I've removed qgpgme-format-security.patch as version 1.10.0 already
contains it:
git tag --contains=5d4f977dac542340c877fdd4b1304fa8f6e058e6
Everything rebuilds fine so far.
Upstream release notes (Noteworthy changes in version 1.10.0):
* Now returns more specific error codes for decryption to distinguish
between bad passphrase, user canceled, and no secret key.
* Now returns key origin information if available.
* Added context flag "auto-key-retrieve" to selectively enable the
corresponding gpg option.
* Added flag is_de_vs to decryption and verify results.
* py: Use SEEK_SET as default for data.seek.
* cpp: Various new APIs.
* Reduced spawn overhead on Linux again. Added new configure option
--disable-linux-getdents to disable this feature for very old
Linux versions.
* Improved the Python bindings build system.
* Made the test suite less fragile.