • -I, --id3tag: Use the id3 tag to get infos
  • -S, --random number: Percentage of file to select randomly (e.g. 50 to select 50% of files/every second file)
You can use nearly all commands in a config file (and it is the best to do it this way!). The syntax then changes sligthly, so that, for example, --dir changes to dir=
Additionally, in the config file it is possible to use the commands:
  • exec= param: Execute system command. This command can be used multiple times
  • rename_template=string:string with templates for renaming files by their id3tag (to be used together with --rename)
    The following rename templates are available: **TITLE**, **ARTIST**, **ALBUM**, **YEAR**, **COMMENT**, **GENRE**. **TRACKNUM**
  • html_head= string: Html code for the head
  • html_change= string: Html code if the first character between two file names change
  • html_body= string: Html code for each filename
  • html_footer= string: Html code for the foot
  • html_sep_head= string: Html code for the head seperate html files by first character
    The following html templates are available: **SUMOFFILES**, **SUMOFMEGS**, **DATE**, **URLNAME**, **SHOWNAME**, **DIR**, **NAME**, **TITLE**, **ARTIST**, **ALBUM**, **YEAR**, **COMMENT**, **GENRE**, **TRACKNUM**, **SIZE**, **MODTIME**, **VBR**, **BITRATE**, **FREQUENCY**, **MINUTES**, **SECONDS**, **HTMLINDEX**, **FIRSTCHAR**


mp3riot 1.3-20041220

  • extended grouping fuction for all playlistfiles
  • renaming of special characters for filenames og groups
  • support of b4s playlistformat
  • sorting of filelist by various criterias of id3tag, mp3 and
  • file information (e.g. ARTIST, BITRATE etc.)
  • extended output of doublicate function by diretory names
  • added FIRSTCHAR as a value for grouping

mp3riot 1.2-20041007

  • Fixed bug in sql output
  • Flexible search for doublicate files using md5 sums
  • search for doublicates by filenames seperated from search function
  • fixed bug in xml output
  • filesize in html output is now rouded
  • replaced progress bar by counter in percentage
  • added counter for collected files
  • fixed bug in index in html output
  • fixed bug in html output for grouping
  • extended grouping function by new type EQUAL
  • bugfix in pls output

mp3riot 1.1-20030728

  • Renamed into mp3riot
  • Fixed output of playlist in M3U format, so that the M3U file is now containing full information
  • Fixed bug for retreaving the TITLE of an id3tag
  • Added output of playlist in XML format
  • Added output of playlist in PLS format
  • Added random fileselection for random playlists
  • Added the tracknumber for sql output
  • Added **TRACKNUM** (tracknumber) and as a template variable for html output
  • Added TRACKNUM (tracknumber) as a variable for groupings
  • Added tracknumber and comment for db output
  • Fixed bug in renaming function when special characters are present in the id3tag
  • Added rename_template to do renaming of files using their id3tag in a flexible way
  • Fixed a bug in renameback 1.0-20030319

  • Fixed some smaller bugs
  • Rebuild the internal data structure completely
  • Removed option for fast sorting (not necessary any more)
  • Implemented selection of files by their modification time (younger and/or older than days from now)
  • Implemented grouping of files by string matching between group defninitions by various types
  • Implemented variable html-code dsefinitions and templates
  • Changed definition for string replacement
  • now comes with a new version of from MP3-Info-1.02 by Chris Nandor
  • The use of the id3tag for sql and html output is now optional
  • Manpage is not supported any more. 0.9-20030313

  • Fixed a commandline parameter bug where the parameters were handled non case sensitive. Now there are handled case sensitive. As a result the functions RENAME and RENAMEBACK did not work when called with the short command line argument.
  • Fixed a commandline parameter bug that occured with Perl 5.8.0 and Getopt::Long 2.32. The -s flag in line 1 of the perl script causes the program to count the command line parameters in an usual way, so that command line parameters got disturbed and did not work any more. 0.8-20021105

  • Some changes in the documentation.
  • New option to rename files using their id3tag.
  • New option to rename files back.
  • Some code fixes.
  • Usage of the replace option has changed. 0.7-20021016

  • Bug for the option "check" in config file and configuration wizard fixed
  • Bug for the check of the mp3 extension when mp3info was enabled fixed.
  • Bug of sum of megs in html output fixed.
  • Bug in mp3table.sql fixed.
  • Basic ogg vorbis support implemented (thanks to Jens Burkal). 0.6-20020718

  • New method (experimental) for faster sorting. Useful for indexing huge number of files or mp3 files with additional information.
  • New option for checking for dublicates of filenames.
  • Now comes wioth a new version of from MP3-Info-1.01 by Chris Nandor. 0.5-20020626

  • Fixed problem with sql data output when files contain the charakter " ' ".
  • Name of option "hex" changed to "utf8".
  • Implemeted progress bar for prepating html files.
  • More information about what the program is doing. 0.4-20011127

  • Now f2html comes with a new version of from MP3-Info-0.91 by Chris Nandor.
  • Minor Bugfixes.
  • New option to create sql database.
  • New option to create a config file. 0.3-20010628

  • Some checks and corrections for pathnames.
  • Only existing characters are written out at the top of a html file.
  • Rewrite of sum of files and sizes. Important for writing seperate html files for every character.
  • The option -q has been implemented and allows for doing the procedures in a non case sensitive way.
  • The option -j has been implemented. A html file with statistics can be written out. 0.2-20010117

  • The manual has been updated.
  • The option -c has been updated. Now this option can be used more than only one time. So one is able to select file by different extensions. 0.1-20001127

  • Initial release.

back to top

button Whats New
[2005-02-18] mp3riot version 1.3 released
[2004-10-08] mp3riot version 1.2 is out.
[2004-04-30] Added section Bridging
[2004-01-09] working progress on mp3riot version 1.2
FFmpeg leader Michael Niedermayer has announcedhis departure from the project. "I hope my resignation will make it easier for the teams to find back together and avoid a more complete split which would otherwise be the result sooner or later as the trees diverge and merging all improvements becomes too difficult for me to do."
A leadership change at FFmpeg

CentOShas updated java-1.6.0-openjdk(C5; C7: multiple vulnerabilities). Debianhas updated openafs(multiple vulnerabilities) and xmltooling(denial of service). Fedorahas updated libuser(F22: multiple vulnerabilities), openssh(F22: authentication limits bypass; F22: improper output filtering), and xrdp(F22: denial of service). Mageiahas updated groovy(M4, M5: code execution). openSUSEhas updated bind(11.4: multiple vulnerabilities) and openldap2(13.1, 13.2: multiple vulnerabilities). Oraclehas updated java-1.6.0-openjdk(O6; O7: ). Red Hathas updated java-1.6.0-openjdk(multiple vulnerabilities). Scientific Linuxhas updated openafs(multiple vulnerabilities). SUSEhas updated bind(SLES 10: denial of service), java-1_7_0-openjdk(SLE 11; SLE 12: multiple vulnerabilities), java-1_7_1-ibm(SLE 11; SLE 12: multiple vulnerabilities), and kernel(SLE 12: multiple vulnerabilities). Ubuntuhas updated hplip(12.04, 14.04, 15.04: man-in-the-middle attack), kernel(14.04: multiple vulnerabilities), linux-lts-trusty(12.04: multiple vulnerabilities), and sqlite3(12.04, 14.04, 15.04: multiple vulnerabilities).
Friday's security updates

Debconf15, which will be held in Heidelberg, Germany August 15-23, has announced its scheduleas well as four featured speakers: Allison Randal, President, Open Source Initiative and Distinguished Technologist, HP; Peter Eckersly, Chief Computer Scientist, Electronic Frontier Foundation; John Sullivan, Executive Director, Free Software Foundation; and Jon 'maddog' Hall, Executive Director, Linux International. "The DebConf content team is pleased to announce the schedule of DebConf15, the forthcoming Debian Developers Conference. From a total of nearly 100 talk submissions, the team selected 75 talks. Due to the high number of submissions, several talks had to be shortened to 20 minute slots, of which a total of 30 talks have made it to the schedule. In addition, around 50 meetings and discussions (BoFs) have been organized so far, as well as several other events like lightning talk sessions, live demos, a movie screening, a poetry night or stand-up comedy."
DebConf15 schedule and featured speakers announced

Oracle has announced the releaseof Oracle Linux 6.7. As usual this release features both a Red Hat compatible kernel and Oracle's enterprise kernel. Some notable features include Open Security Content Automation Protocol (OpenSCAP), including the oscaputility for enhanced security auditing and compliance, Load Balancing and High Availability with Keepalived and HAProxy, supported under Oracle Linux Premier Support subscriptions, Enhanced SSSD support for Active Directory, and more. See the release notesfor details.
Oracle Linux 6.7 released

Debian-LTShas updated squid3(security bypass). Fedorahas updated drupal7-path_breadcrumbs(F22; F21: cross-site scripting), ecryptfs-utils(F22; F21: password disclosure from 2014), hplip(F21: key verification botch), httpd(F21: multiple vulnerabilities), ipython(F22; F21: cross-site request forgery), libunwind(F21: code execution), libwmf(F21: two denial of service flaws), nx-libs(F22: unspecified vulnerabilities), wpa_supplicant(F21: code execution), and xrdp(F21: denial of service). openSUSEhas updated lxc(13.2; 13.1: two vulnerabilities). Oraclehas updated autofs(OL6: privilege escalation from 2014), bind(OL6; OL6: denial of service), curl(OL6: multiple vulnerabilities, some from 2014), freeradius(OL6: code execution from 2014), gnutls(OL6: two vulnerabilities), grep(OL6: code execution), hivex(OL6: code execution from 2014), ipa(OL6: cross-site scripting from 2010 and 2012), kernel(OL6: multiple vulnerabilities, some from 2014), kernel 3.8.13(OL7; OL6: three vulnerabilities, one from 2014), libreoffice(OL6: code execution), libuser(OL6: privilege escalation), libxml2(OL6: two vulnerabilities, one from 2014), mailman(OL6: two vulnerabilities, one from 2002), net-snmp(OL6: denial of service from 2014), ntp(OL6: three vulnerabilities), pki-core(OL6: cross-site scripting), python(OL6: two vulnerabilities from 2013 and 2014), sudo(OL6: information disclosure from 2014), wireshark(OL6: multiple vulnerabilities, some from 2014), and wpa_supplicant(OL6: denial of service). SUSEhas updated bind(SLE11SP1: denial of service). Ubuntuhas updated ghostscript(15.04, 14.04, 12.04: code execution), openjdk-7(15.04, 14.04: multiple vulnerabilities), pcre3(15.04, 14.04, 12.04: multiple vulnerabilities, one from 2014), and tidy(15.04, 14.04, 12.04: two vulnerabilities).
Security updates for Thursday

Here are a couple sad notes from the Ada Initiativeand the Apache Software Foundationon the abrupt passing of Nóirín Plunkett. "Throughout Nóirín's time at the Foundation she was an Apache httpd contributor, ASF board member, VP and ApacheCon organizer. Nóirín's passionate contributions and warm personality will be sorely missed. Many considered Nóirín a friend and viewed Nóirín's work to improving 'Women in Technology' asa great contribution to this cause."
Mourning Nóirín Plunkett

The Weekly Edition for July 30, 2015 is available.
[$] Weekly Edition for July 30, 2015

[Tizen IVI test car]In November of 2013, I decided to undertake a garage-hacking project and build an in-vehicle infotainment (IVI) Linux box for my own car. Motivated hobbyists have done such things for years, of course. But, after having followed the development of various automotive Linux projects (such as GENIVIand Tizen IVI), I wanted to put them to the test, rather than simply stuff a Raspberry Pi into the glove compartment and run Rhythmbox on a tiny screen on the dashboard. Interesting developments were happening at automakers and software vendors, and they were worth exploring. It turned out to be a rather large project, so to cover it fully will take more than one installment. The first major milestone involves understanding the unique hardware, power, and boot requirements of an IVI unit (as well as finding a distribution that fits the bill).
[$] Building a Tizen IVI test experience

Arch Linuxhas updated bind(denial of service), pacman(man-in-the-middle attack), and qemu(multiple vulnerabilities). CentOShas updated bind(C7; C5: denial of service) and bind97(C5: denial of service). Debianhas updated bind9(denial of service). Debian-LTShas updated apache2(denial of service) and bind9(denial of service). Fedorahas updated elfutils(F21: unspecified vulnerabilities), haproxy(F22; F21: information leak), hplip(F22: man-in-the-middle attack), libidn(F22; F21: information disclosure), php(F21: multiple vulnerabilities), roundcubemail(F22; F21: multiple vulnerabilities), subversion(F21: multiple vulnerabilities), and wpa_supplicant(F22: denial of service). Mageiahas updated ansible(MG4,5: two vulnerabilities), freeradius(MG4,5: insufficient certificate verification), openssh(MG4,5: authentication limits bypass), python-django(MG4,5: multiple vulnerabilities), and springframework(MG5: denial of service). Oraclehas updated bind(OL7; OL5: denial of service) and bind97(OL5: denial of service). Red Hathas updated bind(RHEL6,7; RHEL5: denial of service), bind97(RHEL5: denial of service), and qemu-kvm-rhev(RHOSP5,6: two vulnerabilities). Scientific Linuxhas updated bind(SL5: denial of service) and bind97(SL5: denial of service). Slackwarehas updated bind(denial of service). SUSEhas updated bind(SLE12; SLE11SP3,4: denial of service). Ubuntuhas updated bind9(15.04, 14.04, 12.04: denial of service) and qemu(15.04, 14.04: multiple vulnerabilities).
Security updates for Wednesday

Matt Thompson talks with Allen Gunn, Executive Director of Aspiration, at "I think you lead with a very earnest form of humility. The best forms of open are lovingly subversive, in that they draw others to form their own conclusions about the benefit of open rather than beating them over the head with it."
Roadies vs. rock stars: The art of open leadership (

CentOShas updated clutter(C7: screen lock bypass) and qemu-kvm(C7: two vulnerabilities). Debian-LTShas updated icu(code execution). Mageiahas updated chromium-browser(MG4,5: multiple vulnerabilities), expat(MG4,5: denial of service), icu(MG5; MG4: denial of service/code execution), stunnel(MG5: authentication bypass), thunderbird(MG4,5: multiple vulnerabilities), wesnoth(MG5; MG4: information leak), and wordpress(MG4: two vulnerabilities). Oraclehas updated clutter(OL7: screen lock bypass) and qemu-kvm(OL7: two vulnerabilities). Red Hathas updated clutter(RHEL7: screen lock bypass). Scientific Linuxhas updated clutter(SL7: screen lock bypass) and qemu-kvm(SL7: two vulnerabilities). SUSEhas updated xen(SLE12; SLE11SP4: two vulnerabilities). Ubuntuhas updated apache2(15.04, 14.04, 12.04: two vulnerabilities), kernel(15.04; 14.04: multiple vulnerabilities), linux-lts-trusty(12.04: multiple vulnerabilities), linux-lts-utopic(14.04: multiple vulnerabilities), and linux-lts-vivid(14.04: multiple vulnerabilities).
Tuesday's security updates follows upwith the Dronecode Foundation, which was founded in October 2014. "In the past year, Dronecode's developer community has grown from 1,200 to more than 2000 contributors, with more than 12,000 commits in the codebase. The rate of development is rapid with 1,000 commits being reviewed a month, with well over 2 million lines of code across the various Dronecode projects. Developers from Qualcomm, Intel, Parrot, Yuneec and many others are actively engaged in the development of the Dronecode technology stack. As a result, updates, new releases and project milestones are in motion all the time. For example, in late May, the APM project released version 3.3 of its flight code, and the PX4 project reached a milestone with the first RC candidate for release 1.0."
The Dronecode Foundation aims to keep UAVs open (

Here is an article on the "Threatpost"siteabout a set of remotely exploitable media-library vulnerabilities present on vast numbers of Android devices. "An attacker in possession of their target?s phone number could send an MMS or even a Google Hangouts message to an affected device that triggers the vulnerability before the victim has a chance to open the message. In some cases, the attack would delete the MMS in question, leaving behind only a notification that a message was sent."
The Android "Stagefright"vulnerability

Debianhas updated expat(code execution), lxc(two vulnerabilities), and openjdk-7(multiple vulnerabilities). Debian-LTShas updated expat(code execution), ghostscript(buffer overflow), and lighttpd(man-in-the-middle attack). Mageiahas updated apache(MG4,5: two vulnerabilities), java-1.8.0-openjdk(MG5: multiple vulnerabilities), libuser(MG4,5: two vulnerabilities), and mariadb(MG4,5: multiple vulnerabilities). openSUSEhas updated cacti(13.2, 13.1: SQL injection), Chromium(13.2, 13.1: multiple vulnerabilities), java-1_7_0-openjdk(13.2, 13.1: multiple vulnerabilities), and java-1_8_0-openjdk(13.2: multiple vulnerabilities). Red Hathas updated chromium-browser(RHEL6: multiple vulnerabilities) and qemu-kvm(RHEL7: two vulnerabilities).
Security advisories for Monday

The fourth 4.2 prepatchis out for testing. Linus says: "I really wish that things were calming down, but it hasn't happened quite yet. It's not like this is particularly big or scary, but it's also not at the stage where it's really starting to get quiet and the bugs are really small and esoteric."
Kernel prepatch 4.2-rc4

redcarpet CVE-2015-5147 Stack Buffer Overflow Vulnerability
Vuln: redcarpet CVE-2015-5147 Stack Buffer Overflow Vulnerability

Novius OS 'tab' parameter Local File Include Vulnerability
Vuln: Novius OS 'tab' parameter Local File Include Vulnerability

Oracle Java SE CVE-2015-0488 Remote Security Vulnerability
Vuln: Oracle Java SE CVE-2015-0488 Remote Security Vulnerability

Debian OpenJDK CVE-2014-8873 Remote Code Execution Vulnerability
Vuln: Debian OpenJDK CVE-2014-8873 Remote Code Execution Vulnerability

HP ArcSight Logger provides incorrect/invalid/incomplete results for queries with boolean operators
Bugtraq: HP ArcSight Logger provides incorrect/invalid/incomplete results for queries with boolean operators

[SECURITY] [DSA 3321-1] xmltooling security update
Bugtraq: [SECURITY] [DSA 3321-1] xmltooling security update

viagra generic singapore
Bugtraq: viagra generic singapore

[SECURITY] [DSA 3320-1] openafs security update
Bugtraq: [SECURITY] [DSA 3320-1] openafs security update

News, Infocus, Columns, Vulnerabilities, Bugtraq ...
More rss feeds from SecurityFocus